Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Metasploit upgraded to sniff out IoT weakspots in corporate networks

Radio frequency testing probes for foreign bodies

Rapid7 has upgraded its popular Metasploit pen-testing tool to help IT security teams and consultants probe for IoT-related weaknesses in corporate environments.

Metasploit's hardware bridge for radio frequency testing – the RFTransceiver – will grant teams greater visibility of foreign IoT devices. "The importance of RF testing will continue to escalate as the IoT ecosystem further expands," according to Rapid7.

As IoT devices continue to permeate our lives, it's inevitable that they will find their way on to corporate networks. These devices can be plagued with vulnerabilities and aren't always easy to find and test.

Testing only Ethernet-connected technologies increases the risk of missing wireless vulnerabilities. Many companies and their employees are using many other radio frequencies (RFs) outside the standard 802.11 network for various reasons, hence the need for changes in testing tools.

Pen testers quizzed by El Reg were interested in the technology but reluctant to comment in the absence of a chance to try it out. "Anything that makes testing of RF for IoT devices more accessible has to be a good thing," one said.

Metasploit bundles software exploits and tools into one framework. The technology has being traditionally used to test the robustness of corporate networks and web infrastructures but this remit is gradually expanding to reflect changes in the threat landscape and tech more generally.

Last month Rapid 7 extended its platform in another direction with a Hardware Bridge API that meant the platform could be used in the security testing of a variety of hardware including vehicles' CAN buses, one of the main avenues through which cars can be hacked. ®

Similar topics

Similar topics

Similar topics

TIP US OFF

Send us news


Other stories you might like