Radio frequency: a new possibility for pentesting?

When it comes to an attack on an internal network, we all think that the output of the data could be through that same network. For example, if a potential attacker were to infect a device with the intention of stealing information, he would require an exit through the network itself to send the information to an external server.

The question we could ask ourselves is: is there a second way in which the stolen information could be sent? To which the answer is yes, but with nuances. Let us consider the following scenario: an attacker manages to connect a device that communicates by radio frequency to a computer in the internal network. What could this involve?

There is a Spanish prototype, the RPK2, which answers this question. This USB is passed off as a printer to the computer it is connected to. Subsequently, it will start communicating with a receiver that will be manipulated by the attacker. Since the receiver device communicates by radio frequency, it should be located a few meters away from the malicious USB, in order to maintain continuous communication.

[Read more…]