October 2017 Discover

(Jeff_L) #1
50 DISCOVERMAGAZINE.COM

PHOTOS BY T.J. KIRKPATRICK/REDUX; HATS BY MACROVECTOR/SHUTTERSTOCK

ONE WINTER
MORNING in 2015,
as he left for work
from his home in
Silver Spring, Md.,
Jonathan Margulies
pushed the button
on his remote to close
his garage door. Nothing
happened. He tried again. Nothing.
The motor was shot.
He ended up replacing it with a
“smart” opener that not only lifted and
lowered the door, but also connected
to the internet. With a swipe on a
smartphone, Margulies could operate
the opener, and if he left the door
open, the opener would send him a
text. He could close it from anywhere.
It’s particularly appealing to people
like Margulies, who occasionally
panic, in the crush of rush hour, that
they’ve left their homes wide open and
defenseless. To some, the smart opener
may seem a godsend.
But Margulies, 36, isn’t just any
consumer. For more than a decade,
he’s worked as a cybersecurity
expert, doing vulnerability and
security assessments for Sandia
National Laboratories and the
National Institute of Standards and
Technology, and more recently, for
the U.S. Department of Justice. One
area of his expertise is identifying
security flaws in a company’s digital
infrastructure or product by thinking
and acting like malicious hackers.
Identifying security flaws is the
first step in ethical hacking, where

good-guy hackers — the kind you
want on your side — use what they
learn to improve electronic security.
They tend to be obsessive, passionate
and sleep-deprived. When they see
cracks in the virtual world, they want
to peek through to discover what’s on
the other side.
They’re becoming increasingly
important, and visible: In May, another
good-guy hacker, an attentive 22-year-
old in the U.K., spotted an unfolding
global cyberattack named WannaCry
and successfully stopped the attack.
For these “white hat” hackers, the
key to building a successful defense is
to find weaknesses and fix them before
someone else breaks in. Given the
ubiquity of online communication,
plugging security flaws is critical
at all scales, whether it’s protecting
someone’s bank account or, say,
preventing the hacking of political

An internet-connected garage door opener sent cybersecurity expert Jonathan Margulies on a
hacker’s journey to figure out how vulnerable his home was with the convenient new device.

campaigns to influence a national
election.
Margulies acknowledges he’s not a
great hacker — he’s better at identifying
security vulnerabilities than actually
replicating the destructive coding and
social engineering tactics of malicious
hackers. But searching for electronic
fault lines is still second nature, even
when he’s not at work. “You can’t help
trying to break things all the time,” he
says. So, there he was, in 2015, with
a brand-new gizmo in hand, a new
system to break.
He wanted to know: How vulnerable
is this new garage door opener? Could
someone hack it and enter uninvited?
A smart opener connects to his home
network, so just as a burglar who gets
into a house could rummage from room
to room, a malicious intruder who’s
taken control of the garage door could
access every other connected device in
the home — phones, televisions, laptops
and all their data.
It’s home invasion, in bed with
identify theft.
So Margulies began to map fatal flaws
in his new opener’s digital design. Could
he, effectively, break into his own house?

HACK ALL THE THINGS!
Security experts are both thrilled
and anxious about the internet of
things (IoT), the ever-growing collection

BLACK HAT
BAD

GRAY HAT
NEUTRAL

WHITE HAT
GOOD

WHAT’S ALL THIS ABOUT HATS?
Originating from the
sartorial choices of
cowboys in old Westerns,
“bad guy” hackers are
known as black hats and
“good guys” as white hats.
Hackers who occupy the
space in between became
known as gray hats.

O

Free download pdf