The RF PenTester Story
There is a well-known market for testing cyber security on various computer hardware systems. Penetration systems that enable such testing are not new, however, a wireless system with a discrete packaging gives us a unique competitive advantage over other systems that have nothing more than a USB interface or a high-latency short-range Bluetooth interface. We present a new way in which to communicate real-time data using a wireless transmission in order to download penetration scripts and give people the ability to sit well back from their target systems, affording a more comfortable experience for the penetration tester.
Inspiration
Security on PCs and desktops is of rising concern as the world of software quickly eclipses the at-home defenses of an average individual. The ability to PenTest computers using wireless interfaces is a critical need in cybersecurity. This need is unmet in the world of penetration testing. Ours will be the only device on the market specifically meant for low-latency, long range penetration testing. Computers trust keyboards, and our pentester looks just like a flash drive and is small enough to go un-noticed. Moreover, as portable device, casual testing can occur without detection, for long periods of time (esp. when conducted off-hours). At present this type of pentesting is performed by MalDuino [MalDuino] but they have no wireless option available.
What it does
Our device is like a superfast automatic keyboard that can be programmed and trigged from 1 km away. You tell the device what to type and when and it will type it out at lightning speed. The system consists of a usb key sized package that enables it to receive and transmit commands from up to a kilometer away. Our device enables a wireless interface to a USB port and is trusted by the target host computer. This is a novel microelectronic packaging for a wireless system that allows the user to test common hacking methods and find security holes from a remote position after it has been planted to the host. The remote keyboard user can control the host computer via the terminal, allowing them access to administrator information, or just about anything else. In addition, the remote RF HID link allows the RF PenTester to act as a receiver for a wireless joystick, mouse or other controller.
How we built it
This hardware was developed previously to this project, but we had not yet explored most it's important capabilities through software. Having been focused on testing the hardware we decided to use this hackathon as an opportunity to script some new code that shows off the easy use of our device.
Challenges we ran into
In this sprint to make some new prototype code, we ran into some issues with our deve;opment and had to fix some C++ pointers that ended up taking quite a long time. We also had never tested this hardware against a second host computer, and doing that proved to take more time but had some very cool results.
Accomplishments that we're proud of
Able to achieve full HID keyboard control using the RF PenTester in a newly created test script during this hackathon to prove easy usability and use of this new usb interface. Able to create a radio frequency link to send messages between computers - while this seems simple, it proves that the device is perfect for a number of applications!
Market and impact
The total addressable market (TAM) for cybersecurity in 2020-2021 is $1 trillion. [https://cybersecurityventures.com/cybersecurity-market-report/]. The framework for wireless low-latency interface electronics can be extended, in the future, to other devices and other applications. The question of where we will take our system next remains open.
What we learned
On a higher level, this really highlighted for us how useful this piece of hardware could be in enabling remote testing of personal and remote security systems.
What's next for RF PenTester
We are really hoping to jump start a few hundred boards and get these devices on the market! We really feel that the capabilities it offers creates a simple new way for makers and IT professionals to test and investigate security concerns and remote malfeasance. \
Log in or sign up for Devpost to join the conversation.