Metasploit upgraded to sniff out IoT weakspots in corporate networks
Radio frequency testing probes for foreign bodies
Rapid7 has upgraded its popular Metasploit pen-testing tool to help IT security teams and consultants probe for IoT-related weaknesses in corporate environments.
Metasploit's hardware bridge for radio frequency testing – the RFTransceiver – will grant teams greater visibility of foreign IoT devices. "The importance of RF testing will continue to escalate as the IoT ecosystem further expands," according to Rapid7.
As IoT devices continue to permeate our lives, it's inevitable that they will find their way on to corporate networks. These devices can be plagued with vulnerabilities and aren't always easy to find and test.
Testing only Ethernet-connected technologies increases the risk of missing wireless vulnerabilities. Many companies and their employees are using many other radio frequencies (RFs) outside the standard 802.11 network for various reasons, hence the need for changes in testing tools.
Pen testers quizzed by El Reg were interested in the technology but reluctant to comment in the absence of a chance to try it out. "Anything that makes testing of RF for IoT devices more accessible has to be a good thing," one said.
Metasploit bundles software exploits and tools into one framework. The technology has being traditionally used to test the robustness of corporate networks and web infrastructures but this remit is gradually expanding to reflect changes in the threat landscape and tech more generally.
Last month Rapid 7 extended its platform in another direction with a Hardware Bridge API that meant the platform could be used in the security testing of a variety of hardware including vehicles' CAN buses, one of the main avenues through which cars can be hacked. ®