Dell E-Port Plus User Manual

© Copyright 2013 NCC Group An NCC Group Publication To dock or not to dock, that is the question: Using laptop docking stations as hardware-based

NCC Group | Page 10 © Copyright 2013 NCC Group The primary integrated circuits are highlighted in the picture above; they are:  Red - SMSC LPC47

NCC Group | Page 11 © Copyright 2013 NCC Group 5 What would a hardware implant do? There are a number of attacks that could be performed

NCC Group | Page 12 © Copyright 2013 NCC Group One problem with tapping Ethernet is how to handle 1000BASE-T[15] (Gigabit Ethernet). Be

NCC Group | Page 13 © Copyright 2013 NCC Group Figure 15: Ethernet pin locations Figure 16: Module pin-outs The connected Ethernet t

NCC Group | Page 14 © Copyright 2013 NCC Group From an implant perspective, the hardware modification required would be more complex, as a hub wou

NCC Group | Page 15 © Copyright 2013 NCC Group Figure 20: VGA connector pins Figure 21: VGA connector hidden behind a cage of pins 5

NCC Group | Page 16 © Copyright 2013 NCC Group 5.6 Audio monitoring If the target user has a headset with an attached boom microphone (which uses

NCC Group | Page 17 © Copyright 2013 NCC Group Figure 26: Hub controller chip upstream hub connections Figure 27: Hub controller chip pi

NCC Group | Page 18 © Copyright 2013 NCC Group 6 Control Platform At the heart of the implant there needs to be some kind of control system that

NCC Group | Page 19 © Copyright 2013 NCC Group The device measures 86mm x 56mm x 21mm and weighs only 45g. It is based on an ARM

NCC Group | Page 2 © Copyright 2013 NCC Group Contents 1 List of Figures and Tables ...

NCC Group | Page 20 © Copyright 2013 NCC Group 6.2.2 Remotely initiated full control Purely from a control perspective this is the most preferabl

NCC Group | Page 21 © Copyright 2013 NCC Group A simple voltage divider circuit (Figure 36) is required to reduce the voltage from +19.5V to +5V

NCC Group | Page 22 © Copyright 2013 NCC Group 10 Detecting docking station-based hardware implants Just as important as understanding how a hardw

NCC Group | Page 23 © Copyright 2013 NCC Group 10.6 Other techniques There are some other more general techniques that could be used to identify

NCC Group | Page 24 © Copyright 2013 NCC Group Figure 41: Thermal image of dock + laptop (no implant) Figure 42: Thermal image of dock

NCC Group | Page 25 © Copyright 2013 NCC Group 11 Attack mitigation Another defensive layer is mitigation techniques to prevent implants either be

NCC Group | Page 26 © Copyright 2013 NCC Group 12 Conclusion Laptop docking stations are widely used and trusted devices, which provide

NCC Group | Page 27 © Copyright 2013 NCC Group 13 References & further reading 1. http://en.wikipedia.org/wiki/Kensington_Security_Slot 2. ht

NCC Group | Page 3 © Copyright 2013 NCC Group 10.6.1 Weight ...

NCC Group | Page 4 © Copyright 2013 NCC Group 1 List of Figures and Tables Figure 1: Dell PR02X dock ………………………………………………………………………………. 5 Figure 2: D

NCC Group | Page 5 © Copyright 2013 NCC Group 2 Introduction Laptop docking stations are widely used in organisations, often in hot-desking envir

NCC Group | Page 6 © Copyright 2013 NCC Group 3 How does a docking station work? Essentially, the main function of a docking station is to extend

NCC Group | Page 7 © Copyright 2013 NCC Group Figure 3: Dell PR02X dock front - Dell™ E-Port Plus User’s Guide ©Dell 2008 There are two propriet

NCC Group | Page 8 © Copyright 2013 NCC Group Figure 4: Dock teardown #1 Figure 5: Dock teardown #2 Figure 6: Dock teardown #3

NCC Group | Page 9 © Copyright 2013 NCC Group Dock Teardown: 1. Front of the device 2. Back of the device 3. Remove all visible cross-head scr