In the ultimate example of reverse engineering, security firms are taking a stab at cybercrime and other IT-related fraud by using purposeful hacking to ferret out and address the vulnerabilities. In its quest to make its electronics more secure, for example, the team at Red Balloon recently put some time and effort into hacking into an office phone and desktop monitor.
This kind of “purposeful” hacking may sound counterintuitive, but in reality it can play a pivotal role in helping electronics manufacturers ferret out the vulnerabilities in their systems. Then, they can use that newfound knowledge to improve their systems.
“Office phones, printers, building control systems, and more—these may not sound like computers, but they can all be hacked, according to cybersecurity pros,” CNBC reports. “One cybersecurity CEO even says it is the most important threat since they control critical infrastructure.”
The use of purposeful hacking isn’t new, but it is becoming a more popular way to learn about cyber-vulnerabilities and other potential threats. At this year’s DEF CON hacking conference, for example, carmakers encouraged attendees to try to “break into” control units of their cars and take over the vehicles’ driving functions.
“Attendees who visited the car hacking site had to escape a vehicle by deciphering the code to open its trunk, control its radio volume and speed, and lock the doors through their computers,” Tina Bellon writes in Insurance Journal. Volkswagen AG, Fiat Chrysler, and suppliers Aptiv PLC and NXP Semiconductors NV were among the sponsors of this year’s car hacking village—as some have done at previous DEF CON conventions.
Bellon said the conference provides a rare opportunity for enthusiasts to learn about car hacking, a resource-intense research field that requires specialized knowledge and lots of preparation. “Carmakers have been discovering new issues with their traditional architectures thanks to white hat hackers, which highlighted security needs for carmakers and suppliers alike,” said one chief scientist who operated a station at DEF CON where hackers could try to modify a model traffic light.
Laying Siege to Electronic Polls
In another example of purposeful hacking in action, DEF CON attendees armed with lock-pick kits to crack into locked hardware, Ethernet cables, and inquiring minds, showed up for a rare opportunity to interrogate the machines that conduct U.S. democracy. “By laying siege to electronic poll books and ballot printers,” Washington Post’s Taylor Telford reports, “the friendly hackers aimed to expose weaknesses that could be exploited by less friendly hands looking to interfere in elections.”
According to Telford Def Con’s Voting Village—and the DEF CON conference as a whole—has become a destination not only for hackers, but also for lawmakers and members of the intelligence community trying to understand the flaws in the election system that allowed Russian hackers to intervene in the 2016 election and that could be exploited again in 2020.
“This year’s programming involved hacking voting equipment as well as panels with election officials and security experts, a demonstration of a $10 million experimental voting system from the Pentagon’s Defense Advanced Research Projects Agency, and a ‘part speed-dating, part group therapy’ session,” Telford writes, “where state and local election officials gathered with hackers to hash out challenges of securing elections.”