Secarma team breaks records at DEFCON hacking convention
Article date: Fri, 15 Sep 2017 14:12 GMT
A small team of ethical hacking specialists from British firm Secarma has come out on top of the pile at the world’s largest hacking convention in Las Vegas; exposing more IoT (Internet of Things) vulnerabilities than any other team in the last four years.
96 teams competed in the IoT Village hacking challenges, with Secarma achieving maximum points in the Capture the Flag event and coming 1st in the SOHOpelesslyBroken 0-Day (zero day) competition at DEFCON25, discovering eight serious, previously unknown vulnerabilities in big brand routers and storage devices.
The win has prompted Secarma, which is part of the UKFast group of companies and based at UKFast Campus in Manchester, to issue a firm warning to businesses flooding the market with insecure IoT devices, leaving users open to malicious attacks.
Secarma Managing Director Paul Harris said: “Winning the 0-Day challenge is a huge accolade for us and proves we have some of the best hackers in the world. However, on a more serious note, these vulnerabilities were found on devices currently on the market and being used by thousands of people and businesses.
“I can’t emphasise enough how perilous 0-Day vulnerabilities are. In the wrong hands they can be used to exploit computers and devices, bringing down entire networks. They’re essentially holes in software that are unknown to vendors of anti-virus software and defensive security products, which are quietly exploited by cybercriminals to plant malicious code, enabling them to steal credentials, intellectual property, data or raid finances. It’s like a thief slipping into a house through an unlocked window.
“Because of the scale of opportunity that certain 0-Day vulnerabilities present they can be worth well over £1million each to interested parties.”
The security issues found by Secarma have been disclosed to the vendors so that appropriate remedial action can be taken.
The warning follows the Mirai botnet attack (which exploits IoT vulnerabilities) last year, which infected millions of devices around the world. The hack disrupted the internet, TV and phone networks of almost a million German Deutsche Telecom customers, as well as hundreds of thousands of Post Office and TalkTalk broadband customers in the UK.
Paul Harris explained: “The importance of keeping yourself secure online is nothing new, but the race to release the next smart device is leaving the world wide open to malicious attacks. At DEFCON our team managed to remotely access and completely compromise some of these devices within minutes.
“People are now filling their houses and businesses with these gadgets with little regard for the consequences if they are not properly protected.
“Despite major IoT cyber-attacks such as Mirai and Brickerbot, the Secarma team demonstrated these devices can still be hacked within minutes. Companies work hard at protecting themselves online, but it can all be undone by connecting an insecure ‘smart’ device to your network. You certainly don’t want a cyber-criminal accessing your network traffic, gaining access to your online banking and other sensitive personal data, with the ease we demonstrated.”
Secarma is calling for companies that create IoT products to take their responsibility for customer security more seriously, and for consumers to become more aware of risks that insecure smart devices present and the steps they should take to protect themselves.
For example, IoT consumers often fail to change the default passwords on their smart devices, or if they do change them, they don’t select sufficiently strong passwords, which could compromise not just a smart lightbulb, but every device on the same Wi-Fi network.
For more information from the world-leaders on securing your IoT network, visit: https://www.secarma.co.uk/internet-of-things-iot-security-checklist/
print this article.Return to Press Releases