Security: New Metasploit Extension
Enterprise security teams and penetration testers now have a new tool for evaluating the risks posed to their networks from Internet of Things (IoT) devices that are operating on radio frequencies outside the standard 802.11 specification. Explore this article and know more about Metasploit extension for testing IoT device security.
Rapid7, the owner of the Metasplot Project, has released an extension to its recently introduced Hardware Bridge API for conducting pen tests on network-connected hardware.
The new RFTransceiver extension for the Metasploit Hardware Bridge is designed to let the companies detect and evaluate the security state of multi-frequency wireless devices operating on their networks more effectively than current tools permit.
The RFTransceiver gives security and pros the ability to craft and monitor different RF packets for identifying and accessing the organizations wireless systems beyond Ethernet-accessible technologies. It also allows the pen testers to create and direct “short bursts of interference” to some devices to see how they respond from a security standpoint.
Many organizations already have devices and systems operating on radio frequencies outside 802.11 on their networks, examples include RFID readers, smart lighting systems using the Zigbee communication protocol and network-enabled alarms, surveillance, and door control systems.
The RFTransceiver extension is designed to help the organizations with such devices answer to vital questions, such as the operating range of the devices, whether they are encrypted or not, how they respond to outside interference, and how they fail.
Many RF-enabled devices fail to serialize, this makes them vulnerable to issues such as replay attacks where an attacker records a command sent out over RF and then plays it back. With organizations expected to connect a constantly growing range of wireless IoT devices to the network over the next few years, RF testing capabilities have become vital.
HOW TO USE RFTRANSCEIVER
Using the new RFTransceiver extension requires the purchase of an RfCat-compatible device such as Yard Stick One. Download the latest RfCat drivers, included with those drivers you can find rfcat_msfrelay. This is the Metasploit Framework relay server for RfCat. Run this on the system with the RfCat compatible device attached.
Then you can connect with the hardware bridge:
RFTranceiver Usage
$ ./msfconsole -q
msf > use auxiliary/client/hwbridge/connect
msf auxiliary(connect) > run
[*] Attempting to connect to 127.0.0.1…
[*] Hardware bridge interface session 1 opened (127.0.0.1 -> 127.0.0.1) at 2017-02-16 20:04:57 -0600
[+] HWBridge session established
[*] HW Specialty: {“rftransceiver”=>true} Capabilities: {“cc11xx”=>true}
[!] NOTICE: You are about to leave the matrix. All actions performed on this hardware bridge
[!] could have real world consequences. Use this module in a controlled testing
[!] environment and with equipment you are authorized to perform testing on.
[*] Auxiliary module execution completed
msf auxiliary(connect) > sessions
Active sessions
Id Type Information Connection
— —- ———– ———-
1 hwbridge cmd/hardware rftransceiver 127.0.0.1 -> 127.0.0.1 (127.0.0.1)
msf auxiliary(connect) > sessions -i 1
[*] Starting interaction with 1…
hwbridge > status
[*] Operational: Yes
[*] Device: YARDSTICKONE
[*] FW Version: 450
[*] HW Version: 0348