Newly discovered ‘Warshipping’ attack technique can allow attackers to infiltrate corporate networks

• Warshipping is a new form of existing hacking methods such as wardialing and wardriving.
• A warship device is made up of a single-board computer (SBC).

Security researchers have uncovered a new attack technique named ‘Warshipping’ recently. The attack technique can allow threat actors to disrupt the business operation and steal sensitive data.

What is Warshipping?

Warshipping is a new form of existing hacking methods such as wardialing and wardriving. These techniques were used by cybercriminals to infiltrate a network remotely. This was possible by systematically sniffing around networks until they landed on a weak system that they then could attack.

The new Warshipping counters the limitations of wardialing and wardriving techniques, thus increasing the accuracy of the target.

How does this work?

Under the warshipping technique, an attacker can control a victim’s device from anywhere in the world. For this, the malicious actor needs to hide a tiny device - similar to the size of a small cell phone - in a package and ship it off to their victim to gain access to their network.

“The device, a 3G-enabled, remotely controlled system, can be tucked into the bottom of a packaging box or stuffed in a child’s teddy bear (a device no bigger than the palm of your hand) and delivered right into the hands or desk of an intended victim,” said Charles Henderson from IBM X-Force in a detailed document.

What does a warship device constitute?

A warship device is made up of a single-board computer (SBC). They are cheap, capable, networked computers that can run on a basic cell phone battery. Once the device is ready, it can perform wireless attacks simply by being shipped with the package to the destination.

“While in transit, the device does periodic basic wireless scans, similar to what a laptop does when looking for Wi-Fi hotspots. It transmits its location coordinates via GPS back to the C&C server,” Henderson noted.

When the warship device has reached the destination, the attacker can then remotely control the system and run tools to attack the target’s wireless access.

What is the impact?

The goal of the attack is to obtain data that can be cracked by more powerful systems in the lab such as hash. “These hashes represent a very small amount of data that we can obtain over a warship’s 3G connection as the attack progresses,” IBM X-Force noted.

The researcher also highlighted that the warship device could also allow threat actors to launch other active wireless attacks such as deauthentication attack or an evil twin attack. In this, way they can steal sensitive employee data, exfiltrate corporate data or harvest user credentials.