McAfee opens lab to demo threats from lock picking to medical device hacking

McAfee's new Oregon research facility doubles as a demo lab, where customers and vendors can learn firsthand about the consequences of cybersecurity threats.

McAfee isn't known for its work on adversarial machine learning on autonomous vehicles. Yet at the new McAfee Advanced Threat Research Lab in Hillsboro, Oregon, automotive research is on full display. The lab is equipped with sensors used for vehicle autonomy, as well as an operational dashboard for an electronic vehicle. The lab even has two full-sized garage doors to roll in cars for live demos.

Automotive attacks are "certainly an area we may be interested in looking into, and it's certainly an area that's emerging as a significant attack vector," Steve Povolny, head of Advanced Threat Research at McAfee, told ZDNet. "As more and more vehicles come online with advanced features and networking capabilities -- the ability to connect to pretty much everything else in the world around them -- they can be hacked just the same as anything."

The new lab serves a dual purpose: It gives Povolny's team access to the high-end gear and electronics they need for security research. It also gives McAfee a space to showcase its latest research to vendors and customers -- to drive home how impactful cybersecurity threats can be.

"The best day I can have is a jaw drop, when someone understands a problem they didn't know about before," Povolny said.

The ultimate goal of the lab, he said, is "to raise the bar on security hygiene, push the industry to more secure products and networks" and to showcase McAfee "as an emerging leader in vulnerability research."

The lab officially opened for demos on Wednesday, with representatives from the health care industry, government, law enforcement and academia touring the facility. The current demos represent current areas of active research at McAfee. The automotive demo, for instance, showed how a malicious actor could manipulate a Mobileye camera into misidentifying a Stop sign -- just with a simple piece of paper with a pattern printed on it.

Other demos included a Cortana vulnerability discovered by McAfee, a medical device vulnerability, a Wemo smart plug vulnerability and a Windows Defender bypass. The lab also has a blockchain station, to help customers understand exactly what it is and to demonstrate some attack scenarios. The station has its own working (albeit very small) currency mining rig. There's also a lock-picking station, which is partially "a fun area to play and learn," Povolny said, but also a demonstration of the ways physical security matters to cybersecurity.

The lab will be rotational, with future demos potentially covering anything from point-of-sale devices to plane cockpits.

"We're really going to evolve and follow where the threat is going, what will have the biggest impact," Povolny said.