At the Def Con 18 conference in Las Vegas this weekend, security experts demonstrated just how vulnerable companies are to outside attacks.
One of them handed out free software that steals information from Android phones.
Nicholas Percoco, head of Spider Labs, said the software, called a root kit, allows hackers to read texts and email messages on Android phones. "It wasn't difficult to build," he told Reuters. "There are people who are much more motivated to do these things than we are," he said.
The annual conference is designed to allow hackers and security experts to mingle, break codes and improve security systems. No one is required to identify themselves.
Percoco handed out DVDs of the root kit tool to persuade manufacturers to patch the bug that allows access.
According to Google, about 160,000 Android phones are activated every day. "We could be doing what we want to do and there is no clue that we're there," Percoco said.
CNET reported that hackers were easily able to infiltrate 10 major U.S. companies – with just a phone call. Pepsi, Coca Cola, Shell, BP and even Apple and Google were some of the companies they tricked.
"Every single company, if it was a security audit, would have failed," Christopher Hadnagy, security operations manager for Offensive Security, told CNET. "Not one company shut us down, although certain employees within the company did. But we (participants) were able to call right back and get another employee that was more willing to comply."
Social engineering – a hacker term for tricking people into giving up sensitive information – is an easy way to steal company secrets. Companies set up significant resources and technology for security, but often neglect their own employees.
"The human resources are the weakest and softest spot of the whole organization," Mati Aharoni, lead trainer at Offensive Security, told CNET at the conference. "The most used vector by hackers today is the easiest route, and that's usually the human element."
Employees would even click on the ‘Help/About' icons to read off the version and product ID numbers of software programs like Adobe Reader and Microsoft Word to people who called. That kind of detailed information allows hackers to attack with a higher level of specificity and success.
Read more: http://www.nydailynews.com/money/2010/08/01/2010-08-01_at_def_con_conference_security_experts_say_android_bug_lets_hackers_read_texts_a.html#ixzz0vPYyCWRd
No comments:
Post a Comment