Portcullis Labs » social engineering https://labs.portcullis.co.uk Research and Development en-US hourly 1 http://wordpress.org/?v=3.8.5 Hacking the Belkin E Series Omniview 2-Port KVM Switch https://labs.portcullis.co.uk/whitepapers/hacking-the-belkin-e-series-omniview-2-port-kvm-switch/ https://labs.portcullis.co.uk/whitepapers/hacking-the-belkin-e-series-omniview-2-port-kvm-switch/#comments Wed, 05 Apr 2017 06:44:37 +0000 https://labs.portcullis.co.uk/?p=5726 Too frequently security professionals only consider software vulnerabilities when considering the risks of connecting devices to their networks and systems. When it comes to considering potential risks of connected devices and the Internet of Things, not only must security professionals consider potential vulnerabilities in the software and firmware of these systems, but also physical vulnerabilities […]

The post Hacking the Belkin E Series Omniview 2-Port KVM Switch appeared first on Portcullis Labs.

]]>
Too frequently security professionals only consider software vulnerabilities when considering the risks of connecting devices to their networks and systems. When it comes to considering potential risks of connected devices and the Internet of Things, not only must security professionals consider potential vulnerabilities in the software and firmware of these systems, but also physical vulnerabilities in hardware.  This document considers the potential risk posed by hardware modification of seemingly innocuous hardware devices attached to critical systems, by showing how a simple KVM switch can be modified for use as a key logger.

Talos BelkinWhitePaper Final
547.3 KiB
MD5 hash: 20411b5e5d2ff1c17d09b73ded5172c6
Details
HackingBelkinKVMSwitch
15.5 KiB
MD5 hash: f1bbdcd02742a66a6234f9f31b388227
Details

The post Hacking the Belkin E Series Omniview 2-Port KVM Switch appeared first on Portcullis Labs.

]]>
https://labs.portcullis.co.uk/whitepapers/hacking-the-belkin-e-series-omniview-2-port-kvm-switch/feed/ 0
Raspberry ph0wn https://labs.portcullis.co.uk/blog/raspberry-ph0wn/ https://labs.portcullis.co.uk/blog/raspberry-ph0wn/#comments Tue, 11 Mar 2014 06:28:45 +0000 https://labs.portcullis.co.uk/?p=3825 Recently the technical team had a discussion about subversive attack vectors that could be utilised by social engineering attacks to provide a long term remote connection to a network whilst remaining undetected. After a spark of inspiration and half an evening later the following device was made as a proof of concept. We took an […]

The post Raspberry ph0wn appeared first on Portcullis Labs.

]]>
Recently the technical team had a discussion about subversive attack vectors that could be utilised by social engineering attacks to provide a long term remote connection to a network whilst remaining undetected.

After a spark of inspiration and half an evening later the following device was made as a proof of concept.

We took an ordinary desk VoIP phone and opened it up (voiding warranties is so heart warming).

Plain desk phone
image-3826

Plain desk phone

As you can see there is a lot of spare room inside a modern phone, hiding a device in one of these is going to be easy.

Open phone
image-3827

Open phone

In order for this device to work undetected we needed a way to connect the device to the target’s network and also a way to power the device, thankfully both solutions are already present. Power was provided by hacking a micro USB cable end off and soldering directly to the power board of the phone which coincidently was running 5 volts, exactly what we needed to run the Raspberry Pi.

Ideally we would have taken the time to cross solder the RJ45 connector, however as this was a proof of concept, an additional RJ45 socket was soldered into place.

Added RJ45
image-3828

Added RJ45

RJ45 port in place
image-3829

RJ45 port in place

Power attached
image-3830

Power attached

Powered up the device now acts as both a VOIP phone and powers up the Raspberry Pi, the POC device uses two network cables but in the real world the Pi would be attached to the same singular network point.

Powerd Ph0wn
image-3831

Powerd Ph0wn

Finally we moved the speaker and attached a USB webcam to provide simple voice/video as well as a wireless adapter.

USB webcam
image-3832

USB webcam

Put back together it is impossible to see that inside is a perfect remotely accessible device plugged directly onto the target’s network.

Completed Ph0wn POC
image-3833

Completed Ph0wn POC

The post Raspberry ph0wn appeared first on Portcullis Labs.

]]>
https://labs.portcullis.co.uk/blog/raspberry-ph0wn/feed/ 0