Some attacks take advantage of vulnerabilities in our physical world. In this video, you’ll learn about brute force attacks, RFID cloning, and environmental attacks.
In this course, we’ve talked a lot about technology and how attackers can circumvent different aspects of our operating systems and digital technologies. But of course, there is a type of security concern that has nothing to do with the technology that we use. And that would be a physical attack. With a physical attack, we’re not interested in the version of operating system that we’re running or concerned about a particular type of vulnerability. Instead, we’re going to attack this problem at the physical level.
Just as there are many ways to attack the digital security of a system, there are also many ways to attack the physical security of those same systems. Whenever we think about ways to protect a system, we always need to consider the physical aspect. This is because someone with physical access to a computer can also get full control to that system. If someone can physically touch that computer, then they can also circumvent the operating system that’s running on that computer.
It’s often said that door locks only keep out the honest people. So we may have to include additional tools to be able to maintain the physical security of our devices. Brute force is a term that we often associate with password discovery. But brute force can also be a very useful physical attack. If there’s a locked door or a locked window, we can use brute force to be able to force that door open or force access into that window.
You might want to try evaluating this with your data center. How difficult would it be to use brute force to gain access through doors or windows that would ultimately provide an attacker with access to your entire infrastructure? Attackers will try anything to gain access to your data. And it wouldn’t be unusual for an attacker to try to find a way through a locked door or locked window to gain access to those important resources.
Another useful physical attack is RFID cloning. We use RFID very often for access through doors. So access badges and key fobs commonly have RFID as the underlying technology. If we were able to clone or duplicate someone’s existing access badge, we would effectively have full control over exactly the same areas that they do. This is a lot easier than you might think. You can look on Amazon for RFID cloners. And the duplicators available can be purchased for less than $50 US.
This is also a duplication process that happens very quickly. You can simply read one card and immediately copy it to another card in just a matter of seconds. And there have been documented cases where someone was able to use an RFID reader on something like a train on the way to work, brush up against someone with an access key, and you’ve now got a duplicate of their access card.
This is another reason why multi-factor authentication is so useful. Even if someone has duplicated the card, they don’t know your personal identification number. They don’t have access to your biometrics, and therefore they would not gain access to those resources. If you can’t attack the systems directly, perhaps you can attack the environment around the systems. And there are many ways to go about performing an environmental attack.
One very common environmental attack is to simply turn off all of the power in a data center. An attacker may be able to do this from outside the building, which means they would not need any special access inside of the doors. Instead, they can take care of this particular attack from outside. We’ve also seen that HVAC systems tend to have a lower priority for security than other parts of your infrastructure.
So if an attacker does gain access to an HVAC control system, they might decide to turn off the cooling, have all of the systems heat up, and then they would automatically shut down once they reached a certain temperature. And in some data centers, the fire suppression system sets off another series of events. And someone who gains access to the fire suppression system may also be able to cause a denial of service.