What's lurking in your corporate airspace?
Seeing high profile research announcements in the weeks leading up to the infamous Black Hat and DefCon conferences is common. This year, our research team was getting pretty excited about ProxyHam, that is, until it was mysteriously pulled from the DefCon line up. The device claimed to be able to use a 900 megahertz radio link to give anonymous access to a WiFi network from 2 miles away. In more plain language, a person could conduct illicit business over the Internet from his home, but appear as if he’s sitting in a Starbucks down the street. Ultimately, ProxyHam would make a user impossible to identify and track. But, in true hacker style, the presenter dropped the demonstration without explanation. It’s a bit odd that the paper was even accepted, since ProxyHam is more of a combination of Commercial Off-the-Shelf Products than custom hardware/software that is usually on display at DefCon.
With ProxyHam’s sudden disappearance a couple weeks behind us, researcher Samy Kamkar decided to revive the project and give ProxyHam a bit of an update. Kamkar released his version, called ProxyGambit, online just weeks before the Vegas conference season kicks off. For $238, anyone can build the location concealing device and Samy’s version extends the reach of anonymity to 10 kilometers, with an option to add a 2G GSM component that - in theory - allows you to access the ProxyGambit from anywhere in the world. Kamkar cautions that this is a proof of concept, but that didn’t stop our research team from using the plans to build one of their own. Of course (here comes the trite plug for our research team), you’ll have to wait until DefCon’s IoT Village to see what we do with it.
The intent of ProxyGambit seems to be on increasing privacy but attackers can repurpose the technology for nefarious use; it is possible to exfiltrate data from a corporate network over ProxyGambit’s 900 mGZ or GSM channels and this would go completely undetected by traditional IT security infrastructure. In much the same way a freedom fighter could plant a ProxyGambit in a coffee shop and get increased geolocational privacy, an attacker could leave behind a ProxyGambit style device to gain access to enterprise wifi or wired networks. Couple this with the original intent of keeping anonymity on the Internet and you have just created the perfect crime - limitless distance from the intrusion point.
Thankfully, it would appear as if the research community is starting to catch on to the increasing threat of using low-tech in an effort to target high-value environments. Just yesterday, Wired ran a follow up story on Israeli researchers that claim to be able to breach an air-gapped machine using RF. They upped their game since I wrote a blog on their original research. Instead of needing a smartphone to read video card transmissions, they’ve been able to accomplish the same attack with a dumb phone using a 2G network. It won’t dump down massive data like the Sony breach, but it could intercept passwords that could be used to access sensitive data environments. And all of this wouldn’t sound a single alarm.
The point of all of this is to illustrate that the level of cyber threats is increasing. Critical infrastructure and corporate networks will become softer targets as their environments get more porous with the addition of IoT. As long as there is money to be made in cyber crime, hackers will develop new exploits and new vectors to gain access to what they want. For now, the good guys seem to be staying one step ahead, but as IoT continues to connect our everyday lives to the Internet, these connections have the potential to bring in the bad guys and they will gain access through means that won’t always be detectable.
I’m looking forward to this year’s Vegas run. I hope you’ll check out what we’re doing at DefCon’s IoT Village - if nothing else we’ll get to see if ProxyGambit lives up to the hype.