Bett 2018: Schools and colleges need to be aware of risk from IoT devices

Hacking demo shows educators how easy it is to hack into a network from a smart kettle

The internet of things shows great promise, but always-on mobile and smart devices can pose a risk to academic environments.

Delegates at the Bett show, held at Excel in East London this week, were given an ethical hacking demonstration from a security consultant showing how seemingly innocuous devices can be used by ne'er-do-wells.

Sam Robshaw, senior cyber security consultant at Blackberry, explained how a smart kettle could be leveraged to hack into an academic network.

He said that while some IoT devices took security seriously (he mentioned Hive from British Gas being particularly security-focused), some other devices weren't as security hardened.

In a demonstration, Robshaw set up a test network with a smart kettle on it. The kettle was easy to access and with some research, he could find a manual for the unit and a default password to access it. From there, he discovered the kettle used AT+ commands as well as Telnet, an old and unencrypted protocol. It wasn't long before the kettle revealed the password of the network he wanted to hack into in plain text. This part of the demo lasted no more than a minute, but he had managed to access an otherwise secured network.

Using network sniffing tools, Robshaw showed delegates that he could find out if a Windows server had ports 139 and 445 running. This was an indication that the SMB protocol was running. He fired up Metasploit, downloaded and ran EternalBlue to see if he could exploit the Wannacry vulnerability on the test server. A minute later, he showed delegates that he had access to a command shell on the demo Windows server. From here he showed he had system privileges and added himself as a user.

He showed that it was all too easy to then search through files on the server for information on exams, test results and papers.

He said that the aim of the demonstration was to encourage schools and colleges to not only update servers and other computers against exploits, such as Wannacry, but to also take into account the susceptibility of smart devices to allow attacks through poor security practices in IoT.

Main image credit: IT Pro

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Recommended

Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021
CISOs aren’t leading by example when it comes to cyber security
cyber security

CISOs aren’t leading by example when it comes to cyber security

24 May 2021

Most Popular

The benefits of workload optimisation
Sponsored

The benefits of workload optimisation

16 Jul 2021
RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021