X

McAfee opens Advanced Threat Research Lab

The Hillsboro, Oregon lab showcases a range of threats, including adversarial machine learning used on autonomous vehicles, Windows vulnerabilities, medical device flaws and blockchain attacks.
By Stephanie Condon, Senior Writer
img20180822153053.jpg
1 of 11 Stephanie Condon/ZDNET

McAfee isn't traditionally known for its work related to autonomous vehicles, but the new McAfee Advanced Threat Research Lab in Hillsboro, Oregon includes space for automotive research because of the high-impact emerging threats in the space.

mvimg20180822153106.jpg
2 of 11 Stephanie Condon/ZDNET

McAfee researchers demonstrate how patterns and colors physically added to a Stop sign can trick a Mobileye sensor into misidentifying the sign.

img20180822153111.jpg
3 of 11 Stephanie Condon/ZDNET

Demos like these are conducted for vendors, so they can learn how to improve their products and software, as well as industry representatives who may be interested in learning about potential threats. McAfee demonstrated the Stop sign threat to law enforcement.

img20180822153141.jpg
4 of 11 Stephanie Condon/ZDNET

This physical attack on the Stop sign tricked the machine learning algorithm into misclassifying it as an "Added Lane" sign about half of the time.

img20180822153652.jpg
5 of 11 Stephanie Condon/ZDNET

The lab includes a demonstration of a now-patched Cortana vulnerability enabled attackers to effectively unlock Windows 10 and execute code from the lock screen of a device. Microsoft patched the flaw in June after McAfee discovered it.

img20180822153800.jpg
6 of 11 Stephanie Condon/ZDNET

A McAfee researcher discovered a flaw in the Wemo Insight Smart Plug, produced by Belkin, that allows an attacker to execute remote code.

mvimg20180822154047.jpg
7 of 11 Stephanie Condon/ZDNET

An attacker could crack into the network, find a Wemo device and run an exploitation from anywhere, compromising not just the Wemo device but the entire network.

mvimg20180822154157.jpg
8 of 11 Stephanie Condon/ZDNET

An attacker could connect into a network and, as this screen shows, manipulate a smart TV. A remote attacker would see a list of all applications available and could open any of them.

mvimg20180822154203.jpg
9 of 11 Stephanie Condon/ZDNET

McAfee demonstrated how this attack could be used to access the media player on a smart TV. "Every single device that has an IP address is essentially a pivot point into a network in a larger scale attack," said Steve Povolny, head of Advanced Threat Research at McAfee.

img20180822154530.jpg
10 of 11 Stephanie Condon/ZDNET

The healthcare sector is notoriously vulnerable to cybersecurity threats. This demo station shows how with just a few strokes of a keyboard, an attacker could alter the vital signs displayed on a patient monitoring system. The visual demo helps illustrate why this particular type of attack -- on a device that's kept in a separate room from the patient -- could easily fool medical professionals.

img20180822155318.jpg
11 of 11 Stephanie Condon/ZDNET

The McAfee lab includes a lock-picking station, since physical security is a key component of comprehensive cybersecurity. One of the researchers created a 3D-printed brute-force combination lock cracker, which can be controlled via an app.

Related Galleries

Holiday wallpaper for your phone: Christmas, Hanukkah, New Year's, and winter scenes
Holiday lights in Central Park background

Related Galleries

Holiday wallpaper for your phone: Christmas, Hanukkah, New Year's, and winter scenes

21 Photos
Winter backgrounds for your next virtual meeting
Wooden lodge in pine forest with heavy snow reflection on Lake O'hara at Yoho national park

Related Galleries

Winter backgrounds for your next virtual meeting

21 Photos
Holiday backgrounds for Zoom: Christmas cheer, New Year's Eve, Hanukkah and winter scenes
3D Rendering Christmas interior

Related Galleries

Holiday backgrounds for Zoom: Christmas cheer, New Year's Eve, Hanukkah and winter scenes

21 Photos
Hyundai Ioniq 5 and Kia EV6: Electric vehicle extravaganza
img-8825

Related Galleries

Hyundai Ioniq 5 and Kia EV6: Electric vehicle extravaganza

26 Photos
A weekend with Google's Chrome OS Flex
img-9792-2

Related Galleries

A weekend with Google's Chrome OS Flex

22 Photos
Cybersecurity flaws, customer experiences, smartphone losses, and more: ZDNet's research roundup
shutterstock-1024665187.jpg

Related Galleries

Cybersecurity flaws, customer experiences, smartphone losses, and more: ZDNet's research roundup

8 Photos
Inside a fake $20 '16TB external M.2 SSD'
Full of promises!

Related Galleries

Inside a fake $20 '16TB external M.2 SSD'

8 Photos