Welcome to Cyber@BGU, the forefront of cyber security, big data analytics, and AI applied research at Ben Gurion University. Nestled in the heart of Beer Sheva’s Hi-Tech park—Israel’s Cyber Capital—our state-of-the-art R&D center is a beacon for pioneering projects. In collaboration with industrial and governmental allies, we continually strive to drive innovation and tackle the most pressing technological challenges of our era.
All non-Google chat GPTs affected by side channel that leaks responses sent to users. AI assistants have been widely available for a little more than a year, and they already have access to our most private thoughts and business secrets. People ask them about becoming pregnant or terminating or preventing
Chinese giant Lenovo announced on Monday that it is establishing the Lenovo Cybersecurity Innovation Center (LCIC) in cooperation with Ben-Gurion University of the Negev. Lenovo’s investment in the center wasn’t disclosed, but is believed to be in the millions of dollars. According to the company, the center will focus on
There’s an old joke that asks, “how many hackers does it take to change a light bulb?” The correct answer is none as nobody knew the light bulb had even been changed. Joking aside, what if a hacker could use a bulb as part of an exploit? I’m not talking about spying on
Key-leaking side channels are a fact of life. Now they can be done by video-recording power LEDs. Enlarge / Left: a smart card reader processing the encryption key of an inserted smart card. Right: a surveillance camera video records the reader’s power LED from 60 feet away. Researchers have devised a novel
An unconventional data exfiltration method leverages a previously undocumented covert channel to leak sensitive information from air-gapped systems. “The information emanates from the air-gapped computer over the air to a distance of 2 m and more and can be picked up by a nearby insider or spy with a mobile
Israeli researcher Mordechai Guri has discovered a new method to exfiltrate data from air-gapped systems using the LED indicators on network cards. Dubbed ‘ETHERLED’, the method turns the blinking lights into Morse code signals that can be decoded by an attacker. Capturing the signals requires a camera with a direct line
Yisroel Mirsky, Wenke Lee Ben-Gurion University and Georgia Institute of Technology, May 2020 Link to document A deepfake is content generated by artificial intelligence which seems authentic in the eyes of a human being. The word deepfake is a combination of the words ‘deep learning’ and ‘fake’ and primarily relates to content generated by an artificial neural network, a branch of machine learning.The most common form of deepfakes involves the generation and manipulation of human imagery. This technology has creative and productive applications. For example, realistic video dubbing of foreign
Noga Agmon, Asaf Shabtai, Rami Puzis Department of Software and Information Systems Engineering, Ben-Gurion University of the Negev, 11 Apr 2019 Link to document The Internet of things (IoT) has become an integral part of our lifeat both work and home. However, these IoT devices are prone to vulnerability exploits due to their low cost, low resources, the diversityof vendors, and proprietary firmware. Moreover, short range communication protocols (e.g., Bluetooth or ZigBee) open additionalopportunities for the lateral movement of an attacker within an organization. Thus, the type and location of
Yisroel Mirsky, Tom Mahler, Ilan Shelef, Yuval Elovici Department of Information Systems Engineering, Ben-Gurion University, Israel Soroka University Medical Center. 3 Apr 2019 Link to document In 2018, clinics and hospitals were hit with numerous attacksleading to significant data breaches and interruptions inmedical services. An attacker with access to medical recordscan do much more than hold the data for ransom or sell it onthe black market.In this paper, we show how an attacker can use deeplearning to add or remove evidence of medical conditionsfrom volumetric (3D) medical scans. An attacker
Nir Sivan, Ron Bitton, Asaf Shabtai Department of Software and Information Systems Engineering Ben-Gurion University of the Negev. 12 Dec 2018 Link to document In recent years we have witnessed a shift towards personalized, context-based applications and services for mobile device users. A key component of many of these services is the ability to infer the current location and predict the future location of users based on location sensors embedded in the devices. Such knowledge enables service providers to present relevant and timely offers to their users and better manage
Oded Leiba, Yechiav Yitzchak, Ron Bitton, Asaf Nadler, Asaf Shabtai IEEE SECURITY & PRIVACY ON THE BLOCKCHAIN (IEEE S&B) AN IEEE EUROPEAN SYMPOSIUM ON SECURITY & PRIVACY AFFILIATED WORKSHOP 23 April 2018, University College London (UCL), London, UK Link to document The Internet of Things (IoT) network of connected devices currently contains more than 11 billion devices and is estimated to double in size within the next four years. The prevalence of these devices makes them an ideal target for attackers. To reduce the risk of attacks vendors routinely deliver
Adi Stein, Yair Yotam, Rami Puzis, Guy Shani, Meirav Taieb-Maimon Entertainment Computing Volume 25, March 2018, Pages 14-25 Link to document In online games, gamers may become frustrated when playing against stronger players or get bored when playing against weaker players, thus losing interest in the game. Dynamic Difficulty Adjustment (DDA) has been suggested as an intelligent handicapping mechanism, by reducing the difficulty for the weaker player, or increasing the difficulty for the stronger player. A key question when using DDA, is when to activate the difficulty adjustment. In this
R Bitton, A Finkelshtein, L Sidi, R Puzis, L Rokach, A Shabtai Computers & Security Volume 73, March 2018, Pages 266-293 Link to document The popularity of smartphones, coupled with the amount of valuable and private information they hold, make them attractive to attackers interested in exploiting the devices to harvest sensitive information. Exploiting human vulnerabilities (i.e., social engineering) is an approach widely used to achieve this goal. Improving the security awareness of users is an effective method for mitigating social engineering attacks. However, while in the domain of personal
E. Boyle, N. Gilboa, Y. Ishai, R. Lin and S. Tessaro 9th Innovations in Theoretical Computer Science Conference (ITCS 2018) Link to document Homomorphic secret sharing (HSS) is the secret sharing analogue of homomorphic encryption. An HSS scheme supports a local evaluation of functions on shares of one or more secret inputs, such that the resulting shares of the output are short. Some applications require the stronger notion of additive HSS, where the shares of the output add up to the output over some finite Abelian group. While some strong