Business | Technology
Hackers show off latest techniques
Want to break into the computer network in an ultra-secure building? Ship a hacked iPhone there to a nonexistent employee and hope the device sits in the mailroom, scanning for nearby wireless connections.
- AP
- Published: 00:02 August 10, 2008
Las Vegas: Want to break into the computer network in an ultra-secure building? Ship a hacked iPhone there to a nonexistent employee and hope the device sits in the mailroom, scanning for nearby wireless connections.
How about stealing someone's computer passwords? Forget trying to fool the person into downloading a malicious program that logs keystrokes. A tiny microphone hidden near the keyboard could do the same thing, since each keystroke emits slightly different sounds that can be used to reconstruct the words the target is typing.
Hackers at the DefCon conference in Las Vegas were demonstrating these and other novel techniques for infiltrating facilities on Friday. Their talks served as a reminder of the danger of physical attacks as a way to breach hard-to-crack computer networks.
It's an area once defined by Dumpster diving and crude social-engineering ruses, like phony phone calls, that are probably easier to detect or avoid.
As technology gets cheaper and more powerful, from cell phones that act as computers to minuscule digital bugging devices, it's enabling a new wave of clever attacks that, if pulled off properly, can be as effective and less risky for thieves than traditional computer-intrusion tactics.
"The technology is becoming easier and cheaper and anybody can do it. And at the same time there's more incentive now to do it," said Eric Schmiedl, a lock-picking expert and undergraduate at the Massachusetts Institute of Technology.
Consider Apple's iPhone, a gadget whose processing horsepower and cellular and wireless internet connections make it an ideal double agent.
Experiment
Robert Graham and David Maynor, co-founders of Atlanta-based Errata Security, showed off an experiment in which they modified an iPhone and sent it to a client company that wanted to test the security of its internal wireless network.
Graham and Maynor programmed the phone to check in with their computers over the cellular network. Once inside the target company and connected, a program they had written scanned the wireless network for security holes.
They didn't find any, but the exercise demonstrated an inexpensive way to perform penetration testing and the danger of unexpected devices being used in attacks.
More from Technology
More from Business
Business Editor's choice
-
‘Wrong Way' Krugman
The source of our economic malfunction lies with government-mandated bank regulations
-
Greek exit could make Eurozone stronger
Departure will show limits of bailouts and allow remaining members to act much more like a unit
-
UAE upholds values of free trade
Recently released statistics confirm an established fact, namely that of the UAE embracing the free trade principle in general and imports in particular
