Hacking and Penetration Testing with Low Power Devices

Author: Philip Polstra
Pages: 260
Publisher: Syngress
ISBN: 0128007516

Introduction

This book is primarily intended for penetration testers who want to widen their skill set to include the knowledge of how to perform testing with small, low-powered devices that can be easily hidden in offices and boardrooms.

About the author

Dr. Philip Polstra is a hardware hacker and expert on USB forensics. His work has been presented at numerous conferences around the globe. He currently teaches computer science and digital forensics at Bloomsburg University of Pennsylvania. In addition to teaching, he provides training and performs penetration tests on a consulting basis.

Inside the book

The author starts by introducing The Deck, a Linux distro that has been created specifically and optimized to run on computer boards. It can also be installed on a traditional desktop, or on a drone (airborne or not) – and be controlled from a distance. Each of these modes of operation are detailed, giving you a clear picture of the possibilities available.

The Deck comes equipped with pentesting and forensic tools (over 1600 different packages), and some of the most often used are introduced in this chapter. Unfortunately, the quality of the screenshots leaves a lot to be desired (here and in other chapters), but that’s not that big of a problem.

Then the author proceeds to introduce the BeagleBoard and BeagleBone family or ARM-based computer boards, which fall into the category of open hardware: all components and schematics are freely available to the public, and the designs can be freely modified or cloned.

The BeagleBoard family of devices can also be equipped with a myriad of operating systems, and the author will tell you your options (Linux and non-Linux) and how to load any of them on a micro SD card to use on a BB. Also, how to choose the right OS for you, and how to “fill the toolbox” (adding a graphical environment, packages from repositories, etc.). The author doesn’t cut corners here – he provides an extensive step-by-step guide for everything you might need.

With this book you will learn the different ways of powering the board, the advantages and disadvantages of each choice. The author included a helpful pentest scenario involving a single Beagle running The Deck. Later in the book he goes once again through the same pentest but performed instead with a remote hacking drone – and then with many networked drones.

You will learn about the various input and output devices that can be attached to the boards; how to used different types of gateways and routers to extend the scope of your testing; how to disguise your devices, plant and remove them once you’re done with the testing (there’s plenty of really good ideas, and some good social engineering tips); how to deploy an airborne hacking drone (and which aircraft to use); and, ultimately, the expected future evolution of The Deck and the Beagle devices.

Throughout the tome, the author offers bite-sized stories of his own experiences and that of his students while using the tools he presents in the book, which will likely help you remember important things for much longer that simple theory.

Final thoughts

This has been an engaging read for me, even though I have no particular interest in creating these devices. I can only imagine that people who enjoy tinkering with hardware will find it stimulating. If they do penetration testing for a living, this book is practically a must.

Also, you don’t need to be a hardware hacker to enjoy it. The book holds information for those who want to make their own circuit boards, but if you’re not into that, you can always buy pre-made boards and expansion “capes.”