MTradecraft: Cybersecurity Compliance Tradecraft for SEC and FINRA Registered Investment Firms
Picture
  • Home
  • SEC and FINRA Services
  • Chief Hacking Officer
  • Red Team
  • Penetration Testing
  • Threatwire Articles
    • The SEC OCIE Cybersecurity Observations Decoded
    • The SEC and Cybersecurity Documentation
    • The Dark Web and Advisory Firms
    • DIY Guide to SEC and FINRA Cybersecurity Vulnerability Scanning
    • The Biggest Cybersecurity Mistake
    • Hackers and Remote Workers
    • A Criminal's Retirement Plan
    • Home Security System Hacking
    • IT Asset Inventory
  • Schedule a Meeting

10/9/2019

Battle Story: How I hacked an RIA owner's webcam and watched his wife fold laundry.

0 Comments

Read Now
 
I want to share a quick story from a pen-test I did today because this should terrify you. 

Often times I find interesting vulnerabilities so I wanted to share them with you because I think the idea of what goes on during a pentest is often nebulus to a firm's owner and CCO.  I think the extent of understanding what can be exploited is also lost.

The Client:  $1.6B SEC Registered RIA in Los Angeles.  15 employees.  2 custodians.

The Vulnerability:   I was able to take control of the RIA owner's home surveillance system (16 different internal cameras) and gained admin access to his security system.  I was able to watch his wife fold laundry in the living room. I did ALL of that without ever once having to enter a password.

How did I do it?  Check out the video below.

My thoughts: Penetration testing isn't just for regulatory compliance.  Often times, we are able to catch these major privacy vulnerabilities before others do.  These tests are about protecting your privacy and protecting your client's data.

Share

0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

Details

    RSS Feed


Picture
  • Home
  • SEC and FINRA Services
  • Chief Hacking Officer
  • Red Team
  • Penetration Testing
  • Threatwire Articles
    • The SEC OCIE Cybersecurity Observations Decoded
    • The SEC and Cybersecurity Documentation
    • The Dark Web and Advisory Firms
    • DIY Guide to SEC and FINRA Cybersecurity Vulnerability Scanning
    • The Biggest Cybersecurity Mistake
    • Hackers and Remote Workers
    • A Criminal's Retirement Plan
    • Home Security System Hacking
    • IT Asset Inventory
  • Schedule a Meeting