Академический Документы
Профессиональный Документы
Культура Документы
www.bastille.net
Table of Contents
About Bastille
Space Utilization
About Bastille
Threats are becoming more complex as criminals look for new ways to use technology in their
quest for valuable data. As the number of connected devices grows to more than 50 billion by
2020, the IoT will provide an unprecedented expanision of new threat vectors and Enterprise
companies need to be able to respond. Bastille is providing the security solutions to allow
Enterprise companies to rapidly respond to this new threat vector.
wearables
Enocean - Low-power RF
$15 dongle.
3. FORCED PAIRING
three categories.
Attacker generates
an unencrypted
keystroke sequence
Bastilles
IoT security
MouseJack
Case
Study solution gives companies full situational awareness and control of all
wireless devices within their facility. Its technology tracks the location and activity of all internet
-connected and wireless devices on premise. As a result, security executives can prevent the
MouseJack is a collection of security vulnerabilities
1. KEYSTROKE INJECTION, SPOOFING A MOUSE
theft of valuable information and protect employees throughout their environment.
How
it Works
complete
control
over a victims computer using a
$15 dongle.
Bastille deploys a mesh network of proprietary radio
frequency (RF) sensors throughout the customer facility.
WirelessThese
mice sensors
and keyboards
commonly
communicate
are able to
track the location
and emissions
using proprietary
protocols
the 2.4GHzBastilles
ISM
of all wireless
devices operating
within theirin
environment.
system
sends work
updates
alerts to end-users
to help
band. These
devices
byand
transmitting
radio frequency
stop ongoing
and threats.
packets immediately
to a USB dongle
pluggedintrusions
into a users
computer.
Center
(RF)to
Vulnerability
Protection.
The Data
for anData
attacker
to Radio
pretend
be a mouse,
but transmit
Center contains the crown jewels for an organization. In
a keypress
packet. The dongle does not expect packets
encrypt theinformation
data beingfrom
transmitted
the facility;by wireless keyboards,
data. This
makes itfor
possible
forsecurity
an attacker
to pretend
are deployed
endpoint
and intrusion
prevention
keyboard,
transmit unencrypted keyboard
for
the wired and
infrastructure.
Report on or control access and egress within the facility. to be a
where a victim
only
has a mouse,
is using
and those
coming from
attacker.
This
results
in theyou are a the case
information
in bothan
oral
and written
format.
Whether
frequencies.
For data
exfiltration,
cellularbut
protocols
are the
vulnerable
to keystroke
injection by spoofing
Fortune
500 corporation
or ato
mid-sized
business,
ability for
an attacker
to pretend
be a mouse
andkeeping the a dongle
most
prevalent example
of an out-of-band
network that
protected
is a top
transmitC-Suite
their own
packets
to priority.
the dongle.
a keyboard,
an large
attacker
can pair
a fake
keyboard are
with
can move
amounts
of data.
Organizations
finding
it harder
and
harder
monitor
the entire
radio frequency
the dongle,
and
use
it to to
type
arbitrary
commands
on
three categories.
Attacker generates
an unencrypted
Many organizations are interested to understand employee behavior and what types of devices are entering
their offices and campuses. Large organizations with sensitive data want to know the movements of devices
in their
environment
in order
to get a holistic view of1.all
the activityINJECTION,
in the radio
frequencyA spectrum
MouseJack
is a collection
of security
vulnerabilities
KEYSTROKE
SPOOFING
MOUSE within
combinedwireless
premises.
affectingtheir
non-Bluetooth
mice and keyboards.
When processing received RF packets, some dongles
$15 dongle.
Currently organizations do not have an all-inclusive view
Specifically,
a solution
must:
clicks to
the dongle,
and a keyboard
will only transmit
and mitigating
anwill
attack
in transmit
action. movement/
The
Problem:
Not allcomputer
Devices using
are Recognized
complete
control
over a victims
a
circumstance,
a mouse
only
into the wireless devices and traffic in their corporate office keypresses.
If the
dongleoperating
does notinverify
that the
packet
Detect
all devices
the wireless
spectrum
Wirelessenvironments.
mice and keyboards
commonly
communicate
In order to
protect from
the emerging threatstype andbetween
100 kHz
and 6type
GHz, match,
to include
Wi-Fi,
cellular, Bluetransmitting
device
it is
possible
using proprietary
operating
in thecampuses
2.4GHz ISM
associated protocols
with the wireless
spectrum,
must first for an attacker
tooth, and
the hundreds
protocols
in the Internet
to pretend
to beofa other
mouse,
but transmit
band. These
devices
byand
transmitting
frequency
recognize
the work
devices
protocols inradio
their airspace.
of
Things
(IoT)
a keypress packet. The dongle does not expect packets
packets to a USB dongle plugged into a users computer.
from
Capture
the overall
wider
RF spectrum,
just specific
coming
a mouse
to be
encrypted,
so itnot
accepts
the
Understanding employees patterns and their associated
When a user presses a key on their keyboard or moves
protocols
devices gives a view into the insider threat scenario. Rogue keypress packet, allowing the attacker to type arbitrary
their mouse,
information describing the actions are then
devices, data exfiltration, misconfigured equipment, person- commands
on the
victimsinto
computer.
Provide
awareness
any wireless threats including acsent wirelessly
to the USB
dongle.
dongle
listens
forvia
nel accountability,
and
insiderThe
threats
are all
possible
tive attacks, rogue networks, and misconfigured devices
these radio
frequency
packets
and transmits
the actions
nefarious
devices.
Additionally,
this data helps
the corporate2. KEYSTROKE INJECTION, SPOOFING A KEYBOARD
real estate
department understand traffic flows and workto the users
computer.
place productivity to help with future real estate planning.
Facility/Campus
Headquartersby
Security
Vulnerabilities
encrypt the
data being transmitted
wireless
keyboards,
howeverinclude:
it appears that the same security was not built
Unauthorized
devices on premises
into the mouse
communications.
The communication
between the
dongle in
and
mice tested
by the research
Individuals
unauthorized
areas
Enforce company
BYOD/IoT
policy
to be a keyboard,
and transmit
unencrypted
keyboard
to
Detect
access
packets
the unauthorized
dongle.
Detect data exfiltration through wireless devices
3. FORCED PAIRING
team showed
that there was no authentication in place,
The wireless threat surface associated with the devices in
Allow the physical security to quickly detect and localize
It is possible to bypass pairing mode on some dongles
leaving thethe
dongle
unable to determine the difference
RF spectrum
Detect
cell
which cancommands
send signalson
into your
the dongle,
androgue
use it
totowers
type arbitrary
facility
the victims
computer.
three categories.
Attacker generates
an unencrypted
MouseJack
Case Study
about, Data Centers are loaded with Industrial equipment (chillers, lighting, power, etc.) and often frequented
by contractors. Many vectors expose a Data Center to risk, and as a result, Data Center security has long been
the recipient of significant budget and attention from both physical and cyber security organizations. Data
MouseJack is a collection of security vulnerabilities
1. KEYSTROKE INJECTION, SPOOFING A MOUSE
Centers have the highest physical security for any organization, often employing mantraps, biometrics, and
affecting non-Bluetooth wireless mice and keyboards.
processing received RF packets, some dongles
expanded video coverage. On the cyber side, large When
budgets
are deployed for endpoint security and intrusion
Bastillesprevention
research team
tested
seven
vendors
products
do
not
verify
that the type of packet received matches
for the wired infrastructure.
$15 dongle.
However, there is an attack vector capable of penetrating Data Center walls and bypassing the firewalls,
complete control over a victims computer using a
circumstance, a mouse will only transmit movement/
namely radio frequency (RF) based attacks.
The Problem:
Unprotected
Devices
using proprietary
protocols
operating inWireless
the 2.4GHz
ISM
Data devices
Centers consist
of transmitting
many computers,
industrial
equipband. These
work by
radio
frequency
anddongle
personnel,
all having
that may
packets ment,
to a USB
plugged
intocomponents
a users computer.
Security
professionals
need
totransmits
lock down the
threat
vectors in
these radio
frequency
packets
and
actions
2. KEYSTROKE
INJECTION,
SPOOFING
A the
KEYBOARD
corporate
networks and
preventing
use of USB ports for
Data computer.
Centers. Rogue devices, data exfiltration, misconfiguredMost of storage.
the tested
keyboards
encrypt
data
However,
by utilizing
cellular
or before
other hard to see
to the users
equipment, personnel accountability, and insider threats aretransmitting
protocols,
attackers
can
bypass
these
controls.
it wirelessly to the dongle, but not all of the
nefarious devices.
In orderall
topossible
preventvia
eavesdropping,
most vendors
dongles tested required that encryption to receive the
howeversome
it appears
that the same security was not built
extent by existing products, but other wireless traf-
data. This
makes
it possible
attackersteal
to pretend
are
left in Data
Centersfor
to an
specifically
data and backhaul that data
over cellular.
to be a keyboard,
andout
transmit
unencrypted keyboard
keyboard.
and those
coming
from
an attacker.
This ready
resultscontrol
in thesystem in the case where a victim only has a mouse, but is using
today
is being
shipped
with a radio
try ICS protocols for managing aspects of the equipment
a
dongle
vulnerable to keystroke injection by spoofing
ability for
an
attacker
to
pretend
to
be
a
mouse
and
addition to the Ethernet or Console control system that the
or environment. Security professionals have no visibility
attacker
a fakeand
keyboard
with
transmitData
theirCenter
own packets
toemploy.
the dongle.
intends to
However, we have found thata keyboard,
into an
these
devicescan
andpair
protocols
if they are
properly
and use it to type arbitrary commands on
the radio control system, Zigbee or Z-Wave for example, is the dongle,
configured.
Specificsusually
of thedefault
discovered
vulnerabilities
from default the victims computer.
ON when
it is shipped.vary
In addition,
vendor to
vendor,(0000)
but they
generally
fallsimple
into one
of from a
passwords
are used
that are
to find
Employees and contractors who unknowingly carry a compromised cell phone, which once attached to an internal
Wi-Fi network, open a 4G channel and begin beaconing out
packets to the attackers abroad.
exist and operate within the radio frequency, let alone if they
Attacker
Attackers
USB
dongle
Victims
USB dongle
receives
By 2020,generates
more than 25 percent of
identified
attacks
in enterprises
will involve
IoT. Gartner
an unencrypted
transmits an unencrypted
and types the unencrypted
Be always on
Billions of Internet-connected devices already have created opportunities for cybercriminals. Tech
companies have stepped up security measures for smartphones, computers and tablets. But
other web-connected devices, such as thermostats, smart refrigerators and wearables have
received less attention. That lag has created dangerous vulnerabilities. Wall Street Journal
There are many ways for bad actors to exfiltrate information from an organization. For example, covert transThese devices commonly use wireless
protocols at unmonitored frequencies. For data exfiltration, cellular protocols are the most prevalent example of an out-of-band network that can move large amounts of data. Organizations are finding it harder and
MouseJack is a collection of security vulnerabilities
1. KEYSTROKE INJECTION, SPOOFING A MOUSE
harder to monitor the entire radio frequency spectrum of protocols and bands for anomalous and/or high
affecting non-Bluetooth wireless mice and keyboards.
When processing received RF packets, some dongles
volume exfiltration signatures.
MouseJack
Case Study
mitters can create voice or data channels that are difficult to detect.
complete
control
over a victims
computer
using a are
The
Problem:
Surveillance
Devices
Informayou
of thewill
attack
surface
for each
of these devices
circumstance,
mouse
only
transmit
movement/
$15 dongle.
Easy to Obtain
Alert
on activeand
wireless
attacks on
through
clicks to
the dongle,
a keyboard
willthose
onlydevices
transmit
yourIfexisting
SIEM systems
keypresses.
the dongle
does not verify that the packet
Suggest
best practices
minimizing
attack surface
type and
transmitting
device for
type
match, itthe
is possible
packets their
to a USB
dongle plugged into a users computer.
own computers, and have their own cellular backhaul
When a user
presses
a key on
theirare
keyboard
moves
prepaid
chips. These
devices
not goingor
over
the wire,
coming
from a mouse to be encrypted, so it accepts the
Specifically, a solution must:
to the users
computer.
sweep,
they hire an outside firm to do a one-time, point-in- Most of the tested keyboards encrypt data before
Detect current and future protocols without requiring
time sweep that is rendered obsolete once the firm leaves. transmitting it wirelessly to the dongle, but not all of the
hardware upgrades
In orderThis
to prevent
eavesdropping,
most vendors
is not only
costly and time consuming,
but also very
dongles tested required that encryption to receive the
leaving theExfiltration
dongle unable to determine the difference
Be always on
Alert on a wireless attack surface introduced by the instal Nefarious devices such as pwn plugs and pineapples that the dongle, and use it to type arbitrary commands on
lation of new equipment
Specifics of the discovered vulnerabilities vary from
are left to specifically steal data and backhaul that data outthe victims computer.
vendor to vendor, but they generally fall into one of
Detect rogue cell towers which can send signals into your
over cellular
three categories.
facility
Attacker generates
an unencrypted
Space Utilization
Enterprises are finding the benefits of studying employee utilization of corporate spaces and typical traffic
flows through the building. Understanding space utilization is very important for HR departments and real estate
professionals in particular. It can cut down on costs for companies as they better understand how to properly
use floor space.
With the ability to monitor where people are at any given time based on the devices that theyre carrying, a
corporation can look into the actual usage of the space, how it was designed and how it was planned, versus
how it is actually being used. This can allow them to increase productivity and efficiency by analyzing the use
of that space and then changing the way it is used. Further, by monitoring people passively based on the
devices they carry, the movement of visitors and not just employees can be tracked.
Be always on
all C-level stakeholders. CISOs need to develop and champion holistic, enterprise-wide security strategies that monitor,
Source: Garner, Inc., Press Release Gartner Says 6.4 Billion Connected Things
Will Be in Use in 2016, Up 30 Percent From 2015, November 2015
shaping and executing business strategy. Security is no longer an IT or operational conversation; its one to be had with
Source: Gartner, Inc., Predicts 2016: Security for the Internet of Things, December 2015
Source: IDC, Press Release IDC Reveals Worldwide Internet of Things Predictions for 2015, December 2014
Source: Gartner, Inc., Predicts 2016: Security for the Internet of Things, December 2015
IoT will be full of security vulnerabilities. The majority of the people coding these things have
less security training than the average [person]. InfoWorld
About Bastille
MouseJack
is a collection of security vulnerabilities
1. KEYSTROKE INJECTION, SPOOFING A MOUSE
ing, proprietary technology, Bastille helps enterprise organizations
affecting
non-Bluetooth
micewhile
and keyboards.
When processing received RF packets, some dongles
About
Bastille
protect
cyber
and wireless
human assets
providing unprecedented
Bastilles
research
team
seven
vendors
products
do not verify that the type of packet received matches
visibility
ofinwireless
IoT devices
that
could
pose
a of
threat
to network
Launched
2014, tested
Bastille
is pioneering
Internet
Things
(IoT)
security
next-generation
security
sensors
and
infrastructure.
more
information,
visit
www.bastille.net
and
and discovered
thatwith
itFor
was
possible
for an
attack
to take
the type of device that transmitted it. Under normal
airborne
emission detection,
allowing
corporations to
follow
@bastillenet
on Twitter
and LinkedIn.
complete
control
over a victims
computer
using a
$15 dongle.
clicks to the dongle, and a keyboard will only transmit
threats. Through its patent-pending, proprietary technology,
Bastille helps enterprise organizations protect cyber and
Wireless
mice and
keyboards
commonly
communicate
human
assets
while providing
unprecedented
visibility
using proprietary
protocols
in thea 2.4GHz
of wireless IoT
devices operating
that could pose
threat toISM
network
infrastructure.
more information,
band. These
devices
work by For
transmitting
radio frequency
a keypress
honored as a Top 100 winner
in the Redpacket.
HerringThe
2016dongle
Awards.does
visit www.bastille.net andBastille
follow @bastillenet
Herring.
Thea variety,
coming
from
mousedepth,
to be disruption
encrypted, so it accepts the
on Twitter and LinkedIn. Alex Vieux, publisher and CEO of Red
When a user presses a key on their
keyboard
and traction
we or
sawmoves
from the earlykeypress
stage companies
to
those
with
packet, allowing thesignificant
attacker to type arbitrary
their mouse, information describing
the actions
are
scale made
it one of
thethen
toughest vintages to judge. The North America winners
commands on the victims computer.
are The
representative
of thefor
amazing ecosystem that never ceases to astound,
sent wirelessly to the USB dongle.
dongle listens
with new and experienced entrepreneurs
continuing
to push theSPOOFING
barriers of A KEYBOARD
2. KEYSTROKE
INJECTION,
these radio frequency packets and transmits the actions
andsecurity
mitigation
of not
threats
from wireless Internet of Things (IoT) devices.
however it appears that the same
was
built
to be a keyboard, and transmit unencrypted keyboard
On The
Monday,
February 29, 2016, Bastille had the opportunity to showcase its
into the mouse communications.
communication
packets to the dongle.
3. FORCED PAIRING
Bastille has been named to the list of Cool Vendors; in the Gartner Cool
three categories.