Exploitation is an area of great agility and opportunity in the penetration test. The cyber/kinetic nature of AR devices allow for a great deal of potential for using the devices in novel ways to circumvent and defeat protection mechanisms. In addition, this area provides the greatest degree of potential complexity in a penetration test. Due to the kinetic impact factors (the device exists in a defined enterprise state and captures data, actively and passively about the environment in which it exists) full scope testing requires that the device be engaged in its typical operational environment. Testing in the operational environment(s) provides a much greater degree of fidelity in determining potential attack opportunities, vector transition options and impact effects.
Although it typically lies in the domain of the penetration tester to determine exploit methods within the attack chain, a developer or owner/operator of AR devices should be aware of the novel exploit potential that exist with AR devices. Using this AR Security Framework allows stakeholders to provide more specific direction to penetration test teams to focus and address the risk factors of these methods:
# | AR Threat Type | Target | Threat Objective |
1 | Data Extraction | Sensors | Obtain compromising information about air-gapped systems. |
2 | Environment Manipulation | Device | Inject false data into the environment to affect the user. |
3 | Object Manipulation | UI | Modify data elements in order to adversely affect real world objects. |
4 | Data Extraction | Spatial Mapping | Obtain compromising information about physical security mechanisms. |
5 | Trust Exploitation | External Services | Abuse trust relationship to host in order to attack connected networks. |
6 | Visual Manipulation | User | Inject visual/auditory data elements in order to confuse, injure or manipulate the user. |