Learn how the Advanced Threat Research Team can stop hackers from stealing personal data from a wearable device.
At CES 2020 in Las Vegas, TechRepublic’s Teena Maddox spoke with Security Researcher on McAfee’s Advanced Threat Research Team Sam Quinn about McAfee’s Just in Time jamming technique and what consumers should keep in mind as they live a more connected lifestyle. The following is an edited transcript of the interview.
Sam Quinn: We implemented a Just in Time jamming technique for the state sensor of the MyQ garage door device. Just in Time is a way of jamming where it only jams when it needs to, rather than just drowning out all radio frequencies in the surrounding area. Our security research team explored how this attack could take place in the normal, everyday scenario, and we came up with a few ideas.
One of the most ideal scenarios was us creating a small device that’s battery operated, that could be a place in the bushes or on the side of your house, and this implements a just in time jamming technique where, as soon as the garage door state sensor transmits its state, we’ll jam that from the mobile application from ever receiving it. This allows us to use this technique to jam the garage door without us being present and helps the attack be more successful.
It’s not available on the market and we don’t plan to release anything like that, but the tools and techniques that we’ve used are released in our blog and white paper. One of the things is it’s on your personal finger, and it’s hard for an attacker to walk up and scan your finger without you noticing. One of the most common ways that we came up with was a lot of people ask for you to take a photo of them or your family, and a lot of people do it without thinking that they could be releasing the credentials on their [McLear Smart] Ring to the phone.
We actually created a malicious application that runs in the background of an Android phone where, when you hand the phone to someone to take your photo, it will scan the Ring in the background, saving the credentials where we could then write to our own Ring or access card.