Samy Kamkar (@SamyKamkar) is one of the most prolific experts that periodically presents new astonishing creations to the IT security industry. Most of you will remember for sure MagSpoof, Combo Breaker, SkyJack, OwnStar, OpenSesame, USBDriveBy, RollJam, and KeySweeper.
Enjoy the Interview!
Hi Samy, you are one of the most popular and creative white hat hackers, could you explain which his your technical background and when you started hacking?
Thank you! I dropped out of high school around 16 and have no further formal education or background in technology except for the amazing resource that is the Internet. I first got the Internet around the age of 10 (I’m 30 now) and immediately was interested in the world of hacking. It was around 13 that I started to learn to code and began understanding basic exploitation techniques. Reading Phrack, various e-zines, finding others on IRC, and studying existing open source exploits and tools helped with learning but the quickest way for me was to attempt to code my own tools (and fail often).
Have you read about the recent FBI notification on KeySweeper? Which is your opinion?
Yes, I was alerted by a few people about this. I’m curious why they’re sharing it now but I suspect the FBI may have found a KeySweeper device in one of their investigations, however, I have no information to confirm that.
Everytime you have presented a new hack, you have reminded us how much vulnerable is our society. Which is the industry (healthcare, automotive, telecommunication, banking, and so on) with the largest attack surface and why?
I believe IoT is going to produce the largest attack surface for at least the next few years. The rapid development, low investment requirement, and difficulty of upgrading these devices while we continue to connect them to critical devices such as our phones, computers, tablets and the Internet, will expose us greatly with a wide open attack surface. If you take a look at many IoT attacks, it often doesn’t take much sophistication for something to essentially break open, as compared to some of these other industries where at least there are often some reasonable roadblocks and challenges before an effective attack can be mounted.
What scares you more in the internet?
The thing that scares me the most, and what I believe will be the root cause of massive technological chaos in the near future, is any teenager out there who may find a way to do harm and go through with it. I’m a huge proponent of sharing information and teaching anyone who wants to learn about technology, and while I love sharing with the younger generation to wield knowledge, I suspect it will be someone young who ends up using that knowledge the wrong way.
Is a major cyber attack on a critical infrastructure a concrete risk?
Technological attacks on critical infrastructure are definitely a huge risk. Some attacks may use technology and be remote but not by cyber-related. I have some research in this area I hope to release in the coming months as well.
Dear Samy really Thank you, it has been a pleasure and an honor … We will wait for new researches in the coming months. All the best!
If you appreciate my effort in spreading cyber security awareness, please vote for Security Affairs as best European Security Blog. Vote SecurityAffairs in every section it is reported. I’m one of the finalists and I want to demonstrate that the Security Affairs community a great reality.
(Security Affairs – Samy Kamkar, hacking)