NEW YORK (KFDX/KJTL) — The phone in your office, the industrial fan system in a lab, the printer. All these devices contain tiny computers that can be hacked and used to gain sensitive business data or cause damage to networks.

Cybersecurity pros say more needs to be done to keep these devices secure.

Some manufacturers are listening and making security a competitive advantage. Andrea Day has more in our investigation hiding in plain sight.

Ang Cui says “no demo is complete until we try to physically destroy the device.”

When you interview this CEO, you may wind up evacuating.

“Ok all right, let’s get out of here.” Ang Cui founded the cybersecurity firm “Red Balloon” in New York City.

“This is where the magic happens? This is where the magic happens.”

And here, the goal is to make “embedded devices” more secure.

And that means breaking in, taking them apart, and exposing flaws.

Ang Cui: Yesss! 100% of these devices can be compromised in some way.

Andrea day: 100%?

Ang Cui: 100%.

Embedded devices are like mini computers. Inside almost everything, you can power up. From smart home devices to medical gear and cars. At every financial exchange, power plant, air traffic control, and almost every company in the world.



“This is probably the most important cybersecurity threat that we have today. Because these computers control every single aspect of our critical infrastructure that we depend on every single day,” says Cui.

And according to a report by market research firm radiant insights, the global embedded system market is projected to be worth $214 billion by next year.

This is a small version of an air filtration system, that’s in a lab the team’s working with right now.

“You don’t want the dirty air to come out ever. And, this computer will allow that to happen,” says Cui.

They hack devices inside the fan’s controller. Not only forcing the dirty air in the wrong direction but ultimately shutting it down. And it goes up in smoke.

But Cui says the issue goes way beyond this demo. The team recently uncovered a major vulnerability in more than 100 devices made by Cisco. The largest manufacturer of network equipment.

According to Red Balloon, we’re talking about a potential attack that could sell for millions. They let cisco know what they had found and the company published this critical advisory.

Cisco turned down our request for an on-camera interview. Instead, releasing a statement saying, in part: “Cisco is committed to transparency [and] is not aware of any malicious use of the vulnerability that is described in this advisory. Fixes are available for approximately half of the affected products.”

We wanted to find out what other industry leaders are doing to protect their embedded devices and reached out to HP and Huawei.

Both companies were not part of Red Balloon’s findings.

Hp is the largest manufacturer of printers, which contains embedded devices.

Andy Rhodes is the global head of HP’s commercial pc business. His company advertising claims to have the world’s most secure printers.



“We put this sort of special code into the printer so that it’s always looking for malware and devices,” says Rhodes.

Huawei did not agree to an interview or provide comments.

Cisco doesn’t know of any easy way to tell if your device has been compromised. The company suggests you review the security advisory to figure out the best way to protect your network.