Shredders, the object of last resort for handling confidential information. Most education and awareness programs tell their users to always use a shredder to dispose of documents so office users ( and many home users) are very used to dropping anything sensitive into the shredder BUT none of them ( not even security professionals) ever check that the document was actually shredded.
I was having a series of evil thoughts the other day and I was thinking about how one could subvert a shredder. Remember that if a bad guy was attacking, he would want to get confidential documents, and where do lots of confidential documents get put ? yes into the shredder. So how do we subvert a shredder, well surprisingly easily. The issue is that most users never check that the shredder contains shredded paper and / or have no way of verifying that the document was actually shredded. This is our attack vector.
A shredder works by having 2 rotating wheels with interlocking knives that shred any paper that passes between them, for most office purposes they come in 2 varieties ; cross cut and strip cut with cross cut being the best for security purposes as it will make it harder ( though ) not impossible to re assemble the document.
OK enough about shredders, if you were to take a shredder apart and take out the cutting wheels and replace them with tight fitting rubber wheels ( think printer feed wheels) you would have essentially created a device that seems to shred paper ie the user places paper in the slot, the machine makes a noise, the paper disappears. However in the paper output bin would be the complete document in an intact format. Voila, you have now created what I call “the EVIL shredder” you can also put up an awareness poster about “always shredding documents” right next to it and assuming you can smuggle it into your target unnoticed you will be successful in gathering information.
So with that basic idea how can you improve it ?
- Adding the noise of a shredder in operation, in essence a small set of speakers should do this
- Making the whole unit into a device that fits on top of an existing shredder a la credit card skimmers ( and feeds to a separate paper hopper the back of the unit)
- If you can make the target company believe in single sheet feeder shredders, you could also add to the credit card skimmer idea and add a small scanner so that the document is scanned before it goes into the shredder underneath.
There are loads of options, how do we defend against this ? well in high security areas make sure that the shredders are checked by the on site security at least once per day and make sure that the shredder is in plain sight ( and covered by a security camera) to prevent tampering. Whilst I have never heard of this attack before ( this is just idle musing) it is very possible and it would be possible to mock up an Evil Shredder in little more than a weekend given the right parts ( the version with a scanner might take longer)
And for those of you sitting in the warm glow believing you are more secure as you have “shredding bins” ie the documents are dropped into a “secure” bin and then shredded centrally, well there is an even easier attack that requires virtually no expertise at all. All you do is take a bin bag ( or other plastic bag) tape one end to the inside lip of the disposal bin, feed the bin bag in, and then tape the other side of the bag to the top flap ( inside). When you want to remove the sensitive docs, reach in, remove the tape and pull your bag out.
Isn’t physical security fun ? Of course this class of “attack” is very similar to the one explained by Neil Gaiman in American Gods and is also detailed at the excellent Snopes website.
Do you have real world experience of these kinds of issues ? Have you thought of a better idea ? Do you want to collaborate on a proof of concept ? why not post your comments below I am eager to hear from you.
1 comment
Raza says:
February 22, 2011 at 4:26 pm (UTC 0)
The Iranians managed to piece together documents shredded by US Embassy staff in Tehran when they evacuated.