RISK ASSESSMENT RATING: 6.67
How often the rogue device is used in the wild to conduct real-world attacks, with 1 being the rarest, 10 being widely used.
While not yet commonly used (to our knowledge), the VoCore’s Indiegogo funding helped it to become well known in theory, if not yet in practice. With its ease of use, low cost, and low physical profile, it is likely that the VoCore will be seen on a more consistent basis in the near future.
The cost or “DIY burden” of the device, availability (ease of acquisition), and degree of skill necessary to deploy/operate the device, with 1 being expensive/difficult to build, not publicly available, and requiring deep technical expertise to operate, 10 being low-cost, available for purchase online, plug-and-play operation.
The VoCore is extraordinarily easy to acquire and use. While DIY kits are available, for slightly more money a fully-assembled unit can be purchased and deployed with extreme ease.
The potential damage caused by successful execution of the attack, with 1 being exposure of trivial information from the target, 10 being organization-wide superuser-level compromise or equivalent.
The VoCore is the kind of device that can cause substantial damage in the hands of either an experienced or inexperienced user – with some knowledge of how to properly take advantage of its full capabilities, the VoCore can be used to compromise an entire network. Even an inexperienced user, however, could leave a sizeable security hole in a network’s defenses by simply plugging the device into an Ethernet jack.
The VoCore is the perfect example of a low-cost micro-computer (coin size) that acts as an easy to use transparent wireless bridge. Simply plug this tiny device into your wired network and by default it will immediately start broadcasting an open wireless network. Once a wireless client connects to the VoCore wireless access point, the wireless client will obtain an IP address directly from the wired network the VoCore is plugged into. What’s even scarier about this device is because it acts as a “transparent bridge” it is virtually undetectable on the wired side of the network. It doesn’t get an IP address on the wired or wireless side, making it invisible and not accessible to detect or configure once plugged into the wire. In addition, the wireless chipset on this device supports packet injection and can easily be modified to attack wireless networks or clients and run EvilAP attacks.
- CPU: RT5350(360MHz MIPS)
- RAM: 32 MB
- OS: OpenWRT
- I/O: USB, 10/100M Ethernet, UART, SPI, I2C, I2S
- Radios: Ralink RT5350
- Storage: 8MB SPI Flash
The VoCore is best known for its diminutive size – at merely 25 x 25 mm, it can be placed (and used) almost anywhere. The VoCore is an Indiegogo funded project and can today be easily acquired online, assembled or as a DIY kit, and has been suggested as a low cost WiFi module for inexpensive, home-built connected devices.
Devices like the VoCore are why it’s so important to maintain an awareness of wireless security, especially if your organization doesn’t use wireless networking. Many times organizations that don’t use wireless have limited awareness or visibility of wireless security threats as they pop up and emerge in their environment, mainly due to the thought that “we don’t use wireless so it’s not something we have to worry about”. With inexpensive and available wireless bridges and regular APs, it is only a matter of time before someone brings in some type of wireless AP for convenience and opens a major hole into your network. Laptops and mobile devices can also pose wireless security threats in the same manner if not properly locked.