Start Date
30-10-2021 2:00 PM
End Date
30-10-2021 2:30 PM
Location
Online Zoom Session
Abstract
Everyone knows what package shipping is, but not everyone knows what warshipping is. Corporate mailrooms are rarely considered as part of the cybersecurity attack surface of most organizations, but they offer physical access to millions of uninspected packages daily. UPS shipped 5.5 billion items last year, with their daily average being 21.9 million items and operating through 1,800 locations in 2020. FedEx shipped 6.5 million packages daily and operates 2,150 locations. The United States Postal Service delivered 143 billion pieces of mail in 2019. Increasingly the world’s consumers are relying on e-commerce, and during the recent COVID-19 pandemic, package deliveries reached record levels according to the US Government Accountability Office. E-commerce sales represented 14.5% of all retail sales in the United States with deliveries made via major carriers such as USPS, UPS, and FedEx, making the corporate mailroom an increasingly attractive and vulnerable surface of attack. The goal of this research is to demonstrate how warshipping attacks work by creating a low-cost physical device using readily available commodity parts, provide some background on warshipping, and provide guidance to organizations and individuals on how to defend against this type of cyber-physical attack.
Included in
Hardware Systems Commons, Information Security Commons, Management Information Systems Commons, Technology and Innovation Commons
Warshipping: Hacking the Mailroom
Online Zoom Session
Everyone knows what package shipping is, but not everyone knows what warshipping is. Corporate mailrooms are rarely considered as part of the cybersecurity attack surface of most organizations, but they offer physical access to millions of uninspected packages daily. UPS shipped 5.5 billion items last year, with their daily average being 21.9 million items and operating through 1,800 locations in 2020. FedEx shipped 6.5 million packages daily and operates 2,150 locations. The United States Postal Service delivered 143 billion pieces of mail in 2019. Increasingly the world’s consumers are relying on e-commerce, and during the recent COVID-19 pandemic, package deliveries reached record levels according to the US Government Accountability Office. E-commerce sales represented 14.5% of all retail sales in the United States with deliveries made via major carriers such as USPS, UPS, and FedEx, making the corporate mailroom an increasingly attractive and vulnerable surface of attack. The goal of this research is to demonstrate how warshipping attacks work by creating a low-cost physical device using readily available commodity parts, provide some background on warshipping, and provide guidance to organizations and individuals on how to defend against this type of cyber-physical attack.
Comments
Addressed reviewer's recommendations by adding two sections, one on Motivation to discuss how warshipping devices can obtain sensitive information and why cyber and physical security teams would benefit from considering warshipping and similar cyber-physical threats in their approach to their organization's security architecture. Also included competing technologies like drone surveillance/intrusions, and refined the implications and limitations of this research as recommended by the review team.