As if ransomware and state-sponsored hacking campaigns didn’t give enterprises enough cause for concern, there’s now yet another cybersecurity threat to reckon with: “warshipping.”

That’s the name IBM Corp.’s X-Force Red group has given to a creative hacking method it detailed today. The group helps IBM’s enterprise customers probe their networks for security weaknesses and also researches new methods that cyber criminals may use to carry out attacks.

When a hacker doesn’t find a weakness in a network, warshipping can allow them to create one. The basic idea is to build a remote-controlled device capable of launching a cyberattack and physically mail it to the victim. The technique exploits the fact that companies don’t always thoroughly check the packages passing through their mailrooms, especially when they come in an innocuous-looking box bearing the logo of a supplier or popular e-commerce site.

Warshipping has already been successfully tested in the field. In a blog post, X-Force Red head Charles Henderson wrote that his team used the technique to defeat the defenses of several corporate networks as part of penetration testing work done for customers.

The researchers pulled it off with a simple hand-built computer they cobbled together from off-the-shelf components. The device, which cost about $100 to assemble, consisted of a single circuit board packing a 3G modem for communicating with a remote-control server and executing attacks. 

“While in transit, the device does periodic basic wireless scans, similar to what a laptop does when looking for Wi-Fi hotspots. It transmits its location coordinates via GPS back to the C&C [command and control server,” Henderson detailed.

“Once we see that a warship device has arrived at the target’s front door, mailroom or loading dock, we are able to remotely control the system and run tools to either passively or actively attempt to attack the target’s wireless access,” he elaborated. “The goal of these attacks is to obtain data that can be cracked by more powerful systems in the lab.”

One way a warshipping device can facilitate cyberattacks is by intercepting the initial packets that an employee device such a phone sends to a company’s network when it establishes a wireless connection. This data is usually encrypted but can theoretically be unscrambled to obtain the Wi-Fi password. A warshipping device can also deploy a decoy Wi-Fi network to fool users into entering their login credentials. 

“Once we broke in via the Wi-Fi access, we could then seek to pivot by exploiting existing vulnerabilities to compromise a system, like an employee’s device, and establish a persistent foothold in the network,” Henderson wrote. 

Photo: Unsplash