Hacking the Belkin E Series Omniview 2-Port KVM Switch

IPP — Wed, 05 Apr 2017 06:44:37 +0000

Too frequently security professionals only consider software vulnerabilities when considering the risks of connecting devices to their networks and systems. When it comes to considering potential risks of connected devices and the Internet of Things, not only must security professionals consider potential vulnerabilities in the software and firmware of these systems, but also physical vulnerabilities in hardware. This document considers the potential risk posed by hardware modification of seemingly innocuous hardware devices attached to critical systems, by showing how a simple KVM switch can be modified for use as a key logger.

Talos_BelkinWhitePaper.final_.pdf
April 5, 2017

547.3 KiB
MD5 hash: 20411b5e5d2ff1c17d09b73ded5172c6
Details

HackingBelkinKVMSwitch.zip
April 5, 2017

15.5 KiB
MD5 hash: f1bbdcd02742a66a6234f9f31b388227
Details

The post Hacking the Belkin E Series Omniview 2-Port KVM Switch appeared first on Portcullis Labs.

Raspberry ph0wn

FC — Tue, 11 Mar 2014 06:28:45 +0000

Recently the technical team had a discussion about subversive attack vectors that could be utilised by social engineering attacks to provide a long term remote connection to a network whilst remaining undetected.

After a spark of inspiration and half an evening later the following device was made as a proof of concept.

We took an ordinary desk VoIP phone and opened it up (voiding warranties is so heart warming).

Plain desk phone

As you can see there is a lot of spare room inside a modern phone, hiding a device in one of these is going to be easy.

Open phone

In order for this device to work undetected we needed a way to connect the device to the target’s network and also a way to power the device, thankfully both solutions are already present. Power was provided by hacking a micro USB cable end off and soldering directly to the power board of the phone which coincidently was running 5 volts, exactly what we needed to run the Raspberry Pi.

Ideally we would have taken the time to cross solder the RJ45 connector, however as this was a proof of concept, an additional RJ45 socket was soldered into place.

Added RJ45

RJ45 port in place

Power attached

Powered up the device now acts as both a VOIP phone and powers up the Raspberry Pi, the POC device uses two network cables but in the real world the Pi would be attached to the same singular network point.

Powerd Ph0wn

Finally we moved the speaker and attached a USB webcam to provide simple voice/video as well as a wireless adapter.

USB webcam

Put back together it is impossible to see that inside is a perfect remotely accessible device plugged directly onto the target’s network.

Completed Ph0wn POC

The post Raspberry ph0wn appeared first on Portcullis Labs.

Portcullis Labs » social engineering

Hacking the Belkin E Series Omniview 2-Port KVM Switch

Raspberry ph0wn