Hardware Attacks: The Art of Disguise

Hardware Attacks

Hardware attacks go under the radar of existing security software. The lack of physical layer visibility allows bad actors to bypass security solutions such as NAC Solutions, EPS, IDS, and IoT Network Security, with rogue devices. But, adding to the challenge of detecting rogue devices is their deceptive appearance. Hence, these tools go under the radar of human suspicion, too.

Hardware Attacks Deceive the Human Eye

Humans are organizations’ greatest security risk – mainly careless, negligent, or unaware employees. Negligent insiders are responsible for 62% of all incidents according to a study by Proofpoint (2022 Cost of Insider Threats: Global Report). When it comes to hardware-based attacks in cyber security, the risk increases significantly due to the lack of education and awareness surrounding this security domain. Staff tend to attach peripherals to their devices without any cybersecurity considerations. This is a vulnerability exploited by the deceptive appearance of hardware attack tools. Either the tool itself is designed not to raise suspicion, or it gets embedded within another unsuspecting device. In doing so, it is almost impossible for the human eye to identify the device as malicious or even questionable.

Below is a list of some of the ways hardware attacks deceive the human eye.

Hardware Attacks

Hardware Attacks Happen Through your Everyday Devices

Malicious Tools in your Mouse & Keyboard

Attackers can hide their malicious tools by implanting them within a mouse or keyboard. A device known as a Raspberry Pi is small enough to hide inside either one of these HIDs, completely evading human detection. Despite not being designed for such purposes, the Raspberry Pi can be a harmful attack tool due to its computer-like capabilities and keyboard emulation function. From here, the device can steal data, perform network packet sniffing, carry out a man in the middle attack, and partake in various other treacherous hardware attacks.

Using an iPhone Charger as an Attack Tool

A NinjaCable is an USB attack tool that looks exactly like a USB iPhone charger yet causes significant damage to the victim (Bad USB Devices). The concept of the NinjaCable is not novel. Its design is based on a tool once used by the NSA called COTTONMOUTH. With the NinjaCable, malicious actors easily bypass human suspicion. The device functions as a regular iPhone charger as the attack (ransomware injection, data theft, etc) is carried out. The NinjaCable stands as a prized asset among malicious actors, chiefly due to its simplicity of deployment, which greatly contributes to its appeal in perpetrating hardware attacks.

Firstly, no one questions the intention of an iPhone charger. If your phone is dead at the office, you will likely pick up the charger closest to you, not pausing to question whether it is a harmful attack tool. Secondly, since our phones provide us with constant connection to the office – whether we want it or not – the perpetrator can target victims at any location, thereby expanding the attack surface. Rather than finding a way to implant a NinjaCable within the organization, attackers can manipulate public charging kiosks. Here, unsuspecting victims innocently (and often hastily) plug in their phones with the single focus of giving their device some juice. This attack is fittingly known as “juice jacking” and provides the cybercriminal access to the work-related (or personal) data stored on the phone.

Utilizing a Malicious USB Thumb Drive

How could you tell the difference between a regular USB thumb drive and a malicious one? The answer is: you couldn’t. The thumb drive sent to a hospitality company in the mail disguised as a Best Buy gift looked like any other USB drive yet was a bad USB ridden with malware. Devices like the RubberDucky appear to be regular USB thumb drives yet have been manipulated to act maliciously. By functioning like a keyboard, the rogue USB stealthily injects keystrokes at superhuman speeds that launch encoded commands. This enables them to execute code, pilfer data, infuse malware, and carry out various other nefarious hardware attacks – all while maintaining the facade of an innocuous USB device.

Hardware Attack Tools are Invisible and Invincible

The inconspicuous appearance of rogue devices makes them an even more threatening hardware attack tool than they already are. In addition to operating below the radar of existing security solutions, rogue devices bypass any possible human form of security. And once inserted, attackers essentially have free reign and complete access to the organization. Even the most advanced security models, such as Zero Trust, are ineffective in protecting the enterprise from hardware-based attacks.

In fact, the discrete nature of rogue devices allows them to move laterally throughout the organization, completely undermining the Zero Trust security protocols of microsegmentation and the principle of least privilege. Essentially, what we are dealing with are devices that raise no suspicion to the human eye, go undetected by legacy security software, and carry out a range of harmful hardware attacks on their target. But, if you thought that all hope is lost, there is a solution to such challenges – nothing is invincible.

Sepio is a Worthy Opponent

Invincible rogue devices have met their match. Sepio has developed a solution to provide a panacea to the gap in device visibility through physical layer fingerprinting. As the leader in Rogue Device Mitigation (RDM), Sepio identifies, detects, and handles all peripherals. No device goes unmanaged. Moreover, Sepio’s policy enforcement mechanism and Rogue Device Mitigation capabilities instantly block any unapproved or hardware attacks. In doing so, the risk of employee carelessness concerning rogue devices gets significantly reduced.

This is a huge weight lifted off organizations’ shoulders as rogue devices challenge the awareness of even the most alert staff members. Additionally, the solution’s deep visibility capabilities and integration with existing solutions, such as NAC, EPS, SIEM, etc. ensure that organizations get the most out of their cybersecurity investments. As a result, with Sepio, clients benefit from a Zero Trust Hardware Access approach: protection at the first line of defense.

Sepio Doesn’t Probe Network Traffic

Sepio doesn’t probe network traffic or use any discovery protocols. This means that no proprietary data gets monitored, allowing for easy deployment. In just 24 hours, the threat of employee negligence gets reduced, while the overall cybersecurity posture gets enhanced. Employees might be the greatest asset to an organization, but they are also the greatest cost. Let us help you reduce the latter.

See every known and shadow asset. Prioritize and mitigate risks.
Talk to an expert. It will help you understand how to use Sepio’s patented technology to gain control of your asset risks.

August 30th, 2021