Breaking News

Friday, 2 February 2018

Hacking connected objects becomes simple as a breeze

With AutoSploit software, a few keywords are enough to mass-hack systems accessible through the Internet. The software provokes a lively controversy among security researchers.

hacking

Bad news for users of connected objects. A hacker called "VectorSEC" has just created a devilish tool that allows to hijack these devices, and completely automatically. Called "AutoSploit", this software combines two tools well known by security researchers: Shodan.io, a search engine that can detect vulnerable connected objects; and Metasploit, a modular hacking platform used for security audits.

The use of AutoSploit is very simple. It is sufficient to indicate a keyword that refers to a particular system ("IIS", "Apache", "Western Digital", etc.). The software will then retrieve from Shodan.io a list of accessible devices, then select from the Metasploit modules a series of attacks to obtain direct access to the system. Packed it is weighed.

In the hacker community, this publication has created a lively controversy. Some believe, indeed, that this software does not respect the code of ethics of the researchers in security. "There is no valid reason to put mass public-service hacking within the reach of script-kiddies. It is not because it is possible to do something that it is wise to do it. All of this will end in tears, "says Richard Bejtlich, founder of TaoSecurity, a Cisco security-oriented subsidiary.

One of his colleagues, Craig Williams, goes even further, cataloging the tool as malware. According to him, it allows "to target systems on the Internet that [the user] does not control and does not have permission to attack". The fact that the hacking is totally arbitrary would not allow to use AutoSploit legally, as in the context of a security audit.

For its part, Rob Graham, CEO of Errata Security, think that the publication of this software is a good thing because, ultimately, it will contribute to the improvement of the general level of security. "All that makes script-kiddies work is a good thing because these systems will be hacked and patched without much damage. They will therefore be less vulnerable to hackers from government actors or organized crime, "he says. In other words, AutoSploit would be a necessary evil to advance the schmilblick. And you what do you think ?

No comments:

Post a Comment

Technology Tech news