Question 391
Question Answered step-by-step It’s not just about changing passwords. (See “Protect Yourself,” page55.) Wang says the 2016 Dyn attack shows the vulnerability that hides within smart devices. “The whole point of IoT is to connect everyone with everyone else, everything with everything else.”The primary challenge of IoT security is the trade-off between protection and connection. “We have to assume the good guys and bad guys will be mixed together,” Wang says. “Who’s the bad guy? And who’s the good guy?”There are real consequences. The wrong answer to that question can prove quite expensive. (See “Who’s Who of Hacks,” this page.)HACKERS GONNA HACKWhen good-guy hackers approach a new project, they start by asking simple questions, such as who needs to be protected and who must be kept out. So when Margulies sat down with his garage door opener, he knew where to start. Could it let him control the door while keeping hackers out?First, he thought about regular garage door openers. They’re easily hacked by buying a replacement remote at a hardware store and, with a few minutes in the victim’s garage, syncing it to the opener. Or, with a little more work, he could digitally eavesdrop on the code sent from the remote to the opener. With such weak security, garage doors have always been more symbolic than protective, he concluded.But smart openers are different. They’re not just a risk for the homeowner they put a whole community of homeowners at risk. A successful hacker could access thousands of IoT openers and, in theory, send out a signal to open all those doors simultaneously, turning closed doors into invitations. Margulies saw that the opener’s password reset system only required an email address, which was a terrible approach. Any hacker who gets into someone’s email account can simply search for password reset instructions and sail into the system. Margulies also noticed that the only information he had to supply to the company was his street address. That, too, was a bad move: It means that an attacker who gets into the company’s system can simply pull up the list of addresses, a directory of vulnerable openers ripe for the picking.As a responsible hacker, Margulies emailed his concerns to the manufacturer. He outlined the flaws and the risks they carried and stashed the internet-connected part of the device in his closet, relying instead on old-school offline functionality.Knowing whom and what they’re up against is a key part of being a white hat. “We used to have only one enemy,” says Hypponen, who launched his hacking-for-good career in the early 1990s, when few devices were online. His early investigations of computer-based crime focused on malware that spread via floppy disks magnetic storage devices that look like plastic squares and could store about one-third of a pop song. “The attacker at that time was very, very simple to define,” he says. “All the attacks, all the viruses were being written by bored teenage boys.”Hypponen received his first home computer when he was 13, in early 1984. His response was powerful and irreversible. “I immediately was lost into it.” Electronic devices and hacking culture have co-evolved in the decades since then, but he says at least one thing hasn’t: People who discover hacking as a vocation know it from a young age.”I think the best hackers have pretty much always known that they’re good at this,” he says. “They’re probably mathematically gifted, or gifted to do technical stuff. Geek stuff.” Hackers were the kids who walked down the street with their parents’ automatic garage door openers, holding down the button to see which doors would open.Talented hackers, Hypponen says, analyze a system and see something different from what the designers intended. For example, say you wanted to break into a system through its login screen. But instead of typing a login name, you do something radically different like copy and paste a massive image in the username box.”Maybe the creator of the website didn’t think of that, and it breaks the system,” says Hypponen. If the hacker is lucky, he says, that crack exposes a vulnerability.People interested in tinkering with software often end up breaking the law, but nowadays they also have legitimate avenues of expression. Hypponen points to “bug bounties” reward money offered by companies to hackers who expose flaws. “You can try to break the system, and you have permission to do it,” he says. “Use your skills, scratch your itch. I know people who live on bug bounties.”F-Secure, the company Hypponen works for, encourages people to try to break into their system. “If we have vulnerabilities in our servers or software, we want you to tell us,” he says. “We want you to sell that information to us, not to others.”WITH OUR POWERS COMBINEDIt’s a change in culture that has benefited people like Samy Kamkar. He began intruding into private online communities as a teenager, and he attended his first DEFCON convention which has become the best-known underground hacking conference in the world at age 14. Now 31, the Los Angelesbased Kamkar hosts a popular YouTube channel called Applied Hacking, where he exploits security weaknesses in everyday objects like combination locks, locked cars and locked computers. His views number in the millions.In one memorable episode, he hacked the wireless doorbell of Matt, his best friend. Kamkar learned how to make the doorbell ring by sending a text. This led to real-time slapstick: Kamkar texts, the doorbell rings, Matt steps outside, repeat. Kamkar calls the hack “Digital Ding Dong Ditch.” After an hour of ghostly ringing, Matt called Kamkar, suspicious.Kamkar says pure curiosity, not malice, inspires his adventures. “I’ll have an idea or want to understand something,” he says. “What keeps me up at night in a good way is, what’s the next thing that can be done? What’s the cutting-edge stuff?”Hacking may seem a solitary sport, but Kamkar sees value in collaboration, which is why he shares what he learns. “The people I hang out with are friendly hackers,” says Kamkar. “If I’m putting stuff out there other people can use, they will think of something I never will. That will basically catapult me into the future. We’re raising each other up.”Help me understand the article Health Science Science Nursing NURSING NUR-400-Q6 Share QuestionEmailCopy link Comments (0)
Needs help with similar assignment?
We are available 24x7 to deliver the best services and assignment ready within 3-4 hours? Order a custom-written, plagiarism-free paper
Get Answer Over WhatsApp Order Paper Now