Docking Stations Under Attack

Monday, February 4, 2013 @ 08:02 PM gHale

Even a docking station can suffer from a cyber attack.

A determined attacker can target these devices and just go from there, said a British researcher who will show off the exploit next month at Black Hat Europe.

FTC: Apply ‘Do Not Track’
Compromised Sites Malware Leader
DDoS Attacks Steady; Others on Rise
Users a Top Security Threat

Andy Davis, research director for U.K.-based NCC Group, built a prototype hardware device that can easily go inside a laptop docking station to sniff traffic and, ultimately, steal sensitive corporate communications information from the laptop.

“You see docking stations all over the place in organizations because people are using hot-desking type environments, so different laptops can be attached to [the docks] each day,” Davis said. “And they are considered a trusted part of the infrastructure: Nobody thinks someone might tamper with one or swap one for another. Admins are more concerned with protecting your laptop: That’s where the money is and the information.”

Davis said docking stations, which usually do not end up physically secured, can easily end up rigged with rogue devices that intercept everything from data traffic to USB devices to softphones to videoconference traffic, even if it’s encrypted.

The attacker would need physical access to the docking station, which Davis found has plenty of open space in its internals.

He built his proof-of-concept with a Dell docking station — only because it’s one his company uses — and a single-board Raspberry Pi computing device running Wireshark, which he inserted inside the docking station itself. Adding the hardware was simple: The docks have plenty of open space in their internals, Davis said.

With a permanent connection to the network and a power supply, these devices could be an attractive entry for a targeted attack, he said.

Leave a Reply

You must be logged in to post a comment.