Tag: Hidden Camera

  • Three Questions to Ask Before Connecting a Device to the Internet

    “In theory, even our refrigerators could turn against us and order low-fat ice cream instead of our Ben & Jerry’s.”

    Raxis Lead Penetration Tester, Scottie Cole

    I’m a gadget guy with a lot of IT experience, which of course makes me the pro bono tech troubleshooter for every friend and relative within 100 miles. It also means I’m the guy they call when they want to connect their latest gizmo to the Internet.

    I don’t usually mind helping, but I often find myself wondering if people are putting enough thought behind this race to connect to the Internet of Things (IoT). 

    Ha! Just kidding. I know for a fact that most aren’t putting any thought behind it.

    The allure of convenience, the snob appeal of being an early adopter, and the FOMO factor make it incredibly easy to sell these devices. But there’s no incentive to also talk about security issues – and that’s a big problem. 

    So, as a public service, I’m taking off my gadget-geek gear and putting on my professional hacker hoodie. Before you connect any device to the Internet, ask yourself these questions (and answer them honestly):

    Will I really use it as much as I think? This is about more than simply being frugal. The less you use a device or an associated app, the more likely you are to miss important updates and leave security patches uninstalled. You might not be paying attention, but hackers surely are. Which brings up a second question . . . 

    Can I secure it? Why don’t we pose that question to Alexa? Oh, wait. Can we trust her? Really, we only have a pinky swear from the company that she’s not spying on us. And that’s a potential problem with many devices. Even as a security professional, I can only control the security on my end. If it’s a centrally administered service, I have to also trust the company to protect access to the device as well. That’s why it pays to really read what they have to say about security. And that raises a third, even more important question . . . 

    What am I putting at risk if it’s hacked? One of the great IoT ironies is that some of the products sold under the guise of making us more secure are often the most vulnerable to attack. That means security cameras can turn into spy cameras. The ability to lock our doors remotely means they can be unlocked the same way. In theory, even our refrigerators could turn against us and order low-fat ice cream instead of our Ben & Jerry’s.

    A more urgent concern is that any device connected to your network can become a pathway for unauthorized access. If you think that’s unlikely, watch my colleague Scott Sailors hack a wireless mouse. From a practical perspective, that means you should segment your network so that, if your toaster is hacked, you’re not putting all your bank and credit card data at risk as well. 

    The reality is that connected devices are improving our lives dramatically and we haven’t even scratched the surface of their real capabilities. It’s exciting to realize that more and more devices are becoming smarter and more capable. In order to fully enjoy the advantages of being connected, we simply need to be realistic about our abilities, mindful of the risks we take, and diligent about mitigating them effectively.

    Companies hire the team here at Raxis to identify vulnerabilities and correct them before hackers can take advantage. As individuals, it’s up to us to do it ourselves.

    Of course, you can also call on a friend or relative to help. (Not me, though. I’m all booked up through the end of the year.)

  • Here’s How Hackers Can Get Through Your Doors and Onto Your Network

    Watch my video to see how easy it can be to bypass your company’s sophisticated security system. You might assume I’m just a guy who left something at work and had to run back in. But that’s not my office, that’s not my badge, and, at sunset, my day is just getting started. 

    We’re all familiar with employee badges – plastic proximity cards that contain a unique identifier that tracks when and where an employee is on company property. Businesses around the world depend on this technology to prevent unauthorized access, yet most would be shocked to see how simple it is for those badges to be scanned, cloned, and used to access a secure server.  

    In truth, I’m the chief technology officer at Raxis, a team made up of ethical hackers who can get in and out of your secure office quickly and quietly. If we wanted to, we could walk away with access to every single file stored on your network. Luckily, we are not actually there for the files, we’re there to fix your vulnerabilities to a cyberattack. 

    Badges that use RFID technology can be scanned from a few feet away, then cloned in seconds using a handheld copier/reader/writer – a relatively inexpensive device that’s easy to find if you know where to look. Add a small hidden camera to capture the PIN code on an alarm, then drop a backdoor implant device onto your network, and you’ve got a budget-friendly break-in method that a competitor or a kid on the dark web could use to ruin your reputation. 

    Until it’s tested, security is only perception. Raxis assessments identify real-world vulnerabilities that may otherwise go unnoticed. We partner every day with companies like yours to harden their security through process and technology enhancements. The most important asset in any business is a customer’s trust. Secure it with effective, battle-tested solutions from Raxis.

    Follow us on this blog or social media, and we’ll share more ways that hackers can get in — and how we can help you keep them out.