Security measures that are tangible and visible in order to protect physical assets and prevent unauthorized access

SANS Data Center Physical Security Checklist

This document outlines potential physical security threats to data centers and provides examples of real-world attacks and defensive strategies.

Understanding the Threats

Smart Factory Vulnerabilities

The convergence of Information Technology (IT) and Operational Technology (OT) in settings like smart factories presents various security risks. These vulnerabilities can be exploited to disrupt operations and steal data.

[Image illustrating security threats to a smart factory with IT and OT convergence]

(Source: Trend Micro)

Industrial Control Systems at Risk

Industrial control systems are often susceptible to cyberattacks due to their critical role and interconnected nature. Exploiting these vulnerabilities can lead to significant disruption and damage.

[Image depicting typical vulnerabilities in industrial control systems]

(Source: Chatham House)

Assessing Physical Security

Penetration Testing

Red Team Security Consulting: Offers physical penetration testing to identify and exploit physical vulnerabilities in a controlled environment.

[Image showcasing Red Team Secure’s physical penetration testing services]

Snowfensive: Provides covert entry assessments to evaluate the effectiveness of existing physical security measures.

[Image illustrating Snowfensive’s Physical Security Review]

Real-World Attack Examples

Live Demonstrations of Physical Security Breaches:

  • February 12, 2019: Xiaomi Scooter Hack demonstrated remote access and control of the scooter. ([Link to Github repository])
  • January 15, 2019: A study analyzed the security of radio remote controllers used in industrial applications, exposing vulnerabilities. ([Link to Trend Micro article])
  • May 11, 2016: Hackers demonstrated the ability to infiltrate the US power grid through physical access.

USB-Based Attacks:

[Image highlighting the risks of USB attacks]

  • There are 29 documented types of USB attacks, emphasizing the importance of USB security. ([Link to article listing USB attack types])
  • USB Human Interface Device (HID) attacks, also known as USB Drive-by attacks, exploit the trust placed in seemingly harmless USB devices.

Examples of USB HID attacks:

  • February 9, 2019: O•MG cable, a tool disguised as a charging cable, enables covert data theft and system compromise. ([Link to Twitter post with image])
  • August 16, 2018: USBNinja, a stealthy attack tool, can compromise air-gapped systems through malicious USB devices.
  • February 7, 2018: Researchers demonstrated the possibility of hijacking drones through vulnerable USB connections.
  • August 18, 2016: USB Kill, a device disguised as a USB drive, can deliver a high-voltage charge to destroy connected devices.
  • May 10, 2016: USB Rubber Ducky, a keystroke injection tool, mimics a keyboard and can execute malicious commands on a targeted system.

Exploiting RFID Technology:

  • March 15, 2019: A proof-of-concept exploit demonstrated keystroke injection attacks against the Fujitsu LX901 laptop through its RFID reader.
  • 2019: Researchers showed how radio sniffing and replay attacks could disable alarm systems by intercepting and manipulating RFID signals. ([Link to LinkedIn post])
  • May 23, 2016: Demonstrations showcased how easily RFID badges could be cloned, granting unauthorized access to restricted areas.

Bypassing Physical Security:

  • “Shove it” Lock Bypass: This technique exploits vulnerabilities in door frame construction to gain unauthorized entry.

Biometric Authentication Vulnerabilities:

  • Vein Authentication: Hackers created a fake hand to successfully bypass vein authentication systems. ([Link to Motherboard article])
  • Fingerprint Authentication: Methods for cloning fingerprints highlight the potential for unauthorized access using compromised biometric data. ([Link to Medium article])

Cryptocurrency Hardware Wallet Attacks:

  • December 27, 2018: Research revealed vulnerabilities in popular cryptocurrency hardware wallets, showing how attackers could potentially gain access to stored assets. ([Link to Security Affairs article])

Implementing Defensive Measures

Software-Based Defenses:

  • Windows Operating System:

    • Restricting access to removable storage devices:

      [Image showing configuration settings for restricting removable storage access in Windows]

    • Disabling AutoPlay functionality:

    [Image illustrating how to deactivate the AutoPlay function in Windows]

Hardware-Based Solutions:

  • Implementing physical security measures such as robust locks, surveillance systems, and access control systems can deter and detect unauthorized entry.
  • Using tamper-evident seals on critical equipment and access points can help identify if physical intrusion attempts have occurred.
  • Employ Faraday cages or shielding to block electromagnetic signals, preventing data exfiltration via radio waves.
  • Regularly auditing and updating physical security measures is crucial to stay ahead of emerging threats and vulnerabilities.
Licensed under CC BY-NC-SA 4.0
Last updated on Nov 29, 2023 21:18 +0100