Phone Home Devices

[Irongeek]

The kinds of devices I’m talking about may have another name, I’m just calling them Phone Home Devices because of the old Dreamcast Phone Home project. PHD is a small computer system that an attacker drops off internally on a target network. A cracker walks into an institution, plants his PHD into the Wi-Fi or cabled network, then walks away. The PHD is setup with the tools the cracker needs and is set to “Phone Home” and shovel a shell (using something like Netcat) back to one of the crackers boxes. Since the connection is established from inside of the firewall/NAT box it has a good chance of getting out if the firewall rules are not strict. It’s also useful as a leap stone to attack other networks anonymously. A good PHD will have the following features:

1. Run a good OS that had a TCP/IP stack and ports of tools like Netcat and sniffers.
2. Be cheap, since it is being left at a remote installation and the cracker may never get a chance to retrieve it.
3. Be small enough not to be noticed when hooked to the network.

I know devices like a Zaurus or a home router that runs Linux could be made into good PHDs, any other ideas? It has to be cheap. Anyone know of a way to make your own firmware for an HP printer server to make it do the same kind of thing? Let me hear your thoughts.

[muert0]

If bluetooth could be run in the background it seems in theory you could plug a bluetooth usb dongle in the back of a computer. And plug a cheap pda with the tools you wanted in behind a desk. Not really sure if there are security tools you can use with bluetooth though.

[Irongeek]

Because some concern was expressed to me in a private message about this question I will also post my response here:

I’m just curious as to how feasibility an attack these kinds of devices would be. I’m not intending to deploy one except on one of my own networks to test the concept. Glad to people are saying nice things, hopefully some day I will be able to read them.

[thread_killer]

Well, I'm by no means an expert in the embedded arena, but I did, however, read a book once called Embedded Linux. I can't find the author at the moment, but I specifically remember thinking how easy exactly such a device would be to make.

Here is a link to amazon with books on the same subject.

Here is a website on the subject. And here is another.

I definately think that embedding would be the way to go. Another thought I've had on this is rather than try to compromise the physical security of a company, all their WAN data is going to be headed out of leased lines, and phone pedestals outside are rarely secure. Pop the pedestal, insert device, and walk away. I don't know how much you know about telecommunications...but I would think an effective embedded device could be built into a standard butt-set. That way, when the phone company comes out to work on the pedestal and discovers your device, they'll think it was just left there by an absent-mided repair man. For that matter, DMARC's are often co-lo'ed with MDF's. A butt-set might be pretty inobtrusive there as well. Or if you get really small...a tone generator. Hmmm....I'm getting new ideas already.

As far as trying to sniff a Wi-fi network....tosh. Too easy. An embbeded 'black box' (home made and cheap) and an AP in the plenum space. The expensive part would be the recording device outside the premises to log what you intercept. A laptop will suffice with you in the parking lot for periodic monitoring, but for 24/7 snooping you'll need to get a bit more creative.