Be wary of gifts like mice or USB sticks, but also connected objects like smart coffee machines. All these accessories, which at first glance seem harmless, can allow hackers to infiltrate even protected company IT infrastructures.
If you think that hacking into corporate IT infrastructure requires extensive computer knowledge and hours of password cracking, you are wrong. Often, a few tools in the form of hardware are enough to infiltrate even a secure computer system. Two ethical hackers demonstrated this at the PwC Cyber Symposium on Wednesday, June 26, 2024, in Royal Green, Moka.
Simon Petitjean and Antoine Goichot, both from PwC Luxembourg, used a method that is as simple as it is effective. In their scenario, the Chief Executive Officer (CEO) of a fictitious company receives a simple computer mouse as a gift during a seminar. Nothing distinguishes this object from any other mouse on the market. However, it is booby-trapped. By plugging it in, the CEO unwittingly gives the hacker remote access to his computer. The two men then demonstrated how easy it is to access all the data on the targeted computer, even from miles away. It is then possible for the hacker to infiltrate the entire IT infrastructure of the company to which the computer is connected. Multiple possibilities then open up to hackers. They can install ransomware, steal confidential data or simply delete it and block the system.
Simple keyboard
But how is it possible to connect a booby-trapped mouse without the computer’s antivirus or the firewall of the company’s IT infrastructure detecting it? “In fact, the mouse has passed itself off as a simple keyboard. From a technical point of view, it’s like plugging in a keyboard that types very quickly. So (for the antivirus), there’s nothing malicious about it. Unfortunately, you have to be wary of everything. Almost everything can be used by hackers for bad intentions,” says Antoine Goichot.
He cites the example of USB sticks (pendrives) that can be received as a gift. Another example is more surprising. It concerns a company whose computer system was hacked via a connected coffee machine. This company had installed this connected object in order to monitor coffee consumption in its premises. Unfortunately, hackers managed to infiltrate the computer system by entering it through this smart coffee machine.
Simon Petitjean explains that the best way to protect yourself from computer attacks is to accumulate protections. Each tool or initiative that protects the IT infrastructure is similar to a shield. Each has its flaws that let attacks through, but the accumulation of these shields limits the risk of attack. It is also necessary to regularly audit your system using ethical hackers. The latter take on the role of real hackers to try to hack the system and thus detect flaws in order to correct them. “Testing your protections allows you to check whether they are watertight or whether they have flaws. These tests can be carried out annually or several years,” says Antoine Goichot.
