Tag Archives: warshipping

IBM Creates “Warshipping” Proof of Concept Device

Earlier this year I detailed a new method for an attacker to compromise an organisation by means of a modified smartphone charging cable. Today we see another method to compromise an organisation using an even more common means; the postal mail.

Why should this attack method be considered important?
Virtually every organisation receives postal mail with packages being commonplace. An attacker could send an anonymous package with one of the devices the IBM X-Force team created. The device was a small motherboard (defined) with 3G, WiFi and GPS built-in. It can be activated remotely over the internet and report its position via GPS and then instructed to scan for vulnerable network devices to attack.

It’s used to obtain the credentials of a corporate WiFi network. Once complete the device seeks to pivot using other vulnerable devices on the network to eventually compromise the network (also achieving persistence) and exfiltrate data or any other action of the attacker’s choice.

An attacker no longer needs to scout premises before trying to infiltrate it. They can just send a parcel to do it for them.

How can I protect my organisation or myself from this?
For an organisation; you can prohibit employees from having personal packages shipped to their office. A much more rigorous and expensive option which is unlikely to be favoured would be to scan all deliveries with an RF scanner.

Other suggestions to counter this device are detailed in IBM’s blog post.

Thank you.