The goal of SkyNET is to create a botnet controlled by a stealth network, the network in the sky. When an attacker has a physical presence the number of possible attack vectors increases. SkyNET takes advantage of poorly configured wireless network security, and poor trust configurations on mobile devices, to join networks and access devices locally using a mobile attack drone.
We call this a SkyNET drone, which is controllable via auto-pilot or via a mobile broadband (3G) connection. Once network access is acquired, the drone utilizes an array of existing tools to compromise hosts, such as the Metasploit framework [22]. SkyNET then takes advantage of multiple assumptions made when implementing security measures to create a highly stealthy botnet.
These assumptions include: assuming all network traffic must pass through network choke points [6], that attack traffic originates from the Internet, and that local network hosts can be trusted. The drone implements a 4-step attack procedure to enlist hosts into the network. We call this procedure PAAE (pilot, attack, attack, enlist).
The drone’s first step is acquiring physical proximity. Using a client application, for a mobile phone or within a web browser, the drone controller (botmaster) pilots, and lands (landing saves power on the device, it is not a requirement) at an attack position. We developed a web client to control the drone, record Wi-Fi cells, and map each trip.
> https://db.usenix.org/events/woot11/tech/final_files/Reed.pdf
Aucun commentaire:
Enregistrer un commentaire