2.4.2 Physical Attacks
Brute force, RFID cloning, environmental.
Physical attacks target hardware, proximity-based credentials, and the environmental controls that maintain system availability.
Cryptographic Physical Attacks While often digital, physical access allows for high-speed offline attacks against encrypted data and passwords. - Brute force: Attempting every possible combination of a key or password until the correct one is found. It is computationally expensive but guaranteed to succeed if given enough time and resources. - Offline Cracking: An attacker steals a password hash or an encrypted WPA handshake and uses a physical high-performance rig to run iterations without being blocked by network lockouts. - Keyloggers: Physical hardware dongles placed between a keyboard and a computer to capture every keystroke, including local passwords and encryption keys.
Proximity and RFID Attacks Attacks against physical access control systems often involve exploiting wireless communication between a credential and a reader. - RFID Cloning: Using a physical device to capture the signal from a legitimate Radio Frequency Identification (RFID) badge. The attacker then copies this data onto a blank card to gain unauthorized entry. - Skimming: Placing a physical device over a legitimate card reader (like an ATM or a door lock) to capture card data or PINs. - Flash Drives (USB Drops): Leaving malicious physical media in public areas (parking lots, lobbies) to entice users into plugging them into the internal network, often installing a RAT (Remote Access Trojan).
Environmental and Hardware Security Physical security includes protecting the infrastructure that keeps hardware running. - Environmental Monitoring: Failure to monitor temperature and humidity can result in hardware failure or fires. High humidity causes condensation, while low humidity increases static electricity. - Hot and Cold Aisles: A physical layout strategy in data centers to manage airflow effectively. Disrupting this airflow is a form of physical denial-of-service. - Boot Integrity: Ensuring the physical machine has not been tampered with. Attackers with physical access may attempt to bypass security by booting from a USB or infecting the BIOS/UEFI.
Quick recall - Brute force = Trying every possible key/hash combination. - RFID Cloning = Copying badge data for unauthorized physical access. - Environmental controls = Managing temperature, humidity, and airflow (Hot/Cold aisles). - USB Drop = A physical social engineering attack using malicious media. - Air Gap = A physical security measure where a system is not connected to any network; requires physical access to compromise.