I recently saw a vine on Twitter, that joking shows someone
plugging a USB keyboard into a USB charger, acting like the Hollywood style of
hacking. The amateur didn't wear gloves. I myself have pictured a cute, spunky bubble-gum chewing teen with
pink and black hair, completing a hack, then turning to the camera, pulling the
gum from her mouth and shoving it into the RJ45 port she was using on the wall,
whispering in a sultry voice, something along the lines of “always cover your tracks.”
While the saliva on the gum might short something, it’s not the real threat. Physical
security is a real necessity; watch Twitter and Facebook and you see RJ45 connections, open
USB ports, and all sorts of other connections just waiting for the right
person, with the right know-how to steal or manipulate information in systems
acting as things like standalone ATM machines, voting machines, and Point-of-sale
terminals. Undetectable in some cases, these are real threats.
There are a lot of articles out there about key loggers and computers
on a stick that people can plug into systems and television sets, but there
is a dark side to physical security as well; the people who don’t want
information, but rather to cause downtime, expense, confusion, chaos, and
distraction. Anyone who has soldered wire understands about heat and protective
coatings. When I worked IT, I never patched
a cable into a network switch where I wasn’t expecting a live connection. Too
many people can sit down with a personal laptop and plug in, but it’s not the
real threat to the machines on the other end unless it’s the right person.
Often, a real threat is less than a meter away.
See, the electronic world we live in runs on low voltage and
amperage. It expects 5v, 2 volts, and a single volt on a connection sometimes.
It’s not designed for someone to take an extension cord with an RJ45 tip on it,
and shove it into the socket. A couple of things happen: if that cable is connected to anything that makes a short, it will
likely trip the breaker, depending on the device, but prior to that it sends a
surge of electricity down the line that can melt the jackets off of thin UTP
CAT-5 cable, potentially causing a fire, and additionally it can pop multiple
resistors, capacitors, and switches in expensive, highly-sensitive equipment.
Plugged into a disconnected battery back-up, it can produce a charge that
repeats with a simple reset. This can fry motherboards, breadboards, and simple
circuits with ease.
In terms of operation security, or opsec, someone may use a
device such as this to plug into USB ports to short motherboards, CAT 5e to
damage network connections and network hardware, and even phone terminals,
shorting switchboards. Additionally, someone could melt components in cell phone,
rendering data unreadable, inaccessible, or very difficult to obtain in a time
of need. Can’t call in emergency with no working devices.
