What do hackers and street artists have in common? If you asked that question to the average person, you probably wouldn’t get much of an answer. But it turns out, both the hacker and the artist are equally capable of exploiting gaps in wireless security.
This isn’t hyperbole. In fact, an artist by the name of Kyle McDonald has been making a living as both a street artist and a hacker, albeit with no malicious intentions. With the help of a friend, the North Carolina artist recently created an art installation at Moogfest, which they call the WiFi Whisperer, whereby they collected insecure data from festival attendees who walked by their booth and displayed the info through monitors and speakers. It’s as clever as it is scary.
Their goal was to not only call attention to the fact that mobile devices are vulnerable to network attacks, but also to give people a sense of exactly how it feels to be violated by a WiFi hijacker.
McDonald feels his responsibility as an artist isn’t to raise awareness of this issue but rather to help people experience these threats firsthand.
“I realized that whistleblowers are good at raising awareness, and artists are pretty good at something else, which is giving people direct experiences of things,” he said in an interview with Wired.
Over the past few years, network hacking has become more and more prevalent. Thanks to high profile incidents such as the Dark hotel hack in 2014, Hello Barbie hack in 2015 and the Jeep Cherokee hack from the summer of that year, consumers and companies increasingly understand the risks their mobile phones and other wireless devices expose them to. But only recently has become painfully obvious as to just how easy this type of attack has become.
The Simplicity of Network Attacks
What should be even more concerning is the lack of expertise the artists had and how little sophistication their breaches required. The sniffers were built from eight Raspberry Pis and wireless antennas tuned to different open wireless channels.
Most of the information gathered were through several key vulnerabilities:
- Leaving device WiFi and Bluetooth accessible
- Connecting to unprotected WiFi networks
- The information flowing into and out of secure apps
General belief is that these vulnerabilities can only be exploited by expert hackers, but the fact is the technology and knowledge available to steal sensitive information is readily available to anyone who wishes to Google for them and purchase tools on eBay.
Future Network Threats
Luckily, artists like McDonald aren’t the only ones experimenting in this area and bringing their findings to light. From our example earlier, security researchers Charlie Miller and Chris Valasek recently demonstrated their ability to wirelessly carjack a Jeep Cherokee. The hackers developed their zero-day exploit technique which gives them access through the car’s WiFi connected entertainment system and allows them to control dashboard functions, steering, brakes and transmission – all remotely.
This is another application which should help demonstrate to companies the extent to which they are vulnerable to network hacks. Hacking conforms to principles laid down as early as Sun Tzu’s “The Art of War.” Attackers will direct their assault at areas where the enterprise does not think to defend. If the enterprise defends the devices that are under their control, the hackers will go for uncontrolled devices that are still trusted nonetheless—such as your CEO’s car.
When anyone – even artists – can infiltrate your sensitive information, it’s important to have a comprehensive security system in place; one analyzes real-time threats and attacks in the vicinity of the device.
