Internationally recognized hacker and computer security expert Brad Smith took me on an unusual tour of the Capitol on Thursday. Smith runs the Computer Institute of the Rockies here in Helena and he’s the director of the National Cyber Defense Force (the website is down for upgrades). He’s an ethical hacker, or “white hat,” whose well-known in security circles for his expertise on hacking, social engineering, interview and interrogation techniques, and network security based on Biomimicy.
I’ve wanted to cruise the Capitol with Brad for months now, but I haven’t been able to catch up with him between his travels to security conferences in Las Vegas, Miami, Washington, D.C., Egypt, and most recently Kuala Lumpur, Malaysia. But on Thursday we were finally able to link up, so to speak. I wrote about our experience in Saturday’s Great Falls Tribune.
With a computer in his briefcase and a USB Bluetooth antenna up his sleeve, Smith wandered around the Capitol demonstrating how a hacker could easily break into smartphones, iPhones and laptops with nothing more than an inexpensive netbook, a $2.99 USB adapter, and free hacking software available online. Think I’m kidding? Click this link.
Smith strolled the hallways as his computer scanned nearby Bluetooth-enabled devices and identified those that could easily be broken into. In about 30 minutes of wandering his computer identified seven smartphones and three Apple MacBooks that had unsecured Bluetooth signals, and eith cell phones that were not as easily hackable.
Now, before you freak out and start wrapping your cell phone in tinfoil, I should say that very few people in Montana have the expertise required to execute a successful Bluetooth attack. Smith estimate there are probably fewer 100 people in the state with necessary know-how. That said, as we continue to advance into this bold new age of near-permanent Internet connectivity, the threat will only continue to increase, Smith says.
After the demonstration Smith sat down to talk to The Lowdown about the risks associated with using Bluetooth and other wireless devices and explained how people can protect themselves from digital attacks.
Of course the threat isn’t unique to the Capitol. Basically any Bluetooth-enabled device anywhere is potentially susceptible to attack. As Smith explains, what makes the Capitol a desirable target for unscrupulous hackers, or “black hats” is the sheer volume of opportunities to steal valuable information like address books, account log-in info and even bank account information from lobbyists and lawmakers.
Check out this article from TechRepublica that explains how Bluetooth works, and how you can protect your Bluetooth devices.
This Secure Network whitepaper goes into even greater technical detail about the security vulnerabilities of Bluetooth and offers tips on how not to fall into the Bluetooth trap.