Sneaking past the air gap

It occurred to me a few days ago that there is a simple way past many security systems in this semi-Internet-of-Things time.

There are a large number of devices that use an SDcard, USB device or other removable storage media.

There is an old attack where a specially prepared USB stick is dropped in our near the target, in the hope that some authorised person will walk it through the paw put it into a PC, allowing the malware (normally a Remote Access Tool) onto the system, behind the firewall and locked doors.

However, I’ve yet to hear of someone targeting a standalone device such as a digital camera or standalone CCTV device’s internal media.

Normally these are pretty much unsecured. They may be high up on a wall, or hidden somewhere, but rarely do they have any sort of lock. Mostly these days they use SD cards. They are a valuable second line of defence, as they are immune to power failure, network intrusion, even burning down the building would often leave them free to record!

So, if the attacker can locate one of these devices, they can pop out the card and tamper with it. Faking timestamps, erasure of evidence of their attendance, even adding fake evidence. All fairly obvious. But they could also add malware to the card, in just the same way as it is added to USB drives.

Further, a really clued-up attacker could re-write the firmware, so that it always infected any card used.

So be aware of that. Make sure your security overlaps. The physical and IT security worlds are forever getting closer, & exploiting one to beach the other is becoming very common.

Leave a Comment

Your email address will not be published. Required fields are marked *

Call Now Button Scroll to Top