Mitnick demonstrates this hack because "people think USBs are safe now, because they turn off 'auto-run'." He wants the public to know that thumb drives are not safe.
The lay public also believes that PDFs are safe. So Mitnick demonstrates with visual tools how a hacker can use a PDF file to take control of a target machine.
Another hack he demonstrates involves a malicious hacker who can go to a coffee shop where there's a public Wi-Fi router, and instruct the router to boot all the users off the network. When they reconnect, the hacker can then offer a fake Wi-Fi network with the same name. Once users connect, a malicious payload can be delivered.
Just knowing this information may change your behaviour. I know it's changing mine.
The bottom line is that you really, really don't want to plug in a thumb drive or download a PDF file to your laptop, even if you feel comfortable about the source. (Social engineering exists to make you feel comfortable.) And you should avoid public Wi-Fi hotspots.
While people in the security community focus on the code side of hacking, Mitnick emphasises the social engineering side. Because that's how hackers gain access.
In other words, security and privacy is not a set-it-and-forget-it process. Above all, it's important to learn not only from security experts, who know the tools, but also from hackers, who know how to socially engineer their way into your phone or laptop.
Be smart. Be paranoid. And good luck.
Source: Macworld AU
Sign up for Computerworld eNewsletters.