1/10/10

Ad-Hoc Spying

Just some random thoughts which occurred to me. Trojan horses, back-doors, or exploits are pretty well known manners to break a system. Let's use the following terminology. An exploit is some bug you can exploit remotely, like a buffer overrun in ftpd, or an insecurity in domain checks of Javascript where by cross-scripting over different windows you can access local ports. A back-door is a remote functionality placed in the system where you can gain access, for example, a hacked ftpd where the account 'devil666' gives instant access to the machine. A Trojan horse is something all together different, its part of a program or OS which actively searches contact with the outside world, preferably undetected. An example would be your good old-fashioned key-logger build into some kernel module which searches for passwords and sends them out over ICMP.

Now, the above is pretty well-known 'old-skool' hacking. Question is: What can you gain extra by ad-hoc or wireless hacks?

Trojan horses fall into the worst category of hacks and are the most interesting, Trojan horses in the kernel being more severe, and Trojan horses in the hardware the worst category. For spying, owning the root account what most sysadmins fear is not even interesting; ad-hoc gossiping OS parts over wireless would be. I.e., it gives the ability to bypass firewalls and tethered lines locally. [1]

What about dynamically planting memory scanners for honey keys, a code you plant into a document such that it can be traced, and gossiping those to a remote server outside the firewall (FBI)? Or, an Intel hack so you can shutdown all processors in some environment by gossiping a key (US army)? Or, gossiping credit-card information from a PC over Bluetooth to a phone and send that out over the Internet through a browser cookie (black-hat)? Or, just using hacked WiFi phones in the environment for building a remote login tunnel (old-skool hippy)?

A large deal of these hacks are technically possible, but would be too difficult at the moment. But in a few years, where wireless access between desktop/laptop, phone, and -what-do-I-care- a dishwasher will be conceived normal, the door will be wide open.

[1] Some people are unaware how easy it is to place a backdoor in software. But placing a hardhack in hardware is almost as easy as most processors are 'programmed' in a high-level language like Verilog, or VHDL, and subsequently post-processed. Bypassing industrial verification is pretty difficult, and placing a radio on a die and hope that it works -a processor is pretty radio unfriendly- and goes undetected, for that you'll need an EE with extraordinary skills. But still, doable.

A good case against gossiping protocols? One other thought: Why I god's name do I need proprietary software from the KNP to access my USB dongle? Annoying...