The article was written by Matthew Anthony Pace and was published on the Sunday Times Tech-Sunday (18th January 2015)
Most people these days wouldn’t second guess the security of the products they use in everyday life. You probably be shocked to know that the average household has 3 - 4 unique exploitable points that a knowledgeable security expert could use to gain access to internal devices, which then can be controlled and the personal information which is located on them. These household exploitable points include Smart TVs, network connected set top boxes, any kitchen appliance which has some type of network connectivity and of course the houses occupants themselves are exploitable.
Most, if not all software and hardware vulnerabilities come from developers who have either maliciously or accidently left an exploitable security point in a product or service, these could have originated from the developer her/himself either due to inexperience with security best practices or just simply be inherited due to the use of a third party framework which could contain an exploitable piece of code.
There are 3 main types of hackers, the first being white hat which is also known as an ethical hacker, is someone who attacks and breaks security for non-malicious reasons, they usual do this to test the strength of their own systems or are hired by businesses to identify any security weaknesses in their products and their existing implemented systems, this way businesses have peace of mind that if there are any issues or violations of security best practices that they are brought to their attention so they can be resolved.
The next type would be black hat, which is someone who breaks into secure systems to steal, modify, delete data or just make a system unusable for all other legitimate users. Black hats will often perform these acts for nothing more than personal gain, a thrill or a challenge. Black hats usual find vulnerabilities and keep them to themselves and do not release them to the general public or inform the manufacturer, so that a patch may be created and released to fix the issue.
The last type is grey hat, which is a combination of both black hat and white hat hackers. They usual look for vulnerabilities for the fun of it and then notify the manufacturer or owner so they may correct it or in most cases offer to correct it for them for a payment.
When it comes to locating new vulnerabilities, it can sometimes just be pure luck that they were discovered by a curious individual just wondering how a particular system functions or it could be security researchers or hackers brute forcing their way using a number of different techniques to detect them.
One technique is packet and logic analysing, which works by capturing and reviewing the raw data that is being passed over a data bus, whether over a wireless interfaces such as WI-FI, Bluetooth and other radio frequencies, or over wired interfaces such as Ethernet, USB and other physical connections such as micro-chip to micro-chip communication.
Another approach is for a security expert to examine the source code of the application to find any vulnerabilities which could be used for exploits. If however the source code is not available, reverse engineering the compiled version is possible, which would have the same outcome as having the original source code.
While the next technique is not directly linked to detecting and discovering new exploits per say, it is used, however to exploit the human psychology. This type of exploit uses a less technical approach, in the terms it requires the least amount knowledge on hardware and software systems and can be performed by almost anyone, this technique is known as social engineering. Social engineering is an act of psychological manipulation, it works by one or more persons tricking a vulnerable person in to gaining their trust, which then can be easily used to get sensitive information such as credit cards, passwords and unlawful physical access to buildings, usual just by talking and pretending to be someone else with an important status.
Any individuals looking to start a career in the security research industry should have the mind-set of thinking outside the box and will have to dive deep down in to the inner workings of systems to uncover new exploits, however a career in the penetration testing industry would require to stay up-to-date with the latest techniques used and security best practices.
Original Times of Malta Online Article:
Copy of printed Newspaper: