Reply to post: Spear Phishing

Researcher criticises 'weak' crypto in Internet of Things alarm system


Spear Phishing

If the target is worth the time then you aim a trojan at the user, their home computer then listens on the local network, sniffs the password as they test (or show off) their remotely controllable alarm system, and then either sends the info out or waits for your 'main screen turn on' instruction to come through, 'what happen' being entirely optional.

Better yet, start up a mailing list management company and given time you will have a collection of ready-made target lists to work from.

If the data is only present on the remote network then you pwn the remote network. May or may not be trivial of course but that's why these films have the proverbial motley crew, to cover all the angles.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019