17 Mar 2017

Why Hasn’t Anyone Thrown Out Their Microwave?

Author:

Were you shocked to learn that Wikileaks had published “Vault 7”, leaked documents that reveal the intricate details of CIA’s hacking capabilities? Were you extremely concerned that the CIA has now “lost control” of these tools to the public domain, meaning that any cybercriminal in the world can now learn these methods and use them against you? Did the recent news cause you to take a long and close look at every sensor on your iPhone or Android phone, Samsung smart TV, or — if you’re Kellyanne Conway — even your microwave?

None of the above apply? You may be suffering from security fatigue – a syndrome that occurs when a subject is bombarded with news of corporate hacks, data breaches and identity theft week after week, causing some level of desensitization to the information. After all, we are just a few years removed from Edward Snowden’s massive revelation that the NSA is performing mass surveillance on all of us.

Security Fatigue

This growing desensitization toward cybersecurity is a boon for hackers everywhere. When businesses and their employees get lazy about updating their passwords, encrypting sensitive emails, downloading the latest security patches, checking permissions on office-wide applications, and monitoring employees’ mobile devices, they might as well be rolling out the red carpet for hackers. Even as the public grows weary of cybersecurity, hacker sophistication is continually improving.

Shodan: The Hacker Search Engine

It’s never been easier for hackers to find out what devices are online and how to access them. Shodan is a search engine that maps the location and IP of devices connected to the internet, a network of all types of “smart” devices and computers that continues to grow, thanks to The Internet of Things trend. Shodan will find a device’s IP address and digital fingerprint, which includes its key exchange algorithms and encryption algorithms. If you visit Shodan and search for “Server: SQ-WEBCAM”, you will see webcams listed in Germany, Hungary, the US and Italy. Shodan can also list the default password for a number of devices. If someone has deployed a server online and has not changed the default password, then their server is wide open to attack. [Source]

Shodan is not the only shortcut into your devices. The web is full of resources for hackers, including the “Hacking Tools Top Ten list”, the “Best Password Cracking Apps”, and “Dark Fantasy”, “a port scanner, password cracker, DDOS tool, for hacking.” Combine these with the CIA tools, and every Tom, Dick, and Harry has what it takes to start a hacking operation.

Why Should You Care?

The Vault 7 release is concerning for a number of reasons. First, if the CIA has “lost control” of these tools, then who has gained control?  According to Wikileaks, Vault 7 is the first in a series of documents that will be published in the coming months. Will they start to publish more information about the tools, including possibly instructional information? Or will the information serve a “white hat” purpose and help device manufacturers close their security vulnerabilities?

Silver Lining

There is good news, though. According to Wired magazine, end-to-end encryption protocols appear to be uncompromised by the CIA leak. The Wired article states, “The end-to-end encryption protocols underpinning these private messaging apps protect all communications as they pass between devices. No one, not even the companies providing the service, can read or see that data while it is in transit. Nothing in the CIA leak disputes that. The underlying software remains every bit as trustworthy now as it was before WikiLeaks released the documents.” In a world where cybersecurity seems to be unravelling in front of our very eyes, at least we can take solace in knowing that encryption is still effective at keeping hackers at bay.