In computer network security, warshipping is using a physical package delivery service to deliver an attack vector to a target.
This concept was first described[1] in 2008 at the DEF CON hacking convention by Robert Graham and David Maynor as part of a talk entitled “Bringing Sexy Back: Breaking in with Style”, that included various penetration testing methods.
A social engineering pretext was described that would trick the recipient into believing they had won an iPhone, in order to explain the shipment.
The advancement of low-power electronics, thanks in part to maker culture, has greatly increased the effectiveness of this methodology as a credible method of attacking networks.
In 2019, IBM X-Force Red coined the name “Warshipping” and described an attack platform that included several low-cost components that could be combined, shipped to targets, and controlled remotely for 2–3 weeks.