Professional hackers - the good kind - work to secure the Internet Of Things

Thursday, May 4, 2017
Professional hackers - the good kind - work to secure the Internet Of Things
Meet the professional hackers paid to take control of the internet-connected devices you use every day.

SAN FRANCISCO (KGO) -- Bay Area cyber-security expert Dan Kaminsky points to the endless stream of IP addresses rolling by on the screen.

"What we're seeing here is all these hacked cameras trying to see if I'm also a camera that's able to be hacked," explains Kaminsky, who is co-founder and chief scientist at the cyber security firm White Ops.

The recorded data is the digital footprint from a cyber-attack that took down a major chunk of the internet in October, crashing some of the most popular sites on the web, from eBay to Amazon. Investigators believe the bad guys used a type of robo-malware to hijack millions of unsecured devices like web connected cameras and used them to overwhelm a domain service.

"Someone started breaking into them en masse and started saying, hey, go attack that part of the internet. And it went down," says Kaminsky.

Those millions of cameras make up part of what's called the Internet of Things. Consumers products ranging from cameras to printers and TVs to and DVRs, all connectable to the internet - and all a potential target for hackers, who often use special software to search for them.

"If someone can maliciously take over one of these devices, they can control it and basically do anything," says Ulf Lindqvist, Ph.D.

Lindqvist runs the Internet of Things research lab at SRI International in Menlo Park. Inside, teams of computer scientists are cracking open many of the world's most popular consumer products, looking for security flaws.

"And we want to make it easy for developers to do the right thing for security, so the Internet of Things of the future will be much more secure," says Lindqvist.

But with so many new devices on the market, they say it can be hard for consumers to tell which ones have enough security and which don't.

So what can you do to protect your own home network?

Founder Gavin Whitechurch and Ronan de Renesse run Internet of Things World, the largest convention of its kind. They say consumers might consider products that use systems like z-wave or Zigbee, which communicate with your home network via a specialized hub.

"It's more secure because it's not WiFi. WiFi has been used for years. And for hackers, it's very easy to hack into a WiFi network. There are a lot of tools out there for hacking into those WiFi networks," says de Renesse, who is also the practice leader for consumer technology at the the analyst firm, Ovum.

They say a main attack point is still your traditional router. Make sure it's firmware is up to date by checking the manufacturer's website. And ensure the password is complex enough. Also never leave default passwords on any connected devices if possible, because they're often used by hackers to break in.

Dan Kaminsky says smart phone makers like Apple have done a lot to make their devices more secure. But, like the other experts, he believes there's a lot more work to be done to secure the broader Internet of Things.

"What are you going to do when the infrastructure itself is the problem?" he asks. "We need to demand safer and better infrastructure. When you get down to it, the Internet of Things and a lot of cyber-security problems need investment on a national and global scale."

Join Michael Finney on Facebook Live for a Q and A and a behind the scenes look at this story:

Click here for more stories and videos by Michael Finney and the 7 On Your Side team.