All the latest UK technology news, reviews and analysis
|
|
|
01 Aug 2002
At the Black Hat hacker conference being held in Las Vegas this week, security experts revealed that games consoles could be the latest weapon for information warfare.
Yesterday a pair of white hat hackers demonstrated how to turn a Sega Dreamcast into a bug that can be dropped inconspicuously onto a corporate network. It worked on the premise that firewalls are more lenient with outbound connections than with inbound ones.
Further reading
Aaron Higbee of Foundstone and Chris Davis of RedSiren have developed a custom Linux-based toolkit that can be run on a Dreamcast which, once plugged into an ethernet port, will 'phone home', joining an organisation's internal network with the hacker's network.
On the development site for the DC Phone Home toolkit, the hackers claim "to show that this type of attack can be performed easily with a variety of available hardware and software and in such a way that is not easily discovered by an organisation's employees or security resources".
According to a report from SecurityFocus, during their presentation at Black Hat yesterday Higbee and Davis said that, when performing penetration tests, they often found themselves able to get physical access to the target's facilities for a few minutes.
The reason they chose the Dreamcast was because it is innocuous - "it looks like a toy," they were quoted as saying.
The now-defunct games console also makes the perfect attack tool because it can be picked up for around £50, and comes complete with an ethernet port.
The DC Phone Home software checks all available services such as HTTP, SMTP and SSH in a bid to make an outbound connection. It even checks for proxy servers hooked up to the network.
By way of a defence against such attacks, Higbee and Davis suggested allowing only network connections from pre-assigned MAC addresses, along with the obvious tightening-up on physical security.
Other techniques that could be used in the phone home attack include software for the Compaq iPAQ and a bootable x86 CD-Rom which can perform the attack using any available PC.
The homepage for DC Phone Home is here. The software is expected to be published for download shortly.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Overview: My client; Based in the City...
**New Vacancy** Based in London Up to £35,000 - £42...
Junior BA The role of the junior BA is to support the...
Project Manager - Financial Services IT - up to £85'000...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?