Reports have broken that the Metaspoilt tool, which can be used to maneuver through networks, servers and even OSes, is now being used to control the physical world. Researchers have discovered a new addition on Metaspoilt that extends Metaspoilts capabilities into hardware devices. Cesare Garlati, Chief Security Strategist at the prpl Foundation commented below.
Cesare Garlati, Chief Security Strategist at the prpl Foundation:
“Being an advocate of open source, prpl welcomes the ability for Metaspoilt to be used to test hardware, which is often neglected in pentesting typically limited to networks and network connectivity. Hardware is critical to journey to securing IoT devices.
“While the Metaspoilt update brings with it the potential for more vulnerabilities to be discovered, I think it must be used responsibly, with ethical hackers giving vendors enough time to address problems before they are disclosed to the wide world.
“It will be a wake up call to device manufacturers to take the security of hardware in connected devices more seriously and in fact hardware is the key to making security more robust in connected devices. It also further confirms that security through obscurity just doesn’t work anymore and it’s time for a more proactive approach to securing embedded devices including using open source, security through separation with hardware virtualisation and a root of trust established at the hardware level.
“Overall, this is a positive step for connected device security.”