How to Design Your Own Electronic Attack Device

Date

August 24, 2023

Time

11:30

Track

Track 2

Many security attacks and tests are hardware-related. For example, using a portable small computer for network attacks, using a Wi-Fi card with monitor mode for Wi-Fi cracking, using a BadUSB device to gain target privileges, or using a phishing Wi-Fi to steal passwords.

These attack methods are usually effective, but there are two problems: they are always bulky, often requiring several devices to work together. For example, if we want to carry out a Wi-Fi-based attack, we need to carry a Raspberry Pi, a wireless card, a power bank, and a bunch of cables.

Another problem is that these devices are usually expensive commercial products, but they cannot meet our personalized needs. For example, we need a small computer with lower power consumption and a built-in battery but fewer interfaces. Or we want to use a more powerful sniffing network card with the WiFi Pineapple device, or we want the attack device to have a 4G remote control module.

In short, many devices are not specifically designed for security workers, but these security workers often have many interesting ideas. Real hackers should not just buy assembled products or only know how to solder a badge that lights up.

The future trend may be software-defined everything. Software-defined radio, software-defined network, and in the future, there should be software-defined hacker equipment. Hackers only need to connect and combine processors, storage, and various sensors in software based on their needs, similar to building blocks, to create futuristic hacker attack devices like the ones used by James Bond in the 007 movies.

In this session, I will show you:

  • How to design and make your own attack device circuit board through circuit design, including how to design a Raspberry Pi carrier board with USB port and charging module
  • How to design a Wi-Fi attack device with an ESP32 module
  • How to design a USB protocol sniffing and analysis device through proprietary chips
  • How to design a complete Linux system circuit board, and how to create your ultimate attack device on this circuit board.

 

The above might sound daunting and difficult to pull off, but trust me, after this talk, you’ll be able to create your own novel and interesting attack device!

 

IoT Expert

Baidu Security Lab

Shupeng Gao is a member of the Baidu Security Lab. He is an expert on IoT security, mobile malware analysis, penetration testing, etc. He has been invited to talk at multiple security conferences, such as Black Hat USA/Asia/Europe, DEF CON USA/Asia, BlueHat, GeekPwn, etc.