You can now use Metasploit security to hack everything from smart fridges to smart cars for vulnerabilities
It is said that the future belongs to Internet of Things, Virtual Reality, and Augmented Reality. That said, one of the biggest worries facing security companies is the security and privacy issue associated with Internet of Things connected devices like CCTV cameras, smart fridges, routers, smart cars, etc. Rapid7, the developer of the world famous hacking tool, Metasploit has now upgraded it to hack today’s Internet of Things (IoT) devices, granting researchers the opportunity to scour for bugs in almost everything that is connected to the Internet.
Rapid7 Research Director of Transportation security Craig Smith announced on Thursday that the Metasploit framework can now link directly to hardware, permitting users can develop exploits to test their hardware and conduct penetration testing with less time wasted. The upgraded Metasploit security kit will give security researchers an open window to hack and find vulnerabilities in various Internet of Things devices.
Earlier, researchers and hackers had to build multiple tools to hack different Internet of Things, Metasploit now allows them to find vulnerabilities in different IoT devices with a single hacking tool.”Metasploit condensed a slew of independent software exploits and tools into one framework and now we want to do the same for hardware,” Smith says.
If you are a security researcher or hacker, you can download the upgraded Metasploit security kit for free. The framework currently boasts roughly 1,600 exploits and 3,300 penetration testing modules. Due to the fresh update to the Hardware Bridge API, users are no longer limited to Ethernet network connections. Instead, researchers can build support directly into firmware or create a relay service through a REST API, which is necessary for some hardware tools including Software Defined Radio (SDR) that cannot communicate over Ethernet.
“Every wave of connected devices, regardless of whether you’re talking about cars or refrigerators, blurs the line between hardware and software. As we like to say, this hardware bridge lets you exit the Matrix and directly affect real, physical things,” said Smith. “We’re working to give security professionals the resources they need to test and ensure the safety of their products, no matter what side of the virtual divide they are on.”
The initial release focuses on IoT, with a particular slant towards automotive penetration testing. The bridge now includes modules for testing vehicle Controller Area Network (CAN) buses and users are also offered interactive commands for gathering information on vehicles being tested, such as speed and inbuilt security systems.
Rapid7 is asking users of the initial Metasploit release to provide feedback and suggest new automotive features for future versions.