Said NSA Deputy Director at a recent defense conference

Jun 13, 2016 23:35 GMT  ·  By

Speaking at the Defense One Tech Summit in Washington DC over the weekend, National Security Agency (NSA) Deputy Director Richard Ledgett told the audience that his agency wouldn't shy away from hacking IoT devices if the bad guys were using them.

Ledgett said the NSA was constantly looking for new sources to gather data on foreign threat agents, and the new wave of IoT devices could be an excellent medium to collect data from, due to their lack of adequate security protections and a large number of publicly available vulnerabilities.

The official explains the NSA is not actively searching for IoT hacks, and the only condition for the agency to focus its full efforts on such devices is for a threat group to actively use them.

For the crowd to better understand, he uses an analogy with the famous San Bernardino shooter's iPhone, which the agency recently revealed it could not hack.

He claims the only reason this happened was that its agency never encountered a terrorist using such a device, and as such, the agency never allocated funds and personnel to study and have hacking tools ready to target such a device.

Medical devices are not off-limits

There is also no limit on the type of IoT devices the agency won't target. Ledgett admits the NSA will actively go after medical devices, such as pacemakers.

"We’re looking at it sort of theoretically from a research point of view right now," Ledgett says, as quoted by The Intercept. The Deputy Director explains he sees all these devices as another hacking tool in the NSA's ever growing toolbox.

Last December, documents leaked about a catalog of surveillance tools that the NSA and CIA were providing to local US police agencies. All of those devices were developed for spying and collecting intelligence on foreign actors, but due to vague US laws, they were also distributed internally for spying on suspected terrorists activating on US soil.