{"id":14025,"date":"2024-04-16T11:11:43","date_gmt":"2024-04-16T10:11:43","guid":{"rendered":"https:\/\/ee.yelkdev.site\/?p=14025"},"modified":"2024-12-09T16:41:17","modified_gmt":"2024-12-09T16:41:17","slug":"should-pen-testing-devices-be-regulated","status":"publish","type":"post","link":"https:\/\/www.equalexperts.com\/blog\/our-thinking\/should-pen-testing-devices-be-regulated\/","title":{"rendered":"Should pen testing devices be regulated?"},"content":{"rendered":"

Hacking and cyber attacks are something which IT professionals have had on their radars for a long time. At Equal Experts we work hard to incorporate cybersecurity holistically into our data products, so heading off would-be hackers is something that\u2019s part of our day job. However, a recent spate of security attacks involving a tiny USB pen-testing device has highlighted just how easy it is for just about anyone to cause chaos on any device, without being detected.<\/p>\n

First, I should clarify what a pen-testing device is. Penetration testing is an important step in application development and is used to identify potential security gaps that could leave you at risk from hackers. Pen-testing devices are used by cybersecurity experts to legitimately test their products for vulnerabilities before they go to market. Essentially, they simulate attacks to identify solutions that will defend against criminal hacking.<\/p>\n

The problem is, these devices can be used to destroy pretty much any computer, from laptops and mobile phones to complex hardware. The potential damage could range from annoying (as in this case of a victim who experienced interruption to his phone usage<\/a>) to catastrophic for UK businesses and public services. Take the student who used a legitimate testing device to destroy 66 pieces of hardware<\/a>, resulting in more than $58,000 of damage at his college. Or USBKill<\/a>, which claims to be the ultimate pentesting device, with \u201cunstoppable attack modes\u201d that can permanently disable almost anything; they even have a video showing how to disable laptops, smart TVs and peripherals.<\/p>\n

Pentesting devices are easy to use, and they\u2019re available for anyone to buy online.<\/p>\n

Think about that for a minute. A small USB device that has the potential to fry any computer, or to gain access to people\u2019s personal information. Suddenly, James Bond behaviour feels accessible to all of us! Like knives, cigarettes, alcohol and passports, I wonder if there ought to be rules in place about who can have one?<\/p>\n

Experienced engineers (especially those who grow up in organisations like ours, where trust is implicit) will argue that restrictions get in the way of agile processes, and I agree. Mark Zuckerberg\u2019s famous motto \u201cMove fast and break things\u201d is a rule that generally serves us in software development. But, where there\u2019s a risk that the tool which protects us might be misused to cause damage, isn\u2019t it worth tolerating a framework of regulations to mitigate this?<\/p>\n

Operating within a framework is nothing new to most organisations, no matter how much inherent trust there is in the business. Some clients have highly regulated environments that necessitate checks and agreements before individual engineers can make decisions. Our work with HMRC and His Majesty\u2019s Passport Office is a clear example. Sensitive data needs handling sensitively, and agreements have to be in place to ensure security is a priority. We know how to do this.<\/p>\n

Now, I\u2019m not for a minute suggesting that pen-testing devices should be banned. Like a knife, there are valid, ethical uses, and they\u2019re invaluable tools in the right circumstances – you wouldn\u2019t slice steak with a spoon. Equally, firearms are acceptable for sports like clay pigeon shooting, but there are regulations in place to ensure their safe use. It\u2019s the same with pen-testing devices – you wouldn\u2019t release a data product to market without testing its security protocols, and the easier that testing is, the better.<\/p>\n

But the sale of knives is regulated; we check who we\u2019re selling them to, and some people aren\u2019t allowed to have them at all. Don\u2019t you think, given the potential for criminal damage via these simple USB devices, similar rules should apply?<\/p>\n","protected":false},"excerpt":{"rendered":"

Penetration testing is a useful way to check for security gaps in application development. But in the wrong hands, they can cost businesses millions of pounds. We ask – should pen testing devices be regulated in the same way as knives, medicines and firearms?<\/p>\n","protected":false},"author":45,"featured_media":20000,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","inline_featured_image":false,"footnotes":""},"categories":[5],"tags":[423,424,278],"location":[],"class_list":["post-14025","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-our-thinking","tag-penetration-testing","tag-regulation","tag-security"],"acf":[],"yoast_head":"\nShould Pen Testing Devices Be Regulated?<\/title>\n<meta name=\"description\" content=\"Penetration testing is a useful way to check for security gaps in application development. But in the wrong hands, they can cost businesses millions.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.equalexperts.com\/blog\/our-thinking\/should-pen-testing-devices-be-regulated\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Should pen testing devices be regulated?\" \/>\n<meta property=\"og:description\" content=\"Penetration testing is a useful way to check for security gaps in application development. But in the wrong hands, they can cost businesses millions of pounds. We ask - should pen testing devices be regulated in the same way as knives, medicines and firearms?\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.equalexperts.com\/blog\/our-thinking\/should-pen-testing-devices-be-regulated\/\" \/>\n<meta property=\"og:site_name\" content=\"Equal Experts\" \/>\n<meta property=\"article:published_time\" content=\"2024-04-16T10:11:43+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-12-09T16:41:17+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.equalexperts.com\/wp-content\/uploads\/2024\/04\/Pentesting-FACEBOOK.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Abraham Marin-Perez\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:description\" content=\"Penetration testing is a useful way to check for security gaps in application development. But in the wrong hands, they can cost businesses millions of pounds. We ask - should pen testing devices be regulated in the same way as knives, medicines and firearms?\" \/>\n<meta name=\"twitter:creator\" content=\"@EqualExperts\" \/>\n<meta name=\"twitter:site\" content=\"@EqualExperts\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Abraham Marin-Perez\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.equalexperts.com\/blog\/our-thinking\/should-pen-testing-devices-be-regulated\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.equalexperts.com\/blog\/our-thinking\/should-pen-testing-devices-be-regulated\/\"},\"author\":{\"name\":\"Abraham Marin-Perez\",\"@id\":\"https:\/\/www.equalexperts.com\/#\/schema\/person\/918e63fc905dc15bec189ace231e5efd\"},\"headline\":\"Should pen testing devices be regulated?\",\"datePublished\":\"2024-04-16T10:11:43+00:00\",\"dateModified\":\"2024-12-09T16:41:17+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.equalexperts.com\/blog\/our-thinking\/should-pen-testing-devices-be-regulated\/\"},\"wordCount\":623,\"publisher\":{\"@id\":\"https:\/\/www.equalexperts.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.equalexperts.com\/blog\/our-thinking\/should-pen-testing-devices-be-regulated\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.equalexperts.com\/wp-content\/uploads\/2024\/04\/Pentesting-THUMB.jpg-1.webp\",\"keywords\":[\"Penetration Testing\",\"Regulation\",\"security\"],\"articleSection\":[\"Our Thinking\"],\"inLanguage\":\"en-GB\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.equalexperts.com\/blog\/our-thinking\/should-pen-testing-devices-be-regulated\/\",\"url\":\"https:\/\/www.equalexperts.com\/blog\/our-thinking\/should-pen-testing-devices-be-regulated\/\",\"name\":\"Should Pen Testing Devices Be Regulated?\",\"isPartOf\":{\"@id\":\"https:\/\/www.equalexperts.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.equalexperts.com\/blog\/our-thinking\/should-pen-testing-devices-be-regulated\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.equalexperts.com\/blog\/our-thinking\/should-pen-testing-devices-be-regulated\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.equalexperts.com\/wp-content\/uploads\/2024\/04\/Pentesting-THUMB.jpg-1.webp\",\"datePublished\":\"2024-04-16T10:11:43+00:00\",\"dateModified\":\"2024-12-09T16:41:17+00:00\",\"description\":\"Penetration testing is a useful way to check for security gaps in application development. But in the wrong hands, they can cost businesses millions.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.equalexperts.com\/blog\/our-thinking\/should-pen-testing-devices-be-regulated\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.equalexperts.com\/blog\/our-thinking\/should-pen-testing-devices-be-regulated\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.equalexperts.com\/blog\/our-thinking\/should-pen-testing-devices-be-regulated\/#primaryimage\",\"url\":\"https:\/\/www.equalexperts.com\/wp-content\/uploads\/2024\/04\/Pentesting-THUMB.jpg-1.webp\",\"contentUrl\":\"https:\/\/www.equalexperts.com\/wp-content\/uploads\/2024\/04\/Pentesting-THUMB.jpg-1.webp\",\"width\":1000,\"height\":615,\"caption\":\"Should pen testing devices be regulated?\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.equalexperts.com\/blog\/our-thinking\/should-pen-testing-devices-be-regulated\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.equalexperts.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Should pen testing devices be regulated?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.equalexperts.com\/#website\",\"url\":\"https:\/\/www.equalexperts.com\/\",\"name\":\"Equal Experts\",\"description\":\"Making Software. Better.\",\"publisher\":{\"@id\":\"https:\/\/www.equalexperts.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.equalexperts.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.equalexperts.com\/#organization\",\"name\":\"Equal Experts\",\"url\":\"https:\/\/www.equalexperts.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.equalexperts.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.equalexperts.com\/wp-content\/uploads\/2018\/08\/Equal_Experts_Logo_CMYK_Colour.jpg\",\"contentUrl\":\"https:\/\/www.equalexperts.com\/wp-content\/uploads\/2018\/08\/Equal_Experts_Logo_CMYK_Colour.jpg\",\"width\":719,\"height\":340,\"caption\":\"Equal Experts\"},\"image\":{\"@id\":\"https:\/\/www.equalexperts.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/EqualExperts\",\"https:\/\/www.linkedin.com\/company\/equal-experts\/?viewAsMember=true\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.equalexperts.com\/#\/schema\/person\/918e63fc905dc15bec189ace231e5efd\",\"name\":\"Abraham Marin-Perez\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.equalexperts.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/9f57b0ed0186e9677ee48c53f5c451fcc8257680818d1aa796bf1ae1b08f04d3?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/9f57b0ed0186e9677ee48c53f5c451fcc8257680818d1aa796bf1ae1b08f04d3?s=96&d=mm&r=g\",\"caption\":\"Abraham Marin-Perez\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Should Pen Testing Devices Be Regulated?","description":"Penetration testing is a useful way to check for security gaps in application development. But in the wrong hands, they can cost businesses millions.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.equalexperts.com\/blog\/our-thinking\/should-pen-testing-devices-be-regulated\/","og_locale":"en_GB","og_type":"article","og_title":"Should pen testing devices be regulated?","og_description":"Penetration testing is a useful way to check for security gaps in application development. But in the wrong hands, they can cost businesses millions of pounds. We ask - should pen testing devices be regulated in the same way as knives, medicines and firearms?","og_url":"https:\/\/www.equalexperts.com\/blog\/our-thinking\/should-pen-testing-devices-be-regulated\/","og_site_name":"Equal Experts","article_published_time":"2024-04-16T10:11:43+00:00","article_modified_time":"2024-12-09T16:41:17+00:00","og_image":[{"width":1000,"height":525,"url":"https:\/\/www.equalexperts.com\/wp-content\/uploads\/2024\/04\/Pentesting-FACEBOOK.jpg","type":"image\/jpeg"}],"author":"Abraham Marin-Perez","twitter_card":"summary_large_image","twitter_description":"Penetration testing is a useful way to check for security gaps in application development. But in the wrong hands, they can cost businesses millions of pounds. We ask - should pen testing devices be regulated in the same way as knives, medicines and firearms?","twitter_creator":"@EqualExperts","twitter_site":"@EqualExperts","twitter_misc":{"Written by":"Abraham Marin-Perez","Estimated reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.equalexperts.com\/blog\/our-thinking\/should-pen-testing-devices-be-regulated\/#article","isPartOf":{"@id":"https:\/\/www.equalexperts.com\/blog\/our-thinking\/should-pen-testing-devices-be-regulated\/"},"author":{"name":"Abraham Marin-Perez","@id":"https:\/\/www.equalexperts.com\/#\/schema\/person\/918e63fc905dc15bec189ace231e5efd"},"headline":"Should pen testing devices be regulated?","datePublished":"2024-04-16T10:11:43+00:00","dateModified":"2024-12-09T16:41:17+00:00","mainEntityOfPage":{"@id":"https:\/\/www.equalexperts.com\/blog\/our-thinking\/should-pen-testing-devices-be-regulated\/"},"wordCount":623,"publisher":{"@id":"https:\/\/www.equalexperts.com\/#organization"},"image":{"@id":"https:\/\/www.equalexperts.com\/blog\/our-thinking\/should-pen-testing-devices-be-regulated\/#primaryimage"},"thumbnailUrl":"https:\/\/www.equalexperts.com\/wp-content\/uploads\/2024\/04\/Pentesting-THUMB.jpg-1.webp","keywords":["Penetration Testing","Regulation","security"],"articleSection":["Our Thinking"],"inLanguage":"en-GB"},{"@type":"WebPage","@id":"https:\/\/www.equalexperts.com\/blog\/our-thinking\/should-pen-testing-devices-be-regulated\/","url":"https:\/\/www.equalexperts.com\/blog\/our-thinking\/should-pen-testing-devices-be-regulated\/","name":"Should Pen Testing Devices Be Regulated?","isPartOf":{"@id":"https:\/\/www.equalexperts.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.equalexperts.com\/blog\/our-thinking\/should-pen-testing-devices-be-regulated\/#primaryimage"},"image":{"@id":"https:\/\/www.equalexperts.com\/blog\/our-thinking\/should-pen-testing-devices-be-regulated\/#primaryimage"},"thumbnailUrl":"https:\/\/www.equalexperts.com\/wp-content\/uploads\/2024\/04\/Pentesting-THUMB.jpg-1.webp","datePublished":"2024-04-16T10:11:43+00:00","dateModified":"2024-12-09T16:41:17+00:00","description":"Penetration testing is a useful way to check for security gaps in application development. But in the wrong hands, they can cost businesses millions.","breadcrumb":{"@id":"https:\/\/www.equalexperts.com\/blog\/our-thinking\/should-pen-testing-devices-be-regulated\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.equalexperts.com\/blog\/our-thinking\/should-pen-testing-devices-be-regulated\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.equalexperts.com\/blog\/our-thinking\/should-pen-testing-devices-be-regulated\/#primaryimage","url":"https:\/\/www.equalexperts.com\/wp-content\/uploads\/2024\/04\/Pentesting-THUMB.jpg-1.webp","contentUrl":"https:\/\/www.equalexperts.com\/wp-content\/uploads\/2024\/04\/Pentesting-THUMB.jpg-1.webp","width":1000,"height":615,"caption":"Should pen testing devices be regulated?"},{"@type":"BreadcrumbList","@id":"https:\/\/www.equalexperts.com\/blog\/our-thinking\/should-pen-testing-devices-be-regulated\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.equalexperts.com\/"},{"@type":"ListItem","position":2,"name":"Should pen testing devices be regulated?"}]},{"@type":"WebSite","@id":"https:\/\/www.equalexperts.com\/#website","url":"https:\/\/www.equalexperts.com\/","name":"Equal Experts","description":"Making Software. Better.","publisher":{"@id":"https:\/\/www.equalexperts.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.equalexperts.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/www.equalexperts.com\/#organization","name":"Equal Experts","url":"https:\/\/www.equalexperts.com\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.equalexperts.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.equalexperts.com\/wp-content\/uploads\/2018\/08\/Equal_Experts_Logo_CMYK_Colour.jpg","contentUrl":"https:\/\/www.equalexperts.com\/wp-content\/uploads\/2018\/08\/Equal_Experts_Logo_CMYK_Colour.jpg","width":719,"height":340,"caption":"Equal Experts"},"image":{"@id":"https:\/\/www.equalexperts.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/EqualExperts","https:\/\/www.linkedin.com\/company\/equal-experts\/?viewAsMember=true"]},{"@type":"Person","@id":"https:\/\/www.equalexperts.com\/#\/schema\/person\/918e63fc905dc15bec189ace231e5efd","name":"Abraham Marin-Perez","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.equalexperts.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/9f57b0ed0186e9677ee48c53f5c451fcc8257680818d1aa796bf1ae1b08f04d3?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/9f57b0ed0186e9677ee48c53f5c451fcc8257680818d1aa796bf1ae1b08f04d3?s=96&d=mm&r=g","caption":"Abraham Marin-Perez"}}]}},"_links":{"self":[{"href":"https:\/\/www.equalexperts.com\/wp-json\/wp\/v2\/posts\/14025","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.equalexperts.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.equalexperts.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.equalexperts.com\/wp-json\/wp\/v2\/users\/45"}],"replies":[{"embeddable":true,"href":"https:\/\/www.equalexperts.com\/wp-json\/wp\/v2\/comments?post=14025"}],"version-history":[{"count":0,"href":"https:\/\/www.equalexperts.com\/wp-json\/wp\/v2\/posts\/14025\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.equalexperts.com\/wp-json\/wp\/v2\/media\/20000"}],"wp:attachment":[{"href":"https:\/\/www.equalexperts.com\/wp-json\/wp\/v2\/media?parent=14025"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.equalexperts.com\/wp-json\/wp\/v2\/categories?post=14025"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.equalexperts.com\/wp-json\/wp\/v2\/tags?post=14025"},{"taxonomy":"location","embeddable":true,"href":"https:\/\/www.equalexperts.com\/wp-json\/wp\/v2\/location?post=14025"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}