Nelson Uto and Veronica Schmitt, both Assistant Professors at Noroff University College, gave the audience a lesson in cyber security, or lack thereof, at the Agder Cyber Security Forum last week. Hosted by Noroff, the event provided new insight into vulnerabilities in an increasingly interconnected digital world. They also offered solutions to prevent intruders from entering your computer systems.
Nelson has exploited six-digit BIN codes to expose weaknesses in credit card handling, and shown how to access your neighbor’s power meter to check whether they are home or not.
According to Nelson, cyber security is all about regular testing of your computer systems. You need to search for weaknesses and fix them before they are exploited by people with bad intentions.
“Penetration tests, when done properly, will reveal unsecured or hidden doors into your systems. When I pose as an intruder, I want to break things. I collect information about your system and run threat modelling and vulnerability analyses. I run codes and search for ways in”, said Nelson.
INSURANCE
The job involves a lot of manual work and creativity, according to Nelson. Regular penetration tests cost businesses time and money, but can be seen as a modest insurance premium against damaging break-ins.
Veronica Smith specializes in hacking medical devices to expose security flaws. In European hospitals there are about 18 million medical devices that are hooked up to digital networks. They are designed to function, and only small efforts have gone into making them hacker proof. While hardware often keeps working well, software becomes outdated and vulnerable.
“Surgery robots are built to work with precision, not to be inaccessible. Infusion pumps are hooked up to network systems that are easily compromised. I am a patient myself and rely on a medical device to function. I ask myself what is most important? Functionality or security? I think both,” Schmitt said – adding:
“I tell hospitals that incidents will happen. Systems will be broken into. You need to have a system in place to detect and remedy security holes”.
