Speaking at the Defense One Tech Summit in Washington DC over the weekend, National Security Agency (NSA) Deputy Director Richard Ledgett told the audience that his agency won’t shy away from hacking IoT devices if the bad guys are using them.
Ledgett said the NSA is constantly looking for new sources to gather data on foreign threat agents and the new wave of IoT devices could be an excellent medium to collect data from, due to its lack of adequate security protections and a large number of publicly available vulnerabilities.
The official said the NSA is not actively searching for IoT hacks and the only condition for the agency to focus its full efforts on such devices is for a threat group to actively use them.
For the crowd to better understand, he used an analogy to the famous San Bernardino shooter’s iPhone, which the agency recently revealed it could not hack.
He said the only reason this happened was because its agency never encountered a terrorist using such a device, and as such, the agency never allocated funds and personnel to study and have hacking tools ready to target such a device.
Medical devices are not off-limits
There is also no limit on the type of IoT devices the agency won’t target. Ledgett said the NSA will actively go after medical devices, such as pacemakers.
“We’re looking at it sort of theoretically from a research point of view right now,” Ledgett said, as quoted by. The Deputy Director said he viewed all these devices as another hacking tool in the NSA’s ever growing toolbox.
Last December, documents leaked about athat the NSA and CIA were providing to local US police agencies. All of those devices were developed for spying and collecting intelligence on foreign actors, but due to vague US laws were also distributed internally for spying on suspected terrorists activating on US soil.