Open-Source Tools Carry Dangers

By Sean Martin  |  Posted 08-10-2010 Print Email

There appears to be a never-ending line of open-source tools and commercial debuggers that allow the common computer user to explore the inner workings of nearly every aspect of a computer network system - including hardware, I/O ports, operating system, drivers, and applications. With the introduction of hypervisors, even more tools have become available, opening up the virtual environments to deep inspection and analysis.

A hardware-based attack method, for example, leverages many of the pre-defined functions that exist in the USB Human Interface Device (USB-HID) standard in order to perform cross-platform attacks. With an abundance of USB-HID-enabled devices available in the market, the attacks become extremely easy to carry out.

Hacking the Java client is also a common way to bypass client-side security controls. A Java client-server application can be compromised using an entirely open-source toolset. By injecting an interactive console into the running Java application, one could call any method desired on the client side, thereby bypassing client-side security controls.

There are also myriad ways to exploit vulnerabilities in the device, protocol, application, host, and network components of the SCADA Systems and Smart Meters. These systems and meters control the generation, transmission, and distribution of power throughout neighborhoods across the US. Successful attacks against these vulnerabilities could allow one to steal power from their neighbor. Brings new meaning to 'love thy neighbor,' doesn't it?


Submit a Comment

Loading Comments...