Pierluigi Paganini
March 22, 2017
Recently we reported the news of the availability of a new hardware bridge for Metasploit extension to test hardware, including IoT devices.
We have to consider that IoT devices are pervading our day life such as into modern businesses. IoT devices are enlarging our surface of attack, for this reason, the availability of tools that allow rapidly test them is essential to prevent cyber attacks.
The new Metasploit extension, the Metasploit RFTransceiver radio frequency testing extension, allows researchers to discover security flaws in in IoT radio communications.
“Wireless systems often control alarm systems, surveillance monitoring, door access, server room HVAC controls, and many other areas,” writes Craig Smith, Transportation Research Lead at Rapid7 in a blog announcement today. These same devices can often contain flaws that can be used by attackers, but are unknown to the user.
Using the RFTransceiver companies will “be able to test physical security controls and better understand when foreign IoT and other devices are brought onto the premises.”
Smith took as an example the discovery of a vulnerability in a medical insulin pump made in 2016 by researchers at Rapid7.
One of the most disconcerting discoveries made by the researcher was that the remote control and the pump communicated over an unencrypted channel. An attacker might have exploited a flaw tracked as CVE-2016-5084 to launch a man-in-the-middle (MitM) attack to intercept patient treatment and device data. The only consolation is that data exposed do not include any personally identifiable information.
“We strongly believe that RF testing is an incredibly important — though currently often overlooked — component of vulnerability testing. We believe that failing to test the usage of radio frequency in products puts people and organizations at risk.” wrote Smith, “We also believe the importance of RF testing will continue to escalate as the IoT ecosystem further expands.”
Many organizations already use devices operating on radio frequencies outside 802.11. RFID readers, components using the Zigbee communication protocol, and surveillance systems.
The RFTransceiver extension is designed to help organizations testing them and evaluate the response to outside interference.
The new Metasploit RFTransceiver radio frequency extension could be used for testing purposes but there is the risk that crooks could abuse its capabilities to find vulnerabilities and exploit them.
The response to the common criticism of any kind of “dual use” technology is that bad guy are already exploiting it as the attack vector, for this reason, it is important to understand and anticipate the attackers’ moves.
“The most common criticism of any technology created for the purpose of security testing is that bad guys could use it to do bad things. The most common response from the security research community is that the bad guys are already doing bad things, and that it’s only when we understand what they’re doing, can effectively replicate it, and demonstrate the potential impact of attacks, that we can take the necessary steps to stop them. Sunlight is the best disinfectant.”
Experts that want to use the new Metasploit RFTransceiver extension have to buy an RfCat-compatible device like the Yard Stick One. Then they need to download the latest RfCat drivers, included with those drivers they will find rfcat_msfrelay. This is the Metasploit Framework relay server for RfCat. Run this on the system with the RfCat compatible device attached.
“This is the Metasploit Framework relay server for RfCat. Run this on the system with the RfCat compatible device attached.” concluded Smith. “Then you can connect with the hardware bridge:
To learn more about the RFTransceiver, you can download the latest Metasploit here: https://www.rapid7.com/products/metasploit/download/community/“
[adrotate banner=”9″]
(Security Affairs – hacking, Metasploit RFTransceiver radio frequency extension)
