back to article High-heeled hacker builds pen-test kit into her skyscraper shoes

A Chinese hardware hacker has hidden a penetration-testing toolkit into her high-heeled shoes. The Wi-Fi-popping platforms were forged in a 3D printer, and contain compartments to smuggle hacking hardware past strict security checks in data centres and the like, and later retrieved. The hacker and pen-tester, who goes by the …

Page:

  1. Sampler

    Being a fairly big bloke, size 13 shoes could come in handy for building a male version, afterall the steel toecapped safety boots it's common for IT staff to wear are rather bulky looking to start with.

    (though saved one foot when a colleague dropped a HP 4550 Color LaserJet on it - last time I gave him a hand with a two man lift)

    Fake sole that detached could stash all this gear in and a bit more. Admittedly I don't have the upper body distraction she has (those are wonderful big brown eyes) but then I do look like I spend every day in a datacentre and not out of place/need to be monitored.

    1. g00se

      TV hack

      Admittedly I don't have the upper body distraction she has

      You might consider sticking with the female shoe version, and leave the designer stubble for added effect. That will provide a distraction of a different kind

    2. Charles Manning

      "Admittedly I don't have the upper body distraction she has"

      Well I do have moobs that would compete with hers.

      Unfortunately that just causes people to avert their eyes and makes them look at my shoes.

  2. Robert Helpmann?? Silver badge
    Joke

    What Next?

    I have to turn my phone off and leave it in a locker before coming to work. When my employers see this article, I guess I will have to do the same with my shoes. What's next? Ban all clothing?

    1. getHandle

      Re: What Next?

      Ban all clothing and bend over ;-)

      1. David Austin

        Re: What Next?

        I did some contract work at a chicken farm: To get in there required a "Poop Stick" test to check for salmonella, stripping off for a chemical shower, then putting company issued (And pool) Underwear on, then donning a disposable boiler suit.

        Needless to say, after the first time, I always sent the office junior up for that job.

        1. Danny 14 Silver badge

          Re: What Next?

          David, similar for me but at an automated food production line. They made ready meals for airlines (near the Scottish borders). Wasn't fun but there weren't many people who worked on the lines.

    2. Mark 85 Silver badge

      Re: What Next?

      Soon enough, datacenters and airlines.. same security. Could make one either not go work or begin to make you come in early depending on your co-workers.

      I think I'll stop now before I end up on the "moderated drooling idiot" list.

    3. Admiral Grace Hopper

      Re: What Next?

      If they ban clothing at my place of work I'm leaving. Imagining my colleagues naked has just given me The Fear.

      1. J.G.Harston Silver badge

        Re: What Next?

        Standard protection against puppetmasters. ;)

  3. Khaptain Silver badge

    What pen-test kit

    What shoes, ah now I see them, I was busy looking at the rest of the kit for a moment or two...

    Mon dieu, that brightened me up from what was otherwise a very grey, damp and dull tram ride into work.

  4. The Vociferous Time Waster

    Huh?

    shoes?

    1. Frumious Bandersnatch Silver badge

      Re: Huh?

      shoes?

      Taking a line from The IT Crowd, yes, "THE SHOES!" I wonder if this is where the hacker got her idea that men don't notice them?

  5. Alister Silver badge

    Frankly, if she walked into a datacentre, there's no way she'd be able to carry out any hacking, 'cos she'd be followed everywhere by a pack of drooling techies...

    1. Elmer Phud

      D.I.Y.?

      No need, yer average techies would be fighting each other to do what she asks them to.

      She knows that the Bulgarian Airbags are a distraction and a useful part of her hacking kit.

    2. Grikath

      bait...

      If she'd walk into a datacenter ( or any security-sensitive outfit for that matter) like that, she'd immedeately be tagged as highly suspicious, and I'd, for one, start looking for what she's supposed to divert attention from, including the shoes. The MaleBait is too obvious, especially if she's unaccompanied, and not acting like Adornment/Secretary (yes... Asia.. different culture.. unknot your panties..).

      Call me a suspicious bastard, but if it's Too Good To Be True, etc. And any fool that falls for it would reap the fruits of the shortsightedness of his Other Brain.

      1. martinusher Silver badge

        Re: bait...

        Women who do practical jobs tend to have clothing suitable for those jobs so they'd turn up (for example) at a data center wearing plain, practical, and above all, comfortable kit. If you met the same person in a social setting you may not recognize her until she spoke to you.

        The only women who actively dress up for work in an engineering workplace are typically in sales type roles where their job requires them to be (as my mother would say) 'tarted up'. My daughter used to get a lot of these reps when she was working in Texas, they'd be trolling the local companies selling supplies and the like but as she said "it was a bit wasted on her" (but I suppose there was some innate solidarity -- after all, a girl has to make a living...).

  6. Arachnoid

    Given the size of a small mobile

    Even in that dress one could have hidden a device or two or made a decorative belt type device with the Ariel around the waist.All very James Bondish but hardly new the OSS were hiding stuff in shoes during WWII.

    1. Allan George Dyer Silver badge
      Boffin

      Re: Given the size of a small mobile

      Be fair, the OSS never hid an entire computer in a belt-buckle or even a shoe.

      1. YetAnotherLocksmith

        Re: Given the size of a small mobile

        She herself admits she is standing on the shoulders of giants. It's a cool thing to do, amazing from the perspective of even just 10 years ago, but today? Literally anyone competent can do this in a few days at their local hackspace, for under £100.

        The pace of change is stunning.

        1. Sir Runcible Spoon Silver badge

          Re: Given the size of a small mobile

          "The pace of change is stunning."

          'May you live in interesting times.'

          1. TimeMaster T

            Re: Given the size of a small mobile

            'May you live in interesting times.'

            I've never been sure if that was meant as a blessing or a curse

            1. h4rm0ny

              Re: Given the size of a small mobile

              >>I've never been sure if that was meant as a blessing or a curse

              Generally meant as a curse. It is alleged to be the reply Confucious gave to a student who moaned about finding themselves living in a peaceful society instead of the interesting times they read about in history. But that is probably a later invention. All we really know is that it was supposed to be a Chinese curse by the British.

            2. Tcat
              Meh

              I've never been sure if that was meant as a blessing or a curse

              Yes.

        2. Ian Watkinson

          Re: Given the size of a small mobile

          Yes but they are not say, look I'm a Women, I did this, and I will help you do it.

          Or if they are, then they need better advertising...

    2. JLV Silver badge

      Re: Given the size of a small mobile

      Am guessing the shoes are also below scanner level, unlike belts. It's why airport checks have you take them off, but security can't do that elsewhere.

  7. Anonymous Coward
    Anonymous Coward

    Modesty

    This uses the Modesty Blaise "stunner"

    .

    to deflect the attention and get the advantage

  8. J.G.Harston Silver badge

    Is that her in the picture? She looks deformed.

    1. Elmer Phud

      Silicon Valley

      "Edit: Normally I have to sort though about 50% identical replies to my posts on Reddit. For those flexing their fingers and getting ready to give me a hard time: Yes, they are fake. Yes, I feature them prominently and deliberately in everything I do. No, most of my projects do not have all that much technical merit- they are 90% silicone and 10% silicon ;-) No, if you point out the absolutely obvious no one will think you are insightful, edgy or cool. They will think you are 12. "

      1. J.G.Harston Silver badge

        Re: Silicon Valley

        Maybe I'm weird, but I don't find women who look like they're desperate for breast reduction surgery visually attractive. And how did any of these plastic surgeons manage to get their degrees? Have any of them actually *seen* a real human breast?

        1. Peter Simpson 1
          Happy

          Re: Silicon Valley

          Looks more like Silicone Valley in this case...

          1. RobZee
            Facepalm

            Re: Silicon Valley

            Self-mutilation, all in the name of attention seeking. The most extreme form of Histrionic Personality Disorder.

        2. SexyCyborg

          Re: Silicon Valley

          >I don't find women who look like they're desperate for breast reduction surgery visually attractive.

          It might come as a shock. But it's not about you. Sometimes we do things for ourselves. Crazy, I know.

          1. h4rm0ny
            Thumb Up

            Re: Silicon Valley

            >>"It might come as a shock. But it's not about you. Sometimes we do things for ourselves. Crazy, I know."

            Hey. Welcome to The Register! I found your article fun. Building your own hacking kit into high-heels is pretty cool. Please ignore the troll - I think some people just enjoy feeling superior by looking down on what others like / choose. If your looks make some people underestimate your technical skills because they are stuck on some "geek" image of programmer, that's an advantage to you! :)

            I like that your shoes will pass under many metal detectors at doorways, btw.

          2. J.G.Harston Silver badge

            Re: Silicon Valley

            Well, I've always said that any adult is fully at liberty to do/have done to their body whatever they want, but you also have to acknowledge and take on the responsibility for any damage it causes to bodily function and any resultant the societal "oddness" of sticking out from the crowd.

            I live in Whitby. You'd blend into the background here during Goth Weeks.

            1. x 7

              Re: Silicon Valley

              "I live in Whitby"

              I hate to think of the size of the explosion if a vampire bit her implants......

    2. h4rm0ny
      Paris Hilton

      >>Is that her in the picture? She looks deformed

      I think there should be a rule that anyone posting physical criticisms of people in an article should be required to accompany it with a recent photo of themself. Similarly dressed, for fairness.

      1. Ben Tasker Silver badge

        I think there should be a rule that anyone posting physical criticisms of people in an article should be required to accompany it with a recent photo of themself. Similarly dressed, for fairness.

        I quite like that idea, but does it recurse?

        I.e. if OP had included a picture of himself in heels and a tight dress, and I wanted to criticise his appearance would I need to go wardrobe raiding too?

        Also, fair to say that if the missus caught me dressed like that, "I wanted to comment on a news article" probably wouldn't work as an excuse :D

        It's an impressive little project, I can think of places I've been where it probably wouldn't work, but I can also think of quite a few where it would

        1. h4rm0ny

          >>"I quite like that idea, but does it recurse? I.e. if OP had included a picture of himself in heels and a tight dress, and I wanted to criticise his appearance would I need to go wardrobe raiding too?"

          Yes, it's turtlesblack mini-dresses all the way down.

          1. Brewster's Angle Grinder Silver badge
            Facepalm

            "Yes, it's turtlesblack mini-dresses all the way down."

            The point of a minidress is it doesn't go all the way down.

  9. Chozo

    Any data centre with locks that can be opened by those tools deserves to be pwned.

    1. Danny 14 Silver badge

      yeah, normally you have to type 2580 (or occasionally 1379) on the doorlock

      1. Anonymous Coward
        Anonymous Coward

        or 8008135...

        1. Anonymous Coward
          Anonymous Coward

          7175 is shorter...

        2. J.G.Harston Silver badge

          The post is required, and must contain letters.

          6031769

    2. Blank Reg

      I've defeated datacenter locks with a coat hanger when the card scanner wasn't letting me in. Much faster than waiting for security to fix their screwup.

    3. Dr Dan Holdsworth Silver badge
      Black Helicopters

      Yes, it is entirely possible to get much, much smaller, more compact lock picking tools that will do the same as the stuff she was waving around there. However if the owners of a datacentre are serious, they will not be using the frankly laughable rubbish that the likes of Masterlock are selling, but will (like my employer) be using Abloy locks.

      Abloy make locks which are not susceptible to shimming, nor to simple pin-lifting tricks. They can be opened, of course, but the quick way tends to be rather SOE and very noisy.

      It is also worth noting that any data centre worthy of being called secure will not permit anything with an unknown MAC address to send any packets at all, and very likely simply will not have any internal wifi network, simply to remove this attack vector. On a similar line, this pen tester wouldn't be allowed in simply because her footwear doesn't meet the international safety standards.

      Still, nice trick to smuggle in tools, and some rather nice silicone on view, too (I'm only human...).

      1. Brad Ackerman
        Black Helicopters

        Not X10s, then?

      2. PNGuinn
        Facepalm

        Data Centre Security @ Dr Dan Holdsworth

        Yeah, agreed. Every data centre SHOULD be as secure physically as it is digitally.

        In practice, however, ....

        I'd be interested if commentards would post (as AC of course) some details of the type of security they actually face in their day to day work, and, as vaguely as necessary, some idea of the nature of the data behind the locks.

        Is most of the effort directed to preventing digital intrusion from outside, ignoring the obvious that if you have physical access.....?

        1. Anonymous Coward
          Anonymous Coward

          Re: Data Centre Security @ Dr Dan Holdsworth

          some details of the type of security they actually face in their day to day work

          Usually there is a VPN access - it costs money (taxi, time) to get into the physical data centre - especially for the in-sourced 3-rd world support, and usually the shared(!) VPN password is never changed. On campus there will be one or more special VLAN's that route traffic to the "Machine Room".

          People will run HP-ILO et. cetera on that to configure machines, or VmWare tools. I assume that VmWare is popular because the license costs alone will put the CTO on the board, next to Human Resources (who shouldn't be on the board either).

          Usually there is SSH login to the machines on the special VLAN, often via a Jump-Box (a machine inside the DMZ that can connect "out" through the firewall), in the typical Free Pizza, Coke & Games IT-shop this SSH passwords will be shared and never change - it is too much work to update LDAP every time another student joins or leaves.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019