Laptop Docks Vulnerable to Physical Hacks
CREDIT: Ioannis Ioannou/Shutterstock.com
Laptop docking stations are useful for increasing a computer's functionality — but they can also be used to launch a computer attack.
As an interface with access to the network and all ports on a laptop, a docking station isn't just a "dumb" device.
Hackers can exploit one by connecting it to a stealthy piece of hardware that can be controlled remotely.
"If you have access to a dock, you have information on all the other ports, such as softphones or videoconference traffic," NCC security researcher Andy Davis told the Dark Reading security blog. "It [the dock] can capture traffic before it's encrypted and after it's decrypted."
A softphone is any kind of software product used to make telephone calls over the Internet, such as Skype.
Davis will demonstrate how such an attack is possible at the Black Hat Europe security conference in Amsterdam next month.
Although the majority of computer attacks are perpetrated by criminals in remote locations, who never have physical access to a victim's hardware, it's important not to overlook the vulnerabilities we have sitting on our desks.
Even a low-level custodial employee with office access could quickly and covertly place such a device inside a docking station.
"It's a potential piece of interception equipment, and it blends in with the office environment," Davis added.
Davis said a thermal-imaging camera could be used to detect infected devices. He added that a low-tech method, such measuring the device's weight, could also be used to combat tampering.