At the recent nullcon conference, E-Hacking News had the chance to interview Arthur Garipov, Senior Research Specialist at Positive Technologies, who presented his research on "Drone and IoT Hacking" at the conference.
How and when did you start taking interest in computers and Cyber security?
I had interest in computers from school time, but unfortunately, I couldn't get access to the technology for a long time. I bought my first computer, when I was 20 years old, during the second year of University.
What is your college major?
I did mathematics in University. About 20 specialists in every year has graduated from this Department, but most of them don't continue career in this field. At best, they start working as programmers. But, in my opinion, cyber security is actually pure math. This is quite excellent field of research and capacity development activities.
What qualities do you think are necessary to work in cyber security field?
So, people should have appropriate mentality to engage in a cyber security. For example, if you are interesting in something, trying different approaches, thinking " is that really so?" and checking it out, you can do this job great. That's all.
Tell us about your current and previous experience in the computer field
About two and half years ago I started work in "Positive technologies", which is leading global provider of enterprise security solutions, and I'm still working there. Before that I lived and worked in Ufa (the capital city of the Republic of Bashkortostan), where I finished the Ufa State Aviation Technical University. Before current job I had different types of job. I also worked as a software developer at OZNA.
You gave an excellent talk on "Drone Hijacking and other IoT hacking with GNU Radio and SDR", How much time you spent on this research?
Well, it's hard to tell.. I got interested by researches in the field of wireless technologies and Telecom one and half years ago.
At first, I learned about the SDR and GNURADIO devices. Then I started to get more details about drones. At the time, there was research on mouse and keyboard. After reading the research, i found out that the same kind of chip is used in drones. Thankfully, i had a lot of free time to do research on this. Currently, i am doing research in IOT and Telecom.
Can you share the most interesting research which you did in Telecom field ?
I had experience in research on "Hacker SIM Card" and how it works. In short, this is special sim. When you put it in phone, you can set any mobile number which you want and make a call to somebody. The person on the other end will see the spoofed number. This is only one function of "Hacker SIM Card". This research was very easy for our team. We immediately understood how it works.
How did the work in "Positive technologies" help you in your research? And how did your research affected the work?
The company, where I'm working now, is interested in fact that employees can conduct research, can do self-improvement, moreover, employees start be motivational and be looking for new opportunities.
Initially, at work I faced the challenge of understanding how wireless protocols works. I started study and did research on the subject. I was fascinated with Drones, which can be called "life hack". Further, it was the reason for a new competition at PHDays, where anyone can take control of the quadcopter Syma X5C. I would like to add, that I'm an organizer of the MiTM Mobile contest and hands-on lab at PHDays 5 and PHDays 6.
With regard to second question, researches give us the opportunity to audit completely. We have a small team, respectively, which is able to hack using different methods. For this reason we can make complete research. So, we are checking the weakness and inaccuracies, finding way to solve this problem, and finally acting! It's how we work!
Now is the age of smart things. What do you think about it? Is it danger?
The danger is that in the modern world wireless devices are taking quite a hit. The hacking of "the electronic brain" of the drone is possible, I showed this in my presentation at the conference and also demonstrated evidences.
For example, the system of "Smart house" designed on the same technology as the drone. Just imagine that your device will be able to control by someone outside. In this case there are different ways of hacking, including wireless. Hacker have the ability to turn off all electronic locks, fire system and so on..
And another example, people usually think that car alarms can help to prevent car theft. But they are wrong. Unfortunately, sometimes this "security" solution might help hackers to steal the car. For instance, some alarms with GSM modules could allow hackers to send an exploit to hack the car. Just think of it, you only need some special knowledge to unlock the car door. So, it was also interesting research for me, if go back to the previous question.
What is your comment on Cyber security in Russia?
It is depending up on the place. Cyber Security in Moscow is very advanced. In other places, it is increasing rapidly. Moreover, in Russia there are many qualified professionals in this field.