Today we meet with Samy Kamkar; an American white hat hacker that has become one of the most famous and skilled privacy and security researcher.
In 2005 his name became famous when he created and released the Samy worm onto MySpace. Within hours, the Samy worm infected over one million users becoming the fastest spreading virus of all time and the MySpace team was forced to shut down the service temporarily to fix the problem.
After that, Samy decided to become a white hat hacker and devoted himself to demonstrate the weaknesses of digital systems.
Among his notable works are;
- the discovery of iPhone, Android, and Windows Phone illegally transmitting GPS and Wi-Fi information to parent companies
- The release of Evercookie, an application that produces zombie cookies in web browsers difficult to delete and that was mentioned by Edward Snowden as a method of tracking Tor users
- SkyJack, a software released one day after Amazon announced its intention to deliver small packages using drones. The SkyJack software allows its user to hijack nearby Parrot drones
In November 2016 Samy Kamkar released PoisonTap, a small portable device to hijack all Internet traffic on any targeted machine even if they are locked or protected by a password. Samy is telling us more about poisonTap in the interview.
On Samy Kamkar official website you can find a complete list of his projects.
Hello, Samy and thanks for your time. You have a very impressive profile, and most of your greatest hits are well known. How did you get into the hacking world and why did you choose to become a white hat hacker?
Thanks! I started learning a little bit about technology around age 10 and a bit of programming as well. It was at that point that I wanted to be a hacker (though back then we didn’t have the different between black hat or white hat).
How did the internet world change after the revelation of whistleblowers like William Binney first and Edward Snowden then?
I think people less technically savvy realized what governments are capable of.
We still see many people that just don’t care much about internet security or believing that the news is exaggerated. For many still, prevails the attitude “I do not have anything to hide.” How would you reply to such a statement?
There are too many other concerns — while you may have nothing to hide, the more people who can access your private data means the more likely a bad actor can see that same information and thus use it against you or for their own gain. For example, something as simple as your credit card number or bank account info.
Recently the US Government has voted for S.J.Res.34 that allows ISP to collect and sell to third parties their clients’ personal information. Does that make the Internet less secure for US citizens or nothing is changing?
While it can be seen as a bad thing, I somewhat do see it as a good thing as it means it may wake more people up to the fact that their data is being collected. The thing is, Internet users’ data is already being collected — most users simply don’t realize it. This act may wake more people up to the fact.
Many of our readers are concerned about protecting their digital identity but are not high-tech. What are a few simple things that even inexperienced users can do to protect themselves?
#1 is to use different passwords for different websites. If it’s too difficult to manage, use a password manager.
The new generations are of course are more and more involved with technology and the Internet. Often even toddlers or very young children are exposed to toys connected to the Internet. Should that be a matter of concern for parents?
I am less concerned with toys except that they can potentially be used for targeted attacks.
Nowadays the trend is to pass most of our private life through portable devices like Smartphones or tablets. Even though many users dedicate quite an amount of energy to protect and keep desktop computers clean, mobile devices often get forgotten or even perceived as not at risk. Do you see anything dangerous in that?
Mobile devices are definitely becoming the main entry point into many areas of our lives, so yes, their security is becoming paramount. Hopefully we’ll see more security on these devices but fortunately, the manufacturers do seem to be keeping up with their security more and more.
You have been recently in the news for the PoisonTap project. Can you tell us more about it?
I created PoisonTap to demonstrate that even a locked computer is not safe and to raise the question of how can we more actively secure our systems? Physical access is dangerous so hopefully, PoisonTap will make us think twice before leaving our devices unattended and accessible.
What kind of users is at risk and therefore be concerned about it?
Any user who leaves their machine running and unattended, even if it has a lock screen.
How do you see the Internet and digital security in the next 10/20 years?
I think we’ll see more and more attacks on things like backup systems and cloud infrastructure. This will be scary as a single cloud provider that gets broken into can affect millions of people instantly. The Internet is a crazy place, I’m excited to see what happens next 🙂