Casey Mortensen
ABSTRACT
The development of miniaturized, inexpensive, fully functional computers has opened up new opportunities for a pentester. A device approximately the length and width of a credit card and only a couple inches high, is capable of running a version of the GNU/Linux operating system, which makes the access to many tools such as network mappers and exploitation frameworks possible. Due to its size, the device can be hidden inside a building and attached to the network for as long as it has power, affording a great advantage to an attacker. In this paper, we attempt to explore different attack vectors facilitate by miniaturized computers and identify their feasibilities. We also make recommendations of countermeasures to the potential attacks launched through miniaturized computers.
- New $74 Android mini computer is slightly larger than a thumb drive, http://arstechnica.com/gadgets/2012/05/new-74-android-mini-computer-is-slightly-larger-than-a-thumb-drive/.Google Scholar
- BeagleBone, http://beagleboard.org/static/beaglebone/latest/README.htmGoogle Scholar
- H. Berghel and H. Uecker. WiFi attack vectors. Communications of the ACM, 48(8): 21--28, Aug. 2005. Google ScholarDigital Library
- What is Cotton Candy? http://www.fxitech.com/cotton-candy/what-is-it/Google Scholar
- Nmap, http://nmap.orgGoogle Scholar
- pwnieexpress. A raspberry pi pentesting suite by pwnie express. https://github.com/pwnieexpress/Raspberry-Pwn.Google Scholar
- Pwn Plug Elite, http://pwnieexpress.com/products/pwnplug-eliteGoogle Scholar
- Raspberry Pi, http://www.raspberrypi.orgGoogle Scholar
- Reaver-wps. Brute force attack against wifi protected setup. https://code.google.com/p/reaver-wps/.Google Scholar
- C. Roberts. Biometric attack vectors and defences. Computer & Security, 26: 14--25, 2007.Google ScholarDigital Library
- S. Salerno, A. Snazgiri, and S. Upadhyaya. Exploration of attacks on current generation smartphones. In Proc. of the 8th International Conference on Mobile Web Information Systems (MobiWIS), pages 546--553, Niagara Falls, Ontario, Canaga, Sept. 19--21, 2011.Google ScholarCross Ref
- S. A. Shaikh, H. Chivers, O. Nobles, J. A. Clark, and H. Chen. Network reconnaissance. Network Security, 2008(11): 12--16, Nov. 2008. Google ScholarDigital Library
- F. Skopik and Z. Ma. Attack vectors to metering data in smart grids under security constraints. In Proc. of IEEE 36th International Conference on Computer Software and Applications Workshops (COMPSAC 2012), pages 134--139, Izmir, Turkey, July 16--20, 2012. Google ScholarDigital Library
- A. Sood and R. Enbody. Targeted cyber attacks: a superset of advanced persistent threats. IEEE Security & Privacy, 11(1): 54--61, Jan.--Feb. 2013. Google ScholarDigital Library
- S. Viehböck. Brute forcing wi-fi protected setup. http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdfGoogle Scholar
- Wifi-pineapple, http://hakshop.myshopify.com/products/wifi-pineappleGoogle Scholar
Index Terms
- Exploring attack vectors facilitated by miniaturized computers
Recommendations
Biometric attack vectors and defences
Much has been reported on attempts to fool biometric sensors with false fingerprints, facial overlays and a myriad of other spoofing approaches. Other attack vectors on biometric systems have, however, had less prominence. This paper seeks to present a ...
Mapping Social Media Insider Threat Attack Vectors
HICSS '13: Proceedings of the 2013 46th Hawaii International Conference on System SciencesOf the many possible insider threat attack vectors the increasing adoption of social media technologies and applications and the changing generational mindset of young prospective employees poses a particular challenge for maintaining security. This ...
Simulation Games Platform for Unintentional Perpetrator Attack Vector Identification
ICSEW'20: Proceedings of the IEEE/ACM 42nd International Conference on Software Engineering WorkshopsCyber-security protection of critical systems is one of the major challenges of today. Although the attacks typically originate from attackers with malicious intent, a substantial portion of attack vectors is enabled by unintentional perpetrators, i.e., ...
Comments