HACKING THE VULNERABILITIES
From smartphones, laptops and IoT devices, to Wi-Fi and artificial intelligence, when you start to think about the number of gadgets and technologies designed to make our lives easier, the mind boggles. Yet not all of these gadgets are as innocent and harmless as they seem. USBs, routers and phone chargers when used as intended play a vital role in our interconnected world. They also have the potential to crack open and exploit our digital systems, resulting in devastating phishing and ransomware attacks. On the plus side, from an ethical hacking perspective, many gadgets can expose some of the most common vulnerabilities in our IT systems. In essence, they can form a foundation for penetration testing.
PENETRATION TESTING
Making its first appearance in the 1970s, penetration testing aka the ‘pen test’ or ethical hacking, is a legitimate simulated cyberattack on a computer network. It is typically used by cybersecurity experts to ascertain the security levels of an IT network and identify weaknesses and vulnerabilities. According to the UK’s NCSC, when third-party pen testers ethically hack your system, you should know what they are going to find before they find it. As such, penetration testing is not a magic bullet but rather a fundamental tool for analysing the security of your IT systems and any perceived vulnerabilities. A successful pen test should provide you with a comprehensive assessment of the level of risk that emanates from your software and hardware vulnerabilities. So how do gadgets such as USBs, routers and chargers feature in these vulnerabilities assessment? Let’s take a look.
USB RUBBER DUCKY
The USB Rubber Ducky Hak5, costing £50 online, might take on the guise of an innocent flash drive. It’s anything but. Once plugged into a computer, it acts as a keyboard with keystrokes installed in it. A hacker wanting to steal data simply has to automatically run a series of keystrokes and data is stolen at an incredibly high rate. Worse still, the Rubber Ducky cannot be detected by anti-virus or a firewall. How can such a dangerous device have a positive spin? The good news is that the USB can be used by pen testers for targeting vulnerabilities in systems or even programming processes. Remedial action can then be taken before anything untoward happens.
Wi-Fi COCONUT ROUTER
Most of us connect to the internet via Wi-Fi. From a security and vulnerabilities standpoint, it’s probably not the safest option, especially when you are connecting to a public router. While most routers have up to 6 antennas, the so-called Wi-Fi Coconut has 14, making it possible to create an almost perfect record of everything going on in several Wi-Fi networks at the same time. Its biggest threat is the KARMA attack, in which bad actors disguise themselves as a trusted Wi-Fi network. A dream come true for hackers, no? Maybe, but certainly for pen testers. The Wi-Fi Coconut also lets you monitor and record all 2.4 GHz Wi-Fi channels at the same time, and you can store and analyse all events. As a Wi-Fi vulnerabilities penetration testing tool, you’d be hunting high and low to find something cooler than the Coconut.
THE O.MG CABLE
Ever been afraid of a charging cable? Maybe now’s the time. The O.MG cable, like its Rubber Ducky counterpart, is a stealthy hacking tool that is much more than a charging device. MG, the cable’s creator, explains
“It’s a cable that looks identical to the other cables you already have. But inside each cable, I put an implant that’s got a web server, USB communications, and Wi-Fi access. So it plugs in, powers up, and you can connect to it.”
The O.MG is also a keylogger and can save up to 650,000 entries that can be retrieved later. It can log your social media posts, passwords and bank account details. The bad news doesn’t end there. O.MG could also launch software applications, download malware, or steal saved Chrome passwords and send them over the internet. While this is a huge threat, costing £180 the O.MG is unlikely to be used by low-level scammers. In fact, it is an ideal tool for professional penetration testing and can expose vulnerabilities in password management, data protection and IT network security.
LET ME HACK YOU
I have over 20+ years of experience in professional business IT management. As a cybersecurity expert specialising in risk mitigation, you can leave your ethical hacking up to me. Using the latest pen testing technologies, I’ll identify any and all vulnerabilities in your IT network and fix them. You don’t need a rubber ducky or coconut. Contact me today and let’s get your cybersecurity sorted.