Watch Dogs, realistic hacks?

 Watch Dogs, a video game created by Ubisoft, features a hacker in both its first and second opus. In the first opus, each player is invited to hack everything he can to achieve his goals.

The idea of this article is not to criticize the publisher on the realism of the attacks perpetrated: this is a game. The aim is therefore above all to entertain the target audience. Also, no player, and this is quite fair, is required to know hacking techniques in order to win. To perpetrate a cyberattack, the player just needs to press a command.

What remains interesting, however, is that some of the hacks staged in the game actually exist when others are totally fictional. So, we have listed four that caught our attention.

 It is possible and actually quite “simple”. Cameras are connected objects, which for the moment, remain extremely insecure by default. The interesting detail highlighted in Watch Dogs remains the fact that the main character can hack a second camera after hacking the first one.

In reality, cameras are often connected to a server and controlled by an application. Finding the password makes it possible to take control of this software and have access to several cameras at the same time (no matter where they are located).

Today, where we connect more and more objects with each other, the dangers presented in the game are real. Thus, as we have just seen, for cybercriminals, it is indeed customary to enter through a “small door” (a thermometer, a watch, a connected camera…) to gain access to the main network of a company or an individual for example.

To avoid this type of attack:

• Customize default settings: change passwords, PIN codes, disable unused connectivity (Wi-Fi, Bluetooth) and the sending of technical data to the manufacturer.
• Choose a login and password that will only be used for the object. The ideal is to make them difficult to guess and to change them regularly. For this, there are password managers (online or offline) such as Dashlane, Lastpass or Bitwarden for example. They generate strong passwords on any site you choose.
• Isolate the object from the network. If it is compromised, the attacker will not be able to “bounce back”, i.e. access another object.
• Update connected objects as often as possible: in some cases, these are old software vulnerabilities that cybercriminals use.

In other words, the cybercriminal’s devices are also victims of his own attack. This is where the hack shown is not so realistic. In this context, we do not really have any advice on how to avoid this kind of attack, but let’s take this opportunity to give simple rules on mobile phone cybersecurity:

• Choose a strong PIN and password.
• Install an application only when necessary, from a trusted source.
• Check application permissions and grant only those that are important.
• Do not connect to public WiFi or use a VPN.
• Perform all required updates.
• Use antivirus software.

 This is a realistic attack, although the technique used to do so – the main character uses his mobile phone to hack all the cars in the game – is not really the one used by hackers.

As an illustration, in 2015, Charlie Miller and Chris Valasek, two cyber security experts, showed that they were capable of taking control of a Jeep remotely. Andy Greenberg, a journalist for the American magazine Wired, then agreed to be part of the experiment, as a driver, while the two hackers gradually took control of the vehicle. They started with the radio to then focused on the brakes, as shown in this article and video.

Here, it is difficult to give advice on how to protect oneself from this kind of attacks because they are made possible by exploiting security loopholes. As the connected car remains a connected device like any other, the good practices given in #1 still apply, especially if a driver connects his smartphone to his car, for example.

It is quite possible and, surprisingly, simply by using a mobile phone.

We’re kidding! It’s unsurprisingly by far the most unrealistic hack in video games. Interestingly though, while most hacks are done very simply, using a command, this one requires a lot more work. The player is invited to infiltrate the launch site, replace an electronic card by another one, the latter previously compromised… The techniques proposed, although unrealistic in a space launch context, remain those used by cybercriminals.

Hacks, even the simplest ones, take time, and require unparalleled technical and organizational skills. So, our last piece of advice could be this: never underestimate a cybercriminal. If he has targeted an individual or a company, he will know how to achieve his goal.