A/V Design: Conference Room Attack Vectors Hidden In Plain Sight

Years ago, when devices such as the Barco ClickShare came to market, my then employer sent me all around the city selling clients on the magic of wireless presentation. A simple device that sits on the conference room table, works on most computers, and is plug and play? It was a revolution!

However, something always lingered in the back of my mind. Something that security consultants brushed off when I mentioned it. Something I was told could never happen! That something being, using these praised wireless sharing devices as USB attack vectors and as crazy as it sounds, it doesn’t need a genius to make it happen.

If you work at a corporation, you have probably heard it before, beware of unknown USB thumb drives! It has been beaten into employees’ heads ad-nauseum, but incredibly tends to be forgotten in one of the most vulnerable places, the conference room. Often, a USB thumb drive in the parking lot is seen a scary hack tool, while the wireless presentation device the CEO loves is seen as a toy, a novelty, something that would never be turned against them. After all, how could it be?

Advanced Technology, Easy Hacks

The unit itself is a very technical engineering marvel. Using an embedded microprocessor to handle multiple functions which make the unit work as advertised. I wish I had custom firmware and the like for you, but it doesn’t need to be that hard.

There is an unfathomable amount of e-waste being tossed out every day, most of it ending up on eBay. Making it easier than ever to get your hands on one of these devices and tailor it to your needs. In the case of my example for this blog post, I paid a total of $16.99 with free shipping to have it in hand within just a few days.

With only seven security screws to get out of the way before you’re inside, you now have one of the best-looking corporate espionage concealment devices ever created. All you need to do now is cut some wires, solder your malicious device in its place (in our case a USB thumb drive), and put it back together, using the leftover parts as weight to avoid detection. I did mine with some scrap wire, a free USB stick from a trade show, and just a couple minutes of soldering.

Make sure you copy the files off it first and put them back on your USB drive, don’t want to look too unusual. The autorun.inf file will take care of the drive’s icon for us, but we will leave a little extra gift for the recipient.

Deploying

Once you have your payload delivery device setup, get a meeting in your office of choice with a matching system and leave your malicious device on the table. It will get cleaned up, put back on the stack of others, and forgotten. That is, until the day when someone finally plugs it in. For this particular system showcased here, it is often common for USB dongles to lose their pairing with the base station. As such, it would not be too unusual for one not to work, while the others do. If the device gets reported as non-working after being plugged in. It will likely be handled by an A/V technician, who will also try and plug it into their machine.

Fixing The Problem

Fortunately for us, this can mostly be easily fixed with strict USB device group policy on corporate computers and employee training, but for many smaller operations, practices like this are simply not in place in favor of convenience. After all, who wants grief when plugging in a silly little USB device anyway? There are also many competing wireless presentation systems which do not use a USB dongle. Forcing external clients to use the corporate guest network to accomplish the same task could be the better option. Are you checking all of your wireless presentation devices yet? I know I have.

Is your A/V vendor considering every facet of your corporate security when deploying new systems or maintaining old ones? If not, please consider what we have to offer here at Akita A/V.

Andrew Furlani - CEO

andrew@akitaAV.com