Another Reason to Check Those Daily Deliveries
Penetration testers have long gone to great lengths to demonstrate the potential chinks in their clients’ networks before less friendly attackers exploit them. But in recent tests by IBM’s X-Force Red, the penetration testers never had to leave home to get in the door at targeted sites, and the targets weren’t aware they were exposed until they got the bad news in report form. That’s because the people at X-Force Red put a new spin on sneaking in—something they’ve dubbed “warshipping.”
Using less than $100 worth of gear—including a Raspberry Pi Zero W, a small battery, and cellular modem—the X-Force Red team assembled a mobile attack platform that fit neatly within a cardboard spacer dropped into a shipping box or embedded in objects such as a stuffed animal or plaque.