“White hat” hackers Campbell Murray, at right, and Fraser Winterborn, far left, demonstrate at the BlackBerry Security Summit how engineering flaws and lack of forethought in IoT devices can essentially give cybercriminals a back door into a secure wireless network — and possibly allow them to leave no detectable trace they were ever there.
Loopholes in the Internet of Things
Oh, the possibilities that a system of interconnected wireless devices — generally categorized as the Internet of Things (IoT) — can create, like smarter, more efficient offices, homes, vehicles and environments of all kinds, or new ways your business could be compromised by cybercriminals with you perfectly unaware.
At the BlackBerry Security Summit in July, the enterprise security solutions and communications provider had Campbell Murray and Fraser Winterborn, its technical director and head of R&D for encryption, respectively, perform a live hack before an audience into a business’ secure wireless network through an electric teakettle. The two “white hat” hackers provide penetration testing services, one of the latest additions to BlackBerry’s product and service portfolio.
Such a device is “something you probably haven’t thought about much when it comes to security,” Chief Security Officer David Kleidermacher understated in introducing the two. Walking the audience step-by-step through the hack, Murray pointed out that it could be done through “literally any device that is not a personal computing device and can be network-connected” that happens to have the right engineering flaws.
“The IoT device we have here is a teakettle. It could be anything — could be a fridge, blender, juicer, physical access control systems, industrial control systems — those all fall into the IoT category as well,” Murray said. He narrated while Winterborn performed the hack.
The teakettle was connected wirelessly to an Apple iPhone to allow a user to, benignly enough, set up a schedule for it to boil. The iPhone was a BYOD (bring your own device) item an employee would use on the business’ WiFi network, which had WK2 encryption. “It’s not the best and not the worst enterprise-grade WiFi security you may have for your protection,” Murray pointed out, “but for your average home office or small enterprise, this is what you’ll most likely find.” read more at fleetowner.com