Passive Exploits and Geographic Limits

John Bambenek had a great post over at the ISC a few days ago about the importance of patching and mitigating against “passive exploits” (i.e. Man in the Middle attacks, KARMA, Airpwn, etc). John certainly raises some very good points, and I agree with him whole heartedly. As security professionals, we need to remain vigilant in protecting and patching against these threats.

However I’d like to disagree with a few points. I’m not of the belief that passive attacks limit the attacker to a geographic location.

Take this theoretical example: I’m an evil hacker somewhere in Europe (apologies in advance to our European readers), and I happen to compromise some defenses at some coffee shop in the Midwest USA (apologies…). Now, through the compromised coffee shop network, I’m able to configure their servers and or firewall to do my bidding, such as MiTM attacks. I’m also able to discover that the wireless APs that the coffee shop is using, have some sort of open source component to them in which I can port some of those passive attack tools too – say KARMA or Airpwn.

What about compromising the clients attached to the coffee shop wireless network directly? Compromise those hosts, upload a Virtual Machine and set up KARMA and/or Airpwn on the VM running on a victim. Now when those victims leave the coffee shop and fire up their laptop elsewhere, their geographic location has changed, and is now compromising more hosts.

Now, those examples do pose some significant technical problems: Lack of appropriate drivers and code to make those attacks work on Access Points, small, hide-able VMs with appropriate PCMCIA support, etc. But, isn’t our job to think about the future? I can see a works when, in some shape or form, all of those technological hurdles will not exist.

Let’s start thinking about these type of threats NOW, instead of reacting to them later. In a world where everything has wireless, and everything is internet connected, doesn’t the example seem reasonable? Please share your thoughts.

– Larry

Larry Pesce

Larry’s core specialties include hardware and wireless hacking, architectural review, and traditional pentesting. He also regularly gives talks at DEF CON, ShmooCon, DerbyCon, and various BSides. Larry holds the GAWN, GCISP, GCIH, GCFA, and ITIL certifications, and has been a certified instructor with SANS for 5 years, where he trains the industry in advanced wireless and Industrial Control Systems (ICS) hacking. Larry’s independent research for the show has led to interviews with the New York Times with MythBusters’ Adam Savage, hacking internet-connected marital aids on stage at DEFCON, and having his RFID implant cloned on stage at Shmoocon. Larry is also a Principal Instructor and Course Author for the SANS Institute for SEC617: Wireless Penetration Testing and Ethical Hacking and SEC556: IoT Penetration Testing. When not hard at work, Larry enjoys long walks on the beach weighed down by his ham radio, (DE KB1TNF), and thinking of ways to survive the impending zombie apocalypse.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.