This article is part of the series "[Podcast] IoT Pen Tester Ken Munro". Check out the rest:
Leave a review for our podcast & we'll send you a pack of infosec cards.
If you want to understand the ways of a pen tester, Ken Munro is a good person to listen to. An info security veteran for over 15 years and founder of UK-based Pen Test Partners, his work in hacking into consumer devices — particularly coffee makers — has earned lots of respect from vendors. He’s also been featured on the BBC News.
You quickly learn from Ken that pen testers, besides having amazing technical skills, are at heart excellent researchers.
They thoroughly read the device documentation and examine firmware and coding like a good QA tester. You begin to wonder why tech companies, particularly the ones making IoT gadgets, don’t run their devices past him first!
There is a reason.
According to Ken, when you’re small company under pressure to get product out, especially IoT things, you end up sacrificing security. It’s just the current economics of startups. This approach may not have been a problem in the past, but in the age of hacker ecosystems, and public tools such as wigle.net, you’re asking for trouble.
The audio suffered a little from the delay in our UK-NYC connection, and let’s just say my Skype conferencing skills need work.
Anyway, we join Ken as he discusses how he found major security holes in wireless doorbells and coffee makers that allowed him to get the PSK (pre-shared keys) of the WiFi network that’s connected to them.