TalkSecure

Hacking Embedded Devices

Posted on

by

Phone lock code. Smartphone protection with 2fa (two factor authentication). Smartphone protection and security with pin number. Encrypted data. Personal online privacy. Cyber hacker threat.

Interview with Ted Harrington, author of “Hackable, How to do Application Security Right,” and Executive partner at Independent Security Evaluators.

Ted Harrington’s company, made up of ethical hackers, was born out of the Ph.D. program at Johns Hopkins University. In this interview, he explains how his research team has been able to hack cars, phones, medical devices, and other embedded systems.

Ted defines an IoT device as “anything that you can communicate with.” He talks about how critical medical devices can be exploited to cause harm or fatalities to patients in healthcare settings. “We found a variety of ways we could do that,” he says. For example, his team was able to execute remote code execution on the device so, say, a heart monitor can report fake vital signs to their doctors.

He also talks about how his team pioneered car hacking research going back to 2005 before cars were connected over WiFi like they are today. At the time, they were able to immobilize cars between the car entry key and its onboard computer to disable the ignition.

“The system at the time was considered to be ‘unhackable.’ But if you say that to a team of hacker-minded computer scientists, they’re going to say, ‘challenge accepted.’ So my business colleagues at Johns Hopkins University at the time reverse engineered the cryptographic algorithm, and then built a weaponized software radio with which they were able to communicate with the onboard communicator without the authentic car key.”

Embedded system failure occurs on all levels – from product security management to change management to secure investment and threat modeling, he adds. “It’s the leadership’s responsibility to prioritize security. My advice to developers is to think like a hacker. I would argue that there’s a hacker in all of us.”

{% video_player “embed_player” overrideable=False, type=’hsvideo2′, hide_playlist=True, viral_sharing=False, embed_button=False, autoplay=False, hidden_controls=False, loop=False, muted=False, full_width=False, width=’1280′, height=’720′, player_id=’101434700902′, style=” %}

Book a Demo

We’re ready to help you integrate SAST and SCA security into your DevSecOps flow. Get a personally guided tour of our solution offerings to ensure you are receiving the right solution for your development team. 

book now