TO DOCK OR NOT TO DOCK, THAT IS THE QUESTION: USING LAPTOP DOCKING STATIONS AS HARDWARE-BASED ATTACK PLATFORMS presented at BlackHat EU 2013

by Andy Davis,

Tags: Security

Summary : N/A
Laptop docking stations are widely used in the corporate world, often in hot-desking environments. They provide a neat connectivity solution for workers who are semi-mobile and therefore use laptops rather than desktop PCs. However, laptop docks are an attractive target for an attacker. They have access to the network, to all the ports on a laptop (and often some that aren\'t) and they are permanently connected to a power supply. But most importantly, they are considered to be trusted, "dumb" devices - they just connect all the ports on your laptop to the ports in the dock right? The IT department is more concerned about someone stealing your laptop, so they\'ll ask you to secure your laptop with a Kensington lock (but not necessarily to secure the dock). This talk is about how attackers can exploit the privileged position that laptop docking stations have within the corporate environment. It will also describe the construction (and show a demo) of a remotely controllable, covert hardware implant within a commonly used laptop docking station, but most importantly it will discuss some of the techniques that can be employed to detect such devices and mitigate the risks that they pose.