Kevin Mitnick at the Freescale Technology Forum (via Knowbe4)
As reports about security breaches, stolen identities, and big box stores being hacked continue to rise, we can only hope that companies are improving their security systems to prevent further cyber attacks. Yet, the “world's most famous hacker” isn't so optimistic. Kevin Mitnick has been hacking since he was in his teens. He wiretapped the National Security Agency when he was only 16 and a federal prosecutor once told a judge Mitnick could whistle tones into a phone to launch nuclear missiles. 20 years ago he was considered one of the FBI's most wanted criminals, but now he not only has his own security company, Mitnick Security, he uses his knowledge to inform others how easy it is for hackers to get sensitive information.
Recently, at the Freescale Technology Forum (FTF) in Austin, TX, Mitnick spoke about the vulnerability of the Internet of Things (IoT) and how such devices and applications can be easily attacked. The problem, according to him, is that the IoT has a lot of the same issues that corporate computer networks currently face: lack of encryption, password reset problems, and authentication weaknesses. He proved this by telling how his company found the vulnerabilities in a well-known chain of gas stations. Not only were there weaknesses in the company's website, but Mitnick then bought one of its payment devices on eBay, extracted the firmware, and downloaded credit and debit card numbers. “The IoT is exploitable, just like any other device,” Mitnick said. This was actually the subject of a four-day conference back in May held in Chicago.
To show how vulnerable IoT is, Mitnick proved how easy it is to steal someone's information. He asked a volunteer from the crowd for their phone and minutes later he had the person's number, date of birth, address, and even social security number on the screen. Mitnick revealed he attained the information with a database that charges 50 cents per search. He then used a another database to look up Leonardo DiCaprio's mother's maiden name. The service costs $60 a year.
Mitnick doesn't think there are impenetrable security systems out there and the that the internet is “broken.” He believes people need to focus on protecting their most vulnerable information online, but he's also not sure if there's a way to protect it at all. “There are so many holes and so many vulnerabilities out there,” Mitnick said. “What is the silver bullet to really protect yourself? I don’t think there is any.” If this is the case, the future looks grim when it comes to protecting the IoT.
In addition to speaking at conferences, Kevin Mitnick offers virtual security awareness programs via KnowBe4. The program includes training videos of various lengths and different languages, live demonstration videos, and short tests. Mitnick's services have been hired for various Fortune 500 companies and governments worldwide. His company manages to maintain a 100 percent successful track record when it comes to penetrating security of any systems. Talk about a good sales pitch!
Here is another exploit...
See more news at: