McAfee opens Advanced Threat Research Lab

McAfee researchers demonstrate how patterns and colors physically added to a Stop sign can trick a Mobileye sensor into misidentifying the sign.

Demos like these are conducted for vendors, so they can learn how to improve their products and software, as well as industry representatives who may be interested in learning about potential threats. McAfee demonstrated the Stop sign threat to law enforcement.

This physical attack on the Stop sign tricked the machine learning algorithm into misclassifying it as an "Added Lane" sign about half of the time.

The lab includes a demonstration of a now-patched Cortana vulnerability enabled attackers to effectively unlock Windows 10 and execute code from the lock screen of a device. Microsoft patched the flaw in June after McAfee discovered it.

A McAfee researcher discovered a flaw in the Wemo Insight Smart Plug, produced by Belkin, that allows an attacker to execute remote code.

An attacker could crack into the network, find a Wemo device and run an exploitation from anywhere, compromising not just the Wemo device but the entire network.

An attacker could connect into a network and, as this screen shows, manipulate a smart TV. A remote attacker would see a list of all applications available and could open any of them.

McAfee demonstrated how this attack could be used to access the media player on a smart TV. "Every single device that has an IP address is essentially a pivot point into a network in a larger scale attack," said Steve Povolny, head of Advanced Threat Research at McAfee.

The healthcare sector is notoriously vulnerable to cybersecurity threats. This demo station shows how with just a few strokes of a keyboard, an attacker could alter the vital signs displayed on a patient monitoring system. The visual demo helps illustrate why this particular type of attack -- on a device that's kept in a separate room from the patient -- could easily fool medical professionals.

The McAfee lab includes a lock-picking station, since physical security is a key component of comprehensive cybersecurity. One of the researchers created a 3D-printed brute-force combination lock cracker, which can be controlled via an app.