The ‘Phenix Coder’ Team, composed of scholars from the Southeast University, University of Macau, and the University of Massachusetts, won an excellence award at GeekPwn 2016 held in Shanghai. In addition to developing a way to break internet encryption technologies, which they hope can serve as a wake-up call to manufacturers of smart devices, the team also developed anti-hacking technologies. The related paper is expected to be published soon.
At the competition, the ‘Phenix Coder’ Team demonstrated some major security issues of smart plugs from a well-known international brand, which make the products vulnerable to attacks from potential hackers. By running a pre-set attack program on a randomly-selected network host, the team effortlessly obtained authentication information about the smart plugs and thus realised remote control. A hacker can also obtain administrator rights over such smart plugs through firmware, thereby performing any operations he wants to. An internet-connected computer that has been compromised is known as a ‘zombie’. At the competition, the team used the smart plug of a ‘zombie’ to leave messages on GeekPwn’s official Weibo, to the great consternation of the audience.
On 21 October, massive DDoS (distributed denial-of-service) attacks took place in the United States, disrupting the services of many popular websites. The new hacking technologies the team demonstrated at GeekPwn 2016 are far more powerful and damaging than those used during the DDoS attacks in the US. Luckily, the team has developed anti-hacking technologies. The related paper is expected to be published soon. This is not the first time the team has attracted international attention. Back in 2014, it was reported in CNN and CCTV that the team revealed security flaws in smart devices such as iPhone, Google Glass, and smart watches, which can be exploited by hackers to steal passwords entered on a smartphone or tablet, including bank account passwords.