Cybersecurity: why the advent of 5G is bringing ethical hacking into a golden age
Soon hundreds of millions of connected objects and as many possible flaws for hacking: faced with an increased risk, more and more companies are offering the services of “friendly hackers” who attack their systems to detect their weak points . These experts in digital piracy range from the rank of occasional amateur to that of star with cumulative revenues exceeding one million euros. Their mission quickly spreads with the announced advent of the “Internet of Things”, taking the sector out of its niche status, according to experts.
“Six or eight years ago, it was considered a trendy Silicon Valley thing”, testifies Keren Elazari, expert in cybersecurity and ethical hacker. Today, “bug bounty” programs are offered by multiple organizations, big ones – like the Pentagon, banks, airlines and other tech giants – but also thousands of smaller companies, says she said at a conference organized in Finland by the world number three in 5G networks, Nokia. The largest platform for friendly hackers, HackerOne, currently has 800,000 members. In 2020, its customers have already paid 44 million dollars (38.2 million euros) in rewards, a record. But a godsend “When a single IT engineer in London costs you 80,000 euros per year”, Prash Somaiya, HackerOne’s security solutions architect told AFP.
A lucrative activity
As the digital world moves further and further away from only computers and phones, the company is sending toys, thermostats and connected cars more and more regularly to its hackers to break into customers’ IT systems. “We already know from what has happened over the past five years that criminals are finding very smart ways to use digital devices.”, observes Keren Elazari. In 2016, the Mirai malware, for example, took control of 300,000 unsecured devices – including printers and webcams – using their mass of data to “bring down” multiple media, corporate and government sites.
In October, Nokia announced that it had detected a 100% increase in malware intrusions on connected objects in one year. The rewards for hackers can be lucrative: 200 of “Bug hunters” of HackerOne have passed the $ 100,000 bonus mark since they started with the group, and nine of them have crossed the million mark. Apple, which runs its own program, offers maximum bonuses exceeding one million euros. “The financial incentive is of course an important factor, but there is also a mentality of breaker, which makes it possible to understand how things are built so that one can destroy them and tear them to pieces”, says Prash Somaiya.
A Covid-19 effect?
The interest of companies in teleworking, in the midst of the Covid-19 pandemic, also led to a jump (+ 59%) in registrations at HackerOne with a one-third increase in rewards paid. The French and British authorities in particular have used ethical hackers for their coronavirus tracing applications, according to Mr. Somaiya. If 5G has new security functions integrated into the network infrastructure – which was not the case until now – this technology is much more complex than the previous ones, leaving more room for human error. . “I see a lot of risks of misconfiguration and inappropriate access controls”, argues Silke Holtmanns, 5G security expert at the specialist AdaptiveMobile.
The European Union, like governments around the world, is gradually tightening cybersecurity requirements and inflating fines and penalties for data breaches. “Until now, companies have struggled to motivate larger investments in security”, according to Holtmanns, who advises the EU on these matters. But “If they can say ‘with that level of security we can attract more customers or lower insurance premiums’ people start to think in that direction, which is a good thing”, rejoices the expert.