Never underestimate the intelligence of your fellow colleagues. Coming home from Vegas as DEFCON winners in the IoT Village 0-day contest, our team of ethical hackers more than proved their worth. As word spread, we had an overwhelming amount of interest from the media. Everybody wanted to know more about IoT, and its vulnerability to cyber-attacks.
Part of our team’s charm is their desire to educate. Which helped when ITV got in touch, wanting to talk to us about cybersecurity in relation to embedded/connected devices, and the IoT attacks we peformed. Obviously we wanted to do more than just tell them; we wanted to show them. So we invited them over to our Manchester HQ, which also gave us the perfect opportunity to show off a little and run a hacking day - just for them.
The hacks we showed the ITV crowd
We simulated the following malicious attacks in our secure lab environment:
- A Man-in-the-Middle (MiTM) attack on the ITV News website, which included altering headlines to manipulate public opinions
- A MiTM attack to retrieve bank details and passwords for financial gain
- An SMS phishing attack to manipulate end user actions, again for financial gain
They left as cyber converts
As we explained the attacks, you could sense some scepticism from the ITV crew; they asked how much time we’d need, and had we planned for an attack not working. It was only when they saw the speed at which we carried out the exploits, and how flawlessly the hacks worked, that they got an understanding of just how easy such attacks can be to pull off.
Card details and passwords obtained, phones and websites breached, and a room full of genuinely nervous people who were strengthening passwords and ordering patches for their IoT devices before they even left the room.
It just happened to be National Cybersecurity Awareness Month at the same time. Our work was done, and done well.