Andy Davis of NCC Group will present his findings at Black Hat EuropeFew organizations realize this, but the laptop docking stations utilized by many of their employees can actually be leveraged by hackers to launch hardware-based attacks.
At the upcoming Black Hat Europe conference, Andy Davis, a researcher at NCC Group, plans to show that docks are not just some “dumb” devices.
In the abstract of his presentation, Davis highlights the fact that many IT administrators tell employees to lock their laptops, but they rarely instruct them to secure the docking stations as well.
However, these devices can represent an effective attack vector because they have access to the network, to the ports of a laptop and they’re permanently connected to a power supply.
“You see docking stations all over the place in organizations because people are using hot-desking type environments, so different laptops can be attached to them each day. And they are considered a trusted part of the infrastructure: nobody thinks someone might tamper with one or swap one for another,” Davis told Dark Reading.
“If you have access to a dock, you have information on all the other ports, such as softphones or videoconference traffic. It can capture traffic before it's encrypted and after it's decrypted,” he added.
The researcher has built a prototype device that can be easily placed inside a laptop docking station and utilized to sniff traffic.
An attacker would have to gain physical access to the dock in order to plant the snooping device, but once that’s accomplished, he could easily gain access to sensitive corporate information.
An office cleaner or a contractor could plant the device into a docking station, or replace the dock with a rigged one.
The expert advises organizations to protect their networks against such espionage attacks by fitting the devices with an anti-tampering mechanism.