Never underestimate the intelligence of your fellow colleagues. Coming home from Vegas as DEFCON winners in the IoT Village 0-day contest, our team of ethical hackers more than proved their worth. As word spread, we had an overwhelming amount of interest from the media. Everybody wanted to know more about IoT, and its vulnerability to cyber-attacks.

Part of our team’s charm is their desire to educate. Which helped when ITV got in touch, wanting to talk to us about cybersecurity in relation to embedded/connected devices, and the IoT attacks we performed. Obviously we wanted to do more than just tell them; we wanted to show them. So we invited them over to our Manchester HQ, which also gave us the perfect opportunity to show off a little and run a hacking day – just for them.

The hacks we showed the ITV crowd

We simulated the following malicious attacks in our secure lab environment:

  • A Man-in-the-Middle (MiTM) attack on the ITV News website, which included  altering headlines to manipulate public opinions
  • A MiTM attack to retrieve bank details and passwords for financial gain
  • An SMS phishing attack to manipulate end user actions, again for financial gain

They left as cyber converts

As we explained the attacks, you could sense some scepticism from the ITV crew; they asked how much time we’d need, and had we planned for an attack not working. It was only when they saw the speed at which we carried out the exploits, and how flawlessly the hacks worked, that they got an understanding of just how easy such attacks can be to pull off.

Card details and passwords obtained, phones and websites breached, and a room full of genuinely nervous people who were strengthening passwords and ordering patches for their IoT devices before they even left the room.

It just happened to be National Cybersecurity Awareness Month at the same time. Our work was done, and done well.

 

Keep your business secure with Secarma

We believe that the security of your critical networks and data is key to your organisation’s success. Whatever your sector, whatever your size, our mission is to help you to seize the competitive advantages of providing your clients with security, compliance, and reliability.

Latest

The Role of AI in Cybersecurity Friend or Foe

In this article, we'll explore the role of AI in Cybersecurity the potential benefits it provides, a...

Consulting on IoT and PSTI for manufacturers

IOT Self-Statement of Compliance for PSTI?

Often when our IoT consultants find themselves deep in conversation about the Product Security and T...

fintech penetration testing

Understanding the Importance of Fintech Penetration Testing

Fintech Penetration testing aids in the identification and remediation of vulnerabilities within an ...