This article is about a recent upgrade to Metasploit to perform penetration testing on IoT devices, including those that are not connected through Ethernet connections. To achieve this, they have updated the Hardware Bridge API that allows testers to connect directly to firmware or create a relay service through a REST API.
The initial release is targeted to automotive penetration testing and includes modules for testing vehicle Controller Area Network (CAN) buses. Does anyone have a spare Tesla we can test?!?
Mauchel Barthelemy says
Jason, I don’t own a Tesla, but I would tell you this is something positive for IoTs and autonomous software before they become more mainstream. IT Security professionals should always look this through the lens of positivity every time Metasploit identify a vulnerability because this represents an opportunity, not only to strengthen the security of those devices, yet also is this a wake-up call for manufacturers to embed strong security features as business strategies.