Information Warfare Strategies (SRF-IWS): Unveiling the Risks: Paris Protests and the potential to compromise the cybersecurity of companies while looting their stores

Posted on July 14, 2023 by Simon Roses

Introduction

The world has witnessed countless protests throughout history, as people express their grievances and demand change. Paris, known for its passionate demonstrations, has experienced its fair share of protests in recent times. Other places such as Barcelona (September 2022) and USA (Black Lives Matter 2020) has suffered looting and even deaths while protests. However, a concerning new trend has emerged, where protesters take advantage of the chaos to break into stores, including prominent ones like Apple Store, Orange, Supermarkets, and a Motorcycle shop among others. While the immediate impact of such actions is evident, there is a lesser-known risk that these protesters could exploit the opportunity to install Red Team hardware and compromise the cybersecurity of these companies. In this post, we explore this potential threat and shed light on the implications it poses.

Understanding Red Team Hardware

Before delving into the potential cybersecurity risks posed by protesters, it’s crucial to understand what Red Team hardware entails. Red Team hardware refers to devices or equipment used to simulate cyberattacks, often employed by ethical hackers or security professionals to evaluate the security posture of an organization. These tools aim to identify vulnerabilities and assess the effectiveness of security measures in place.

The Protester’s Advantage

During large-scale protests, chaos often ensues, leading to vandalism, looting, and destruction of property. In the case of high-profile stores such as the Apple Store or Orange, these incidents attract widespread attention. Amidst the pandemonium, protesters who possess knowledge about Red Team hardware might exploit the opportunity to install such devices within the compromised stores.

Installation of Red Team Hardware

Protesters who gain access to these stores can potentially plant Red Team hardware, ranging from small devices to sophisticated equipment, within the store’s infrastructure. These devices may go undetected initially, as the focus of security teams and law enforcement is primarily on controlling the protests and minimizing damage. The installed hardware can serve as an entry point for cybercriminals to gain unauthorized access to the store’s network, compromising the cybersecurity of the company and potentially accessing sensitive customer data.

Let’s explore different attack vectors that an attacker could use (I used these devices and more in my Red Team engagements):

  1. Search for passwords in the store: post-it, router and access points contain stickers with the password.
  2. Install a dropbox: a Red Team dropbox is a tiny computer such as a Raspberry PI deployed and hidden to launch network and wireless attacks. I have talked about dropboxes at different conferences.BSidesSF 2019 Mundo Hacker Day 2021
  3. Bash Bunny: from pentesting vendor Hak5, the Bash Bunny is a multi-vector USB attack platform.
  4. EvilCrow Cable: is a BadUSB cable.
  5. EvilCrow Keylogger: USB keylogger with WIFI support for data exfiltration.
  6. Jack Shark: Hak5 device for network attacks, plug in to an Ethernet port.
    7. />
  7. Key Croc: Another Hak5 gadget for keylogging.
  8. Lan Turtle: Hak5 covert USB Ethernet adapter for network attacks.
  9. Packet Squirrel: A man-in-the-middle network sniffer by Hak5.
  10. Rubber Ducky: the mighty USB keystroke injection attack platform by Hak5.
  11. WHID Cactus: USB HID injector with WIFI support.
  12. WIFI Pineapple: The powerful wireless attack platform by Hak5. The Nano (left) and the Mark VII (right).

Keep in mind these devices are just some options, many more exist with all kinds of capabilities.

Cybersecurity Implications

The consequences of compromised cybersecurity are severe, not only for the affected companies but also for their customers and business partners. Here are a few potential implications:

Data Breach: A successful infiltration can lead to unauthorized access to customer data, including personal and financial information. This breach can have far-reaching consequences, such as identity theft, fraud, and reputational damage to the affected companies.

Intellectual Property Theft: Companies like Apple often possess valuable intellectual property that is highly sought after by competitors or malicious actors. Breaching their cybersecurity can expose trade secrets, patents, and proprietary information, jeopardizing their competitive edge and potentially leading to financial losses.

Customer Trust: A data breach or compromised cybersecurity can erode customer trust in the affected companies. Customers may hesitate to share their information or engage in business transactions, leading to a loss of revenue and long-term damage to the company’s reputation.

Supply Chain Vulnerabilities: If a compromised company is part of a larger supply chain, the cyber attack can extend its reach to other organizations connected to the network. This ripple effect can further amplify the impact of the initial breach, potentially disrupting entire industries and causing significant economic damage.

Preventive Measures and Mitigation Strategies

To mitigate the risks highlighted above, it is imperative for companies to prioritize their cybersecurity efforts. Here are some recommended preventive measures:

Robust Physical Security: Strengthening physical security measures, including improved surveillance, alarms, and reinforced entry points, can help deter unauthorized access and limit opportunities for protesters to install Red Team hardware.

Network Monitoring: Implementing advanced network monitoring tools can aid in the detection of any suspicious activities or unauthorized access attempts, enabling a swift response to potential threats.

Regular Security Audits: Conducting regular security audits and vulnerability assessments can identify weaknesses in the system and help implement necessary safeguards.

Employee Awareness: Educating employees about the risks of social engineering and physical tampering can help them identify and report suspicious behavior promptly.

Conclusion

While protests serve as an important avenue for expressing grievances, the potential exploitation of such events to compromise cybersecurity is a growing concern. The recent incidents of protesters breaking into stores like Apple Store and Orange in Paris highlight the need for heightened security measures to mitigate the risks posed by Red Team hardware installation. Companies must remain vigilant, continuously enhance their cybersecurity practices, and collaborate with law enforcement agencies to prevent unauthorized access and safeguard sensitive data. By doing so, they can maintain the trust of their customers and protect themselves from potential cyber threats, ultimately ensuring the long-term sustainability of their businesses.

Thoughts? Would you like to learn more about Red Team devices? Let me know in the comments.

@simonroses

Posted in Economics, Pentest, Security, Technology | Tagged , , , | Leave a comment

Infrared Dominance with Flipper Zero

Posted on March 3, 2023 by Simon Roses

Flipper Zero is a portable and powerful multi-tool for hackers, security professionals or geeks. It was extremely well received when it was first launched on Kickstarter in 2020. I received my Flipper Zero in July 2021 and it’s time to show what this dolphin can do with a series of articles and videos. Pay attention to future posts 😊

Flipper Zero incorporates many capabilities (Sub-1 GHz Transceiver, RFID, NFC, Bluetooth, Infrared and iButton). In this article we are going to explore the Infrared (IR) and how Flipper Zero can control many electronic devices such as televisions, air conditioners (AC), musical devices, projectors, and fans. It would work as a universal remote.

One of the most attractive capabilities of Flipper Zero is the ease of changing the firmware, and the community has released several firmwares. I am using the RogueMaster firmware, which provides additional capabilities to the default firmware. The infrared works correctly regardless of the firmware, so it does not matter what firmware you use.

To understand how Infrared works in Flipper Zero I recommend this magnificent article in the Official Blog.

Universal Remote

In image 1 we see the app to control devices through Infrared called Universal Remotes or the way to learn about new devices: Learn New Remote, which we will explore later.

Image 1: Infrared App

Next, we are going to see two videos where the first controls an air conditioner (AC) and the second controls a television, a Smart TV.

Video 1: FlipperZero AC Infrared

Video 2: FlipperZero TV Infrared

As you can see, Flipper Zero works great as a universal remote for Infrared devices. In image 2 we see the remote to control air conditioners by sending a signal.

Image 2: Infrared AC App

Learn New Remote

Now let’s see how Flipper Zero behaves for new/unknown IR controllers.

Image 3 shows the Learn New Remote mode in operation, which consists of pointing the remote at the infrared port of Flipper Zero to capture the signal. It should be noted that the Infrared of Flipper Zero is very sensitive and it is not necessary to aim the signal directly – it can even capture the signal in transit, that is, between the remote control and the device.

Image 3: Learn New Remote App

In image 4 we can see that it has detected a Samsung television.

Image 4: Samsung detection

In the following example Flipper Zero is not able to recognize the device, in this case an air conditioner (AC). However, by sending the “Send” signal it will turn on the air conditioner without any problem. That is what we would call a Replay Attack, which allows us to capture the signal and send it as if it were the legitimate remote. Additionally, the app allows us to save the captured signal on the memory card (SD) – this option is really interesting to create our library of captured signals. See image 5.

Image 5: New AC signal captured

Curiosity: the air conditioning remotes work by sending all the information that the device may need (temperature, fan speed, modes, etc.) and that is why in image 5 we see that a large amount of data has been captured: 583 samples. This sending of data is done to avoid data desynchronization between devices if, for example, we use the same remote with different air conditioning devices.

IR Files

Infrared data are stored in text format in the SD card, as you can see if image 6. Using text files makes adding new data or making changes very easy.

Image 6: IR text file

Last October 2022 a blog was published on how to crash Flipper Zero by malforming the IR text files. Read this blog here.

Flipper-IRDB

Do you need more? Flipper-IRDB is a huge collection of IR files covering from Consoles, Air Purifiers, Cameras, Toys, LED Lighting, Monitors, etc. that you can easily upload to your Flipper Zero devices using the qFlipper app, see image 7.

Image 7: qFlipper App

The following images (8-10) show how to run the IR app using a file from the IRDB collection. Here lets run a IR file to manage CCTV devices.

Image 8: CCTV folder

Image 9: Run CCTV IR file

Image 10: CCTV App

Clearly Flipper Zero is a fascinating tool with many capabilities and expansion possibilities (see GPIO).

What other capabilities of Flipper Zero would you like to see explored/discussed in future articles? Some topics to explore are how to recover the firmware in case of failures, Bluetooth, WIFI attacks through an external module (hardware), NFC, RFID, among many others.

All the best,

@simonroses

Posted in Hacking Etico, Pentest, RF, Security, Technology, Wireless | Tagged , , , , | 1 Comment

Offensive Security Wireless Professional (OSWP): my experience

Posted on August 10, 2022 by Simon Roses

On July 24, 2022 I took the well-known Offensive Security Wireless Professional (OSWP) practical exam and although Offensive Security can take days to inform of the result of the exam (pass/fail), the next day on July 25 they informed me that I had passed :) Kudos Offensive Security for the quick response.

The truth is that I personally have been performing WIFI audits since early 2000 as you can see some of my old WIFI cards that I keep for nostalgia (Figure 1) and it was logical to get this certification (yes, I took it easy).

Figure 1 – classic WIFI cards

Nowadays for my audits I use modern technology that I will discuss throughout this post as it will be useful to obtain this certification for the interested reader. Let’s start, this is my story.

<b<OSWP Content

The PEN-210 course is focused on wireless attacks both to access points (AP) and clients. We must keep in mind that the course is an introduction to WIFI attacks (foundation course) and alongside the PEN-200 (OSCP) course, so if you have years of experience in WIFI audits you may find the course somewhat simple, although you will always learn something new, I’m sure.

In this link you will find the course content.

Hardware

On the course website we find the hardware recommended by Offensive Security which are:

Routers

  • NETGEAR AC1000 (R6080)
  • Linksys WiFi 5 Router Dual-Band AC1200 (E5400)

WiFi card

  • Alpha AWUS036NHA

Personally, I did not find the recommended routers, but I used these others that have served me perfectly (see Figure 2). I recommend the TP-Link TL-WR841N as it allows all the necessary configurations for the course (WEP, WPA/WPA2, WPA Enterprise and WPS).

  • Tenda F3 Wireless N300
  • TP-Link TL-WR841N

Figure 2 – Routers

Although I have quite a few WIFI cards (2.4G and 5G) for the course, I used only the Alpha AWUS036NHA (which is the recommended one). In Figure 3 you can see some of my cards, I have more, that I used for my WIFI audits.

  • Alpha AWUS036NHA (top right)
  • Alpha AWUS036NH
  • Alpha AWUS036NEH
  • TP-LINK WN722N
  • CSL – 2 Wireless Dual Band Antenna

Figure 3 – WIFI cards

Exam

I can’t comment on the exam, so I recommend reading the official OSWP Exam guide very carefully.

The guide tells us that there are three attack scenarios and the total time we have is 3 hours and 45 minutes. At the end of the exam, we have 24 hours to send a report detailing the whole process.

Just tell you good luck :)

Conclusions

If you like WIFI audits and you can afford the cost of the certification (currently only available within the Learn One or Learn Unlimited subscriptions) then go ahead, I recommend it. Otherwise, no problem, you have different options such as other WIFI security certifications (Google is your friend) and keep learning on your own.

Some tips for OSWP certification:

  1. Join the Offensive Security Discord. Good people willing to help and lots of questions/answers that will be very helpful.
  2. If you buy the hardware I recommend, you should have no problem doing all the exercises in the course. If you buy another router, make sure it allows the different configurations needed. Buy the router on a website where you can return it without problems like Amazon.
  3. Remember that the exam is open book.
  4. Even if you have been doing WIFI audits for some time, don’t be overconfident and practice the different attacks before the exam (at least two or three times).
  5. Aircrack-ng is your friend. Use it wisely.

That’s it folks, and now to attack an AP (for an audit, of course :)

Anything you would like me to comment about OSWP or WIFI audits in another post or even video on my YouTube channel?

@simonroses

Posted in Hacking Etico, Pentest, RF, Security, Wireless | Tagged , , , , | 1 Comment