Hacking Via Dance

The Absolutely Craziest Proof Of Concept Attack I have ever taught up


While I was in a voice call, one of the other member's of the call that goes by Chrissy Morgan was talking about a talk they submitted to Steel Con in the UK called "Hacking via Interpretive Dance", of course everyone started laughing out loud thinking what a crazy idea, even funnier in the fact that it had been accepted, as it was submitted as a joke. Morgan's idea was to have a large group of us get up on the stage and have a mini rave, last talk of the day before everyone goes out to party. It would be good fun and probably look something like this...
While everyone was laughing and joking about the idea, the hilarious idea the CFP panel must have gotten into their head when reading the brief that was submitted as a joke. but while everyone was laughing I had the realisation which had me just shout out "WAIT, HOLY SHIT, THIS IS POSSIBLE", which made everyone else laugh even more cause they all realised that my offensive security mind was developing an insane plan.

So the first thing that popped into my head was, converting the movements into inputs, and how could this be done, after a few moments of taught I remember a project using a Xbox Kinect controller, where a project took the input from the IR camera and convert that data into an input for the system in this case a tv so that a user could change channels with a hand swipe, using a package called OpenKinect an open source library for working with the Xbox Kinect camera, this library can be found here.

https://github.com/OpenKinect/libfreenect
With a few modification you could develop that into a tool that looks similar to this when worked with the Xbox Kinect
Ok this would work, it would require certain movements to either have pre set keys or a macro to command outputs, for this work. So I now have a way to interpret the movement now we have to decide on the movements to use and the type of attack. To keep it simple for demonstration purposes I will use a simple attack, a SQLI, a simple injection 1"="1"OR"1 so to do this we no need the movements, for this I will also choose simple movements .
Translating and saving the dance moves within the script recognising the movies as characters would like the below, each motion would equal to a key press or a macro making it so each movement has a control
the input would look something similar to the following movements and inputs


And now with the above dance combination you will now have 1"="1"OR"1 ENTER which can be used as a SQLI mixing that with the Xbox Kinect script and setup you no have a full working SQL injection that can be used as an attack and without a keyboard all that is needed is the dance moves, the script and the camera.
The most important part of the this is to exploit it would require a location with an IR camera with scripting capabilities to be exploited, modification of the working recognition script.

the scary part is both these scripts and IR cameras are extemly common, being that the IR is used for night vision, which is pretty common these days with the market of IOT devices, with remote exploitation of the camera it can be used as a staging post, for further exploitation. an advanced example of this would be

Exploiting the remote camera, and inserting the modified shell code containing a motion configuration such as a certain type of wave or even characteristics of a CEO walking steps trough gait analysis.

when the script on the camera recognizes the pre-configured motion or movement, it would execute a further script such either a further exploit to attack that specific person when on site or more malicious activity such as ransomware.

FOLLOW CYBER