70 likes | 76 Vues
Phishing with Consumer Electronics : Malicious Home Routers. Alex Tsow atsow@cs.indiana.edu. Generalized Phishing. Broadcasting + Spoofing Spam + Spoofed webhost Online Marketplace + Spoofed Electronics Communications devices are mutable embedded systems Network routers Cell Phones
E N D
Phishing with Consumer Electronics : Malicious Home Routers Alex Tsow atsow@cs.indiana.edu
Generalized Phishing • Broadcasting + Spoofing • Spam + Spoofed webhost • Online Marketplace + Spoofed Electronics • Communications devices are mutable embedded systems • Network routers • Cell Phones • Computer motherboards
The Online Marketplace • Available to millions without spamming • Confers feeling of control to buyer • Unverified identities and products, caveat emptor • Seller chooses own jurisdiction • Trust cultivated by reputation system • Measures mostly transactional satisfaction
Sustainability: Volume • Expensive startup costs • $45 to $120 per router • 131 of 145 “Linksys 802.11g routers” sold in a week • Estimate selling 15 per week • Estimate 3 victims per router • 45 victims per week is roughly 1% of all victims attributed to phishing in US.
Sustainability: Benefits • $6,383 average identity fraud in 2006 • $2100 misuse of existing account • $10,200 new account & other fraud • 45 x 52 x $6,383 = $14,936,220 • 45 x 52 x $2,100 = $4,914,000 • Total distribution overhead • $34,000 to $81,000
Conclusion • Malicious embedded software is not just a theory • Must be able to trust your hardware vendor • At $5-$20 million a year, someone will do this, or is already doing it