August 2, 2002 5:15 PM PDT
Old game machine gets hack trick
Two security researchers on Friday showed attendees at the Defcon hacking conference here how to reuse the small off-white boxes as stealthy network monitoring devices.
"When you only have a few minutes, you need to be able to drop something off that will let you access the network later," Aaron Higbee, a consultant with Foundstone and one of the two programmers who worked on the project, said of the Dreamcast consoles.
Higbee and his programming partner, consultant Chris Davis of RedSiren Technologies, created the software to turn a Dreamcast into a network bug. Their software, when burned onto a CD-R and placed in a Dreamcast that has a broadband network adapter, allows the game console to give a hacker access to the network to which it is connected.
Rather than teaching hackers in the audience how to monitor others' networks, Higbee and Davis said the demonstration was intended to alert network administrators to the danger that many innocent-looking devices could pose to network security.
"We are really attacking the concept of what computers are," he said, adding that many other devices could be used to monitor networks, including TiVo television recording devices, some new "intelligent" vending machines and even printers.
Walking into a company and dropping a device onto the network is a simple way to defeat much of the network security that businesses might erect to keep out attackers, Higbee said.
"Physical access is pretty easy to obtain," he said. "Especially for short moments of time."
Moreover, companies tend to build a wall around their networks, with heavy security at the perimeter--between the Internet and the firm's network--but have little security on the inside. So getting a device on the internal network can give a hacker far more access, they warned.
"The data that is valuable and worth protecting is on the inside," Higbee said. "We want to get on the inside."
The software that Higbee and Davis have created--they stress that they haven't modified the hardware because they don't want to run afoul of the Digital Millennium Copyright Act--is a Linux-based system. The software will first scan the network the Dreamcast console is on and then attempt to create an encrypted network back to the hacker's network.
Dubbed "180-degree" hacking by the duo, the ability to have a device on the inside makes a hacker's job much easier.
"Most people believe that inside traffic is trusted," he said, adding that most of the time a system administrator believes that any traffic coming from the inside is legitimate.
"I truly believe that in this attack...firewalls are pointless," Davis said. "They need to be a lot more aware of what's on their network. They almost have to treat their internal network as the Internet--as an untrusted network."