1

I read an article on wired about a whole transit system getting hacked. The intruder disabled ticket machines and displayed messages on the station displays.

I was wondering how an attacker finds an entry point if he doesn`t know the IP of the device he is targetting. Did he manipulate the physical devices found in the stations? Did he ever have to enter a station or could he act from the anonymity of his PC?

Tim
  • 41
  • 3
  • 3
    You are making a lot of assumptions about how the hack was done. It is possible that the malware was not physically planted at all. – schroeder Nov 29 '16 at 18:23
  • 2
    Do you have a link to the article, or any other article about it? Please [edit] your question to include them. – Anders Nov 29 '16 at 20:28

2 Answers2

5

According to Krebs, the attacker was scanning the Internet looking for a specific vulnerability. Once found, the attacker infected the network.

No physical access required.

schroeder
  • 129,372
  • 55
  • 299
  • 340
0

There is many ways an attacker could break into a device without know the IP address.

One way is to use the hostname instead of the IP address, but this doesn't really avoid using the IP address and the method is similar.

An attacker could use the HTTP protocol to make requests to get information from the internal network. Again, this uses an IP address.

Two methods I see that could avoid this is having physical access and using something like a Raspberry Pi or USB Rubber Ducky to remotely connect back to the attack. This attack is usually from an inside man.

Another way of doing this is to install malware with the same idea, once inside a machine, the malware remotely connects back to the attacker where he can execute command remotely.

Hope this helps.

Gavin Youker
  • 1,290
  • 2
  • 14
  • 24