New computer attack mimics user’s keystroke characteristics and evades detection

Ben-Gurion University of the Negev (BGU) cyber security researchers have developed a new attack called Malboard. Malboard evades several detection products that are intended to continuously verify the user’s identity based on personalized keystroke characteristics. The new paper, “Malboard: A Novel User Keystroke Impersonation Attack and Trusted Detection Framework Based on Side-Channel Analysis,” published in the Computer and Security journal, reveals a sophisticated attack in which a compromised USB keyboard automatically generates and sends malicious keystrokes that mimic the attacked user’s beha...

Read More ...

Should cyber-security be more chameleon, less rhino?

Billions are being lost to cyber-crime each year, and the problem seems to be getting worse. So could we ever create unhackable co...

Read More ...

Computer virus alters cancer scan images

A computer virus that can add fake tumours to medical scan images has been created by cyber-security researchers. In laboratory te...

Read More ...

Hospital viruses: Fake cancerous nodes in CT scans, created by malware, trick radiologists

Researchers in Israel created malware to draw attention to serious security weaknesses in medical imaging equipment and networks. ...

Read More ...

Researchers warn open sky drone policy poses cybercriminal risk

Left unchecked, our drones may pose significant risks to our privacy and security. Drones flying over populated areas, unchecked, ...

Read More ...

Talk about a cache flow problem: This JavaScript can snoop on other browser tabs to work out what you’re visiting

Yes, even the Tor browser can be spied on by this nasty code Special report Computer science boffins have demonstrated a side-channel attack technique that bypasses recently-introduced privacy defenses, and makes even the Tor browser subject to tracking. The result: it is possible for malicious JavaScript in one web browser tab to spy on other open tabs, and work out which websites you’re visiting. This information can be used to target adverts at you based on your interests, or otherwise work out the kind of stuff you’re into and collect it in safe-keeping for future reference. Researchers Anatoly Shusterman, Lachlan Kang, Yarde...

Read More ...

Deutsche Firmen holen sich Hilfe für Cybersicherheit im Land der ständigen Alarmbereitschaft

Bösartige Kühlschränke, entführte Autos, manipulierte Algorithmen – Schutz gegen Attacken aus dem Netz ist für Staaten wie ...

Read More ...

Dojo by BullGuard and BGN Technologies Form Strategic Partnership to Develop Advanced IoT Security Technology

Dojo by BullGuard and Cyber@BGU, the Ben-Gurion Cyber Research Lab, Join Forces to Develop Advanced, Future IoT Security Technolog...

Read More ...

Slowdown Nation: Israel lags on internet speeds, choked by lack of competition

Israel slides to number 70 out of 200 nations surveyed on average download speed, as the duopoly that controls the market drags it...

Read More ...

Hackers Could Cause Havoc By Pwning Internet-Connected Irrigation Systems

Researchers at a university in Israel have found ways to turn smart irrigation systems into a botnet that could theoretically drai...

Read More ...

Ben-Gurion University of the Negev (BGU) cyber security researchers have developed a new attack called Malboard. Malboard evades several detection products that are intended to continuously verify the user’s identity based on personalized keystroke characteristics.

The new paper, “Malboard: A Novel User Keystroke Impersonation Attack and Trusted Detection Framework Based on Side-Channel Analysis,” published in the Computer and Security journal, reveals a sophisticated attack in which a compromised USB keyboard automatically generates and sends malicious keystrokes that mimic the attacked user’s behavioral characteristics.

Keystrokes generated maliciously do not typically match human typing and can easily be detected. Using artificial intelligence, however, the Malboard attack autonomously generates commands in the user’s style, injects the keystrokes as malicious software into the keyboard and evades detection. The keyboards used in the research were products by Microsoft, Lenovo and Dell.

“In the study, 30 people performed three different keystroke tests against three existing detection mechanisms including KeyTrac, TypingDNA and DuckHunt. Our attack evaded detection in 83 percent to 100 percent of the cases,” says Dr. Nir Nissim, head of the David and Janet Polak Family Malware Lab at Cyber@BGU, and a member of the BGU Department of Industrial Engineering and Management. “Malboard was effective in two scenarios: by a remote attacker using wireless communication to communicate, and by an inside attacker or employee who physically operates and uses Malboard.”

New Detection Modules Proposed

Both the attack and detection mechanisms were developed as part of the master’s thesis of Nitzan Farhi, a BGU student and member of the USBEAT project at BGU’s Malware Lab.

“Our proposed detection modules are trusted and secured, based on information that can be measured from side-channel resources, in addition to data transmission,” Farhi says. “These include (1) the keyboard’s power consumption; (2) the keystrokes’ sound; and (3) the user’s behavior associated with his or her ability to respond to typographical errors.”

Dr. Nissim adds, “Each of the proposed detection modules is capable of detecting the Malboard attack in 100 percent of the cases, with no misses and no false positives. Using them together as an ensemble detection framework will assure that an organization is immune to the Malboard attack as well as other keystroke attacks.”

The researchers propose using this detection framework for every keyboard when it is initially purchased and daily at the outset, since sophisticated malicious keyboards can delay their malicious activity for a later time period. Many new attacks can detect the presence of security mechanisms and thus manage to evade or disable them.

The BGU researchers plan to expand work on other popular USB devices, including computer mouse user movements, clicks and duration of use. They also plan to enhance the typo insertion detection module and combine it with other existing keystroke dynamic mechanisms for user authentication since this behavior is difficult to replicate.

Source: Tech Xplore

Do we need to rethink our approach to cybersecurity?

Billions are being lost to cyber-crime each year, and the problem seems to be getting worse. So could we ever create unhackable computers beyond the reach of criminals and spies? Israeli researchers are coming up with some interesting solutions.

The key to stopping the hackers, explains Neatsun Ziv, vice president of cyber-security products at Tel Aviv-based Check Point Security Technologies, is to make hacking unprofitable.

“We’re currently tracking 150 hacking groups a week, and they’re making $100,000 a week each,” he tells the BBC.

“If we raise the bar, they lose money. They don’t want to lose money.”

This means making it difficult enough for hackers to break in that they choose easier targets.

And this has been the main principle governing the cyber-security industry ever since it was invented – surrounding businesses with enough armour plating to make it too time-consuming for hackers to drill through. The rhinoceros approach, you might call it.

But some think the industry needs to be less rhinoceros and more chameleon, camouflaging itself against attack.

The six generations of cyber-attacks


1991: Floppy discs are infected with malicious software that attacks any PC they are inserted into

1994: Attackers access company intranets to steal data

1997: Hackers fool web servers into giving them access, exploiting server vulnerabilities

2006: Attackers start finding “zero-day” – previously unknown – bugs in all types of commonly-used software and use them to sneak into networks or send malware disguised as legitimate file attachments

2016: Hackers use multi-pronged attacks, combining worms and ransomware, powerful enough to attack entire networks at once

2019: Hackers start attacking internet of things connected devices.

Source: Check Point Software Technologies

“We need to bring prevention back into the game,” says Yuval Danieli, vice president of customer services at Israeli cyber-security firm Morphisec.

“Most of the world is busy with detection and remediation – threat hunting – instead of preventing the cyber-attack before it occurs.”

Morphisec – born out of research done at Ben-Gurion University – has developed what it calls “moving target security”. It’s a way of scrambling the names, locations and references of each file and software application in a computer’s memory to make it harder for malware to get its teeth stuck in to your system.

The mutation occurs each time the computer is turned on so the system is never configured the same way twice. The firm’s tech is used to protect the London Stock Exchange and Japanese industrial robotics firm Yaskawa, as well as bank and hotel chains.

But the most effective way to secure a computer is to isolate it from local networks and the internet completely – so-called air gapping. You would need to gain physical access to the computer to steal data.

Yuval Elovici believes that no way of protecting a computer is 100% reliable

Yuval Elovici, head of the cyber-security research centre at Ben-Gurion University, warns that even this method isn’t 100% reliable.

“The obvious way to attack an air-gapped machine is to compromise it during the supply chain when it is being built,” he says.

“So you then have a compromised air-gapped computer in a nuclear power station that came with the malware – the attacker never has to enter the premises.”

Indeed, in October last year, Bloomberg Businessweek alleged that Chinese spies had managed to insert chips on servers made in China that could be activated once the machines were plugged in overseas. The servers were manufactured for US firm Super Micro Computer Inc.

The story suggested that Amazon Web Services (AWS) and Apple were among 30 companies, as well as government agencies and departments, that had used the suspect servers.

Apple and Amazon strenuously denied the claims.

While air gapping is impractical for many businesses, so-called “co-operative cyber-security” is being seen as another way to thwart the hackers.

Imagine there are four firms working together: Barclays, Microsoft, Google and a cyber-security company, say.

Each of the four firms gives a piece of data to each other. They don’t know what the data is that they are protecting, but they hold it in their networks.

In order to access sensitive information from any of the firms, attackers would need to hack all four networks and work out which piece of data is missing, to be able to make any sense of the files stolen.

“If the likelihood of breaking into a single network is 1%, then to penetrate four different networks, the likelihood would become 0.000001%,” explains Alon Cohen, founder of cyber-security firm nsKnox and former chief technology officer for the Israeli military.

Check Point’s Neatsun Ziv believes “there’s no such thing as an unhackable computer”

He calls the concept “crypto-splitting”, and it involves encoding each sequence of data as thousands of numbers then dividing these cryptographic puzzles between the four companies.

“You would need to solve thousands of puzzles in order to put the data back together,” says Mr Cohen.

Check Point also collaborates with large multinational technology firms in a data-sharing alliance in the belief that co-operation is key to staying one step ahead of the hackers.

But while such approaches show promise, Check Point’s Neatsun Ziv concludes that: “There is no such thing as an unhackable computer, the only thing that exists is the gap between what you build and what people know how to hack today.”

There is always a trade-off between usability and security. The more secure and hack-proof a computer is, the less practical it is in a networked world.

“Yes, we can build an unhackable computer …but it would be like a tank with so many shields that it wouldn’t move anywhere,” says Morphisec’s Mr Danieli.

The concern for the cyber-security industry is that as the nascent “internet of things” develops, powered by 5G mobile connectivity, the risk of cyber-attack will only increase.

And as artificial intelligence becomes more widespread, it will become just another tool hackers can exploit.

The arms race continues.

Source: BBC News

A computer virus that can add fake tumours to medical scan images has been created by cyber-security researchers.

The experimental malware could add fake tumours and other signs of disease to scans

In laboratory tests, the malware altered 70 images and managed to fool three radiologists into believing patients had cancer.

The altered images also managed to trick automated screening systems.

The team from Israel developed the malicious software to show how easy it is to get around security protections for diagnostic equipment.

The program was able to convincingly add fake malignant growths to images of lungs taken by MRI and CT scanning machines.

The researchers, from Ben Gurion University’s cyber-security centre, said the malware could also remove actual malignant growths from image files to prevent patients who are targets getting the care they need.

The images targeted were scans of lungs but the malware could be tuned to produce other fake conditions such as brain tumours, blood clots, fractures or spinal problems, according to the Washington Post, which first reported on the research.

Images and scans were vulnerable, said the researchers, because the files were generally not digitally signed or encrypted. This means any changes would be hard to spot.

The researchers suggested the security flaws could be exploited to sow doubt about the health of government figures, sabotage research, commit insurance fraud or as part of a terrorist attack.

In addition, they said, weaknesses in the way hospitals and health care centres protect their networks could give attackers easy access.

While hospitals were careful about sharing sensitive data beyond their boundaries, they took much less care when handling data internally, said one of the researchers.

“What happens within the hospital system itself, which no regular person should have access to in general, they tend to be pretty lenient about,” Yisroel Mirsky told the Washington Post.

Better use of encryption and digital signatures could help hospitals avoid problems if cyber-attackers tried to subvert images, he added.

Hospitals and other healthcare organisations have been a popular target for cyber-attackers and many have been hit by malicious ransomware that encrypts files and only returns the data when victims pay up.

The NHS was hit hard in 2017 by the WannaCry ransomware which left many hospitals scrambling to recover data.

Source: BBC News

Researchers in Israel created malware to draw attention to serious security weaknesses in medical imaging equipment and networks.

(iStock) (JohnnyGreig/(iStock))

When Hillary Clinton stumbled and coughed through public appearances during her 2016 presidential run, she faced critics who said that she might not be well enough to perform the top job in the country. To quell rumors about her medical condition, her doctor revealed that a CT scan of her lungs showed that she just had pneumonia.

But what if the scan had shown faked cancerous nodules, placed there by malware exploiting vulnerabilities in widely used CT and MRI scanning equipment? Researchers in Israel say they have developed such malware to draw attention to serious security weaknesses in critical medical imaging equipment used for diagnosing conditions and the networks that transmit those images — vulnerabilities that could have potentially life-altering consequences if unaddressed.

The malware they created would let attackers automatically add realistic, malignant-seeming growths to CT or MRI scans before radiologists and doctors examine them. Or it could remove real cancerous nodules and lesions without detection, leading to misdiagnosis and possibly a failure to treat patients who need critical and timely care.

Yisroel Mirsky, Yuval Elovici and two others at the Ben-Gurion University Cyber Security Research Center in Israel who created the malware say that attackers could target a presidential candidate or other politicians to trick them into believing they have a serious illness and cause them to withdraw from a race to seek treatment.

The research isn’t theoretical. In a blind study the researchers conducted involving real CT lung scans, 70 of which were altered by their malware, they were able to trick three skilled radiologists into misdiagnosing conditions nearly every time. In the case of scans with fabricated cancerous nodules, the radiologists diagnosed cancer 99 percent of the time. In cases where the malware removed real cancerous nodules from scans, the radiologists said those patients were healthy 94 percent of the time.

Even after the radiologists were told that the scans had been altered by malware and were given a second set of 20 scans, half of which were modified, they still were tricked into believing the scans with fake nodules were real 60 percent of the time, leading them to misdiagnoses involving those patients. In the case of scans where the malware removed cancerous nodules, doctors did not detect this 87 percent of the time, concluding that very sick patients were healthy.

The researchers ran their test against a lung-cancer screening software tool that radiologists often use to confirm their diagnoses and were able to trick it into misdiagnosing the scans with false tumors every time.

“I was quite shocked,” said Nancy Boniel, a radiologist in Canada who participated in the study. “I felt like the carpet was pulled out from under me, and I was left without the tools necessary to move forward.”

The study focused on lung cancer scans only. But the attack would work for brain tumors, heart disease, blood clots, spinal injuries, bone fractures, ligament injuries and arthritis, Mirsky said.

Attackers could choose to modify random scans to create chaos and mistrust in hospital equipment, or they could target specific patients, searching for scans tagged with a specific patient’s name or ID number. In doing this, they could prevent patients who have a disease from receiving critical care or cause others who aren’t ill to receive unwarranted biopsies, tests and treatment. The attackers could even alter follow-up scans after treatment begins to falsely show tumors spreading or shrinking. Or they could alter scans for patients in drug and medical research trials to sabotage the results.

The vulnerabilities that would allow someone to alter scans reside in the equipment and networks hospitals use to transmit and store CT and MRI images. These images are sent to radiology workstations and back-end databases through what’s known as a picture archiving and communication system (PACS). Mirsky said the attack works because hospitals don’t digitally sign the scans to prevent them from being altered without detection and don’t use encryption on their PACS networks, allowing an intruder on the network to see the scans and alter them.

“They’re very, very careful about privacy … if data is being shared with other hospitals or other doctors,” Mirsky said, “because there are very strict rules about privacy and medical records. But what happens within the [hospital] system itself, which no regular person should have access to in general, they tend to be pretty lenient [about]. It’s not … that they don’t care. It’s just that their priorities are set elsewhere.”

Although one hospital network they examined in Israel did try to use encryption on its PACS network, the hospital configured the encryption incorrectly and as a result the images were still not encrypted.

Fotios Chantzis, a principal information-security engineer with the Mayo Clinic in Minnesota who did not participate in the study but confirmed that the attack is possible, said that PACS networks are generally not encrypted. That’s in part because many hospitals still operate under the assumption that what’s on their internal network is inaccessible from outside — even though “the era where the local hospital network was a safe, walled garden is long gone,” he said.

Although encryption is available for some PACS software now, it’s still generally not used for compatibility reasons. It has to communicate with older systems that don’t have the ability to decrypt or re-encrypt images.

To develop their malware, the Israeli researchers used machine learning to train their code to rapidly assess scans passing through a PACS network and to adjust and scale fabricated tumors to conform to a patient’s unique anatomy and dimensions to make them more realistic. The entire attack can be fully automated so that once the malware is installed on a hospital’s PACS network, it will operate independently of the researchers to find and alter scans, even searching for a specific patient’s name.

To get the malware onto a PACS network, attackers would need either physical access to the network — to connect a malicious device directly to the network cables — or they could plant malware remotely from the Internet. The researchers found that many PACS networks are either directly connected to the Internet or accessible through hospital machines that are connected to the Internet.

To see how easy it would be to physically install malware on a PACS network, Mirsky conducted a test at a hospital in Israel that the researchers videotaped. He was able to enter the radiology department after hours and connect his malicious device to the network in just 30 seconds, without anyone questioning his presence. Although the hospital had given permission for the test, staff members didn’t know how or when Mirsky planned to carry it out.

To prevent someone from altering CT and MRI scans, Mirsky says, ideally hospitals would enable end-to-end encryption across their PACS network and digitally sign all images while also making sure that radiology and doctor workstations are set up to verify those signatures and flag any images that aren’t properly signed.

Suzanne Schwartz, a medical doctor and the Food and Drug Administration’s associate director for Science and Strategic Partnerships, who has been leading some of the FDA’s effort to secure medical devices and equipment, expressed concern about the findings of the Israeli researchers. But she said many hospitals don’t have the money to invest in more secure equipment, or they have 20-year-old infrastructure that doesn’t support newer technologies.

“It’s going to require changes that go well beyond devices, but changes with regards to the network infrastructure,” Schwartz said. “This is where engaging and involving with other authorities and trying to bring the entire community together becomes really important.”

Christian Dameff, an emergency room physician with the University of California at San Diego School of Medicine and a security researcher who has exposed vulnerabilities with the 911 emergency calling system,notes that in the case of a cancer diagnosis, some backstops would prevent a patient from receiving unwarranted treatment based only on a maliciously modified CT scan. But that doesn’t mean the attack would be harmless.

“There are a couple of steps before we just take someone to surgery” or prescribe radiation and chemotherapy, Dameff said. “But there is still harm to the patient regardless. There is the emotional distress [from learning you may have cancer], and there are all sorts of insurance implications.”

The radiologists in the BGU study recommended follow-up treatment and referrals to a specialist for all of the patients with scans that showed cancerous lung nodules. They recommended immediate tissue biopsies or other surgery for at least a third of them.

Correction: This story has been updated to reflect that the hospital in Israel didn’t encrypt any data passed over its network. An earlier version of the story said it had encrypted the metadata for the scans, which contains a patient’s name and medical ID.

Source: The Washington Post

Left unchecked, our drones may pose significant risks to our privacy and security.

Drones flying over populated areas, unchecked, represent a real threat to our privacy, researchers have warned.

On Wednesday, academics from Israel’s Ben-Gurion University of the Negev (BGU) and Fujitsu System Integration Laboratories revealed the results of a new study which examined over 200 techniques and technologies which are currently in use to detect and disable drones.

BGU and Fujitsu say this is the first study of its kind, which examines how lawmakers and drone developers are attempting to control drone usage.

The research, titled “Security and Privacy Challenges in the Age of Drones,” (.PDF) found that cybersecurity measures developed to keep these flying camera-laden vehicles are falling woefully short.

Drones are now used for military purposes, for pizza deliveries, for delivering life-saving medication, and for surveillance & monitoring in agriculture. Drones and other forms of unmanned aerial vehicle (UAV) are also being tested as potential future transport options.

Unfortunately, it is the minority which can ruin it for the rest of us. Drone-related security incidents are reported on close to a daily basis, and it was only a few months ago that a single drone sighted around the grounds of the UK’s Gatwick airport caused chaos, grounded flights, and resulted in the misery of countless passengers attempting to travel ahead of the Christmas holidays.

The UK’s response was rather limp and resulted in only a new power being awarded to police to issue £100 fines for inappropriate drone usage. However, the country found itself unable to detect or stop the drone during its antics.

Such incidents can not only disrupt the lives of citizens but can also result in damages and compensation claims — and so organizations and governments are now looking at ways to detect and disable drones, a new market which is expected to reach $1.85 billion by 2024.

The report suggests that left unchecked, drone use in populated areas “could result in cyberattacks, terrorism, crime, and threats to privacy.”

There are a number of ways that organizations are tackling privacy issues caused by drones. Radar, RF scanners, thermal cameras, audio alerts, and even falconry have all been explored, and one of the new methods which are being developed is software able to physically track a drone.

However, these are easy to compromise, as shown by the research team in the video below:

The team also demonstrated an interesting attack method in which a drone was used as a conduit for delivering hacking hardware and radio systems to a target — which could be a smart home or an air-gapped business system — which was disguised as a perfectly innocent pizza delivery: 

BGU and Fujitsu suggest in the report that the biggest challenge vendors face when it comes to drones and their potential impact on privacy and security is determining a drone’s purpose in a non-restricted area, also known as an “open sky policy.”

“The cutting-edge technology and decreasing drone prices made them accessible to individuals and organizations, but has created new threats and recently caused an increase in drone-related incidents,” says Ben Nassi, a Ph.D. student from BGU’s Department of Software and Information Systems Engineering (SISE). “There are many difficulties that militaries, police departments, and governments are seeking to overcome, as it is a recognized threat to critical infrastructure, operations, and individuals.”

The researchers propose that drone ID systems and registration are the way forward, both of which have now been implemented in new US regulations

Whitelisting, such as an out-of-band solution which installs microcontroller on white-listed drones able to transmit their ID to controllers for authentication; software-based monitoring systems which translate a drone’s commands, unique signatures based on vendor hardware, and using cellular technology to trace operators have all also been suggested as potential solutions.
However, controlling drone use without stifling both this emerging, innovative industry and the joy of innocent enthusiasts is a difficult proposition and there is no failsafe solution available — at least, for now. 

Source: ZDNet

Yes, even the Tor browser can be spied on by this nasty code

Special report Computer science boffins have demonstrated a side-channel attack technique that bypasses recently-introduced privacy defenses, and makes even the Tor browser subject to tracking. The result: it is possible for malicious JavaScript in one web browser tab to spy on other open tabs, and work out which websites you’re visiting.

This information can be used to target adverts at you based on your interests, or otherwise work out the kind of stuff you’re into and collect it in safe-keeping for future reference.

Researchers Anatoly Shusterman, Lachlan Kang, Yarden Haskal, Yosef Meltser, Prateek Mittal, Yossi Oren, Yuval Yarom – from Ben-Gurion University of the Negev in Israel, the University of Adelaide in Australia, and Princeton University in the US – have devised a processor cache-based website fingerprinting attack that uses JavaScript for gathering data to identify visited websites.

The technique is described in a paper recently distributed through ArXiv called “Robust Website Fingerprinting Through the Cache Occupancy Channel.”

“The attack we demonstrated compromises ‘human secrets’: by finding out which websites a user accesses, it can teach the attacker things like a user’s sexual orientation, religious beliefs, political opinions, health conditions, etc.,” said Yossi Oren (Ben-Gurion University) and Yuval Yarom (University of Adelaide) in an email to The Register this week.

It’s thus not as serious as a remote attack technique that allows the execution of arbitrary code or exposes kernel memory, but Oren and Yarom speculate that there may be ways their browser fingerprinting method could be adapted to compromise computing secrets like encryption keys or vulnerable installed software.

In any event, the attack could have serious consequences for those using Tor in the belief that their website visits can be kept secret.

A side-channel attack (or “transient execution attack“) involves observing some portion of a computing system to collect measurements that can be used to infer otherwise privileged information. The Spectre, Meltdown, and Foreshadow vulnerabilities revealed this year all have the potential to be exploited via side-channel attack techniques.

Oren and Yarom explained their approach works at a more fundamental level than Spectre. “It works in places where Spectre cannot work (for example, across process boundaries), and the CPU patches built to protect against Spectre cannot stop it,” they said. “On the other hand, the Spectre attack is capable of recovering information at a much higher resolution than our attack.”

One of the ways these attacks have been mitigated is by limiting access to high-precision timers, by which side-channel data can be collected. When the Spectre and Meltdown vulnerabilities were first disclosed, for example, Mozilla said it would disable or reduce the precision of time sources in its Firefox browser.

But this latest browser fingerprinting technique doesn’t need a high-precision timer because it focuses on processor cache occupancy.

“Cache occupancy measures what percentage of the entire cache has been accessed over a certain time period,” explained Oren and Yarom. “The browser is very memory intensive, since it receives large amounts of data from the network and draws various outputs to the screen. This means it uses a significant portion of the cache as it loads a page.”

What’s more, it doesn’t depend on the layout of the cache, which makes cache layout randomization – a risk mitigation technique – useless for this particular approach. The attack is also unaffected by defenses against network-based fingerprinting, as when a browser fetches data from its response cache rather than the network or when network traffic shaping is employed.

Automatic identification

This fingerprinting attack involves using JavaScript to measure processor cache access latency over time as websites are loaded. These “memorygrams” are then compared via deep-learning techniques to a set of memorygrams collected by the attacker, with an eye toward automatically identifying similarities to establish a website visit. In other words, it is possible to determine which website someone’s looking at by the way their browser accesses the processor’s CPU cache while fetching and rendering on-screen the web pages. Malicious JavaScript in one tab can monitor cache accesses to identify patterns and fingerprint the sites visited by other tabs.

“‘Classical’ machine learning techniques require a human expert to find out which ‘features’ in the data are relevant for the attack,” explained Oren and Yarom. “There is a lot of research on the best features to use when performing other types of attacks. In deep learning, the computer acts as the expert and tries to find these features itself. This allows us to go straight from the data to the results. Perhaps a human researcher will be able to find better features than our deep learning algorithm did, and improve the attack even further.”

The boffins considered two scenarios: a closed world data set, where 100 memorygrams for each of 100 websites, are evaluated; and an open world data set, where 100 sensitive web pages must be distinguished from 5,000 other websites.

Using mainstream browsers on the closed set, the researchers were able to accurately classify 70 to 90 per cent of website visits. Applied to Tor, the attack managed accuracy of only 47 per cent, but when other data was considered, accuracy increased to 72 per cent. Results were similar for the open world data set – 70 to 90 per cent, with Tor identification at 83 per cent if the researchers considered not only the top output, but also checked to see whether it’s one of the top five detected results.

If the goal was simply to determine whether the website visited was sensitive or non-sensitive, accuracy increased to more than 99 per cent in the open world data set.

Oren and Yarom say their work shows that efforts to defend against side-channel attacks by reducing access to precision timing have been for naught.

“In this work we show that the whole approach is futile – we simply do not need high-resolution timers for the attack,” they said. “Similarly, some approaches for protecting from Spectre segregate sites into multiple processes. We show that this is not sufficient. We show that we can spy from one browser tab on another and even from one browser on other browsers running on the computer.”

The takeaway, they contend, is that anything short of running a single browser tab at any one point in time poses a privacy risk: if you open a second tab, JavaScript in it can snoop on the other tab. Disabling JavaScript completely will kill off the attack, but also kill off a lot of websites, which rely on JS functionality to work. And they say virtualization should be seen as a convenience feature rather than a security feature.

“If you want to visit sensitive and non-sensitive websites at the same time, use two different computers,” they said. ®


Source: The Register

Bösartige Kühlschränke, entführte Autos, manipulierte Algorithmen – Schutz gegen Attacken aus dem Netz ist für Staaten wie Israel überlebenswichtig.

Be’er Sheva/Tel AvivHinter „Golden Cup“ lauerte die Gefahr: Die Smartphone-App zur Fußball-WM in Russland sollte Live-Berichterstattung liefern. Doch sie nahm auch Telefonate auf, stahl Kontaktdaten und lieferte mittels GPS einen genauen Standort des Nutzers. Die Adressaten: israelische Soldaten. Der mutmaßliche Absender: die Terrorgruppe Hamas. Etwa hundert Soldaten sollen von der Schadsoftware betroffen gewesen sein, hieß es.

Ein Angriff, der einen überschaubaren Schaden anrichtete. Wohl auch, weil Israel digital so hochgerüstet ist wie kaum ein anderes Land. Israel befindet sich in permanenter Alarmbereitschaft. Abgesehen von Jordanien und Ägypten ist das Land von Feinden umgeben. Attacken auf die digitale Infrastruktur oder die Bürger sind hier Alltag.

Im Kampf dagegen setzt man nicht nur auf Eliteeinheiten. Israel ist auch zum Tummelplatz für Start-ups geworden. Und damit zum Vorbild für andere Länder – etwa Deutschland. Das kleine Land am Mittelmeer zeigt, wie Staat und Wirtschaft zusammenwirken können, um Innovation zu fördern.

Ganz anders die Situation in Deutschland: In der vergangenen Woche machten Berichte über die stockende Modernisierung der IT-Systeme der Bundeswehr die Runde. Nur ein Beispiel von vielen. Eine aktuelle Studie der Unternehmensberatung PwC kam vor wenigen Tagen zu dem Ergebnis, dass gerade einmal die Hälfte der europäischen Unternehmen über eine umfassende Cyber-Sicherheitsstrategie verfügt. Sie liegen damit auf dem vorletzten Platz – hinter Asien und Nord- und Südamerika.

Hohes Schutzbedürfnis

Abwehr und Schutz spielen in Israel seit Staatsgründung eine entscheidende Rolle, mittlerweile auch digital. Mit der Militäreinheit 8200 hat sich das Land hier ein Denkmal gesetzt. Um die Cyber-Truppe ranken sich Legenden. So soll etwa der Cyberangriff auf iranische Atomanlagen von ihr erdacht und durchgeführt worden sein.

Die Verschwiegenheit der Streitkräfte macht den „Mythos 8200“ nur noch mächtiger. Viele Rekruten der Armee machen sich nach dem Wehrdienst mit dem erworbenen technologischen Know-how selbstständig. Das Militär als digitale Kaderschmiede.

Der Markt mit dem Schutz gehört zu den dynamischsten im ohnehin schnell wachsenden Start-up-Ökosystem des Landes. Laut der israelischen Start-up-Organisation „Start-up Nation Central“ sammelten die Neugründungen 2017 rund 814 Millionen US-Dollar an Wagniskapital ein. Kein anderes Land mit Ausnahme der USA konnte eine derart hohe Summe einstreichen. Für das laufende Jahr erwarten die Analysten einen Anstieg der Investitionen auf mehr als eine Milliarde US-Dollar.

Den Grundstein hat das 1993 gegründete Unternehmen Checkpoint gelegt, das als Erfinder der Firewall gilt. Gründer Gil Shwed ist so etwas wie der Patriarch der Cyber-Szene des Landes. Jeder spricht voller Ehrfurcht von dem 50-Jährigen, der dazu beitrug, Israel als Standort für Cybersicherheit zu etablieren.

„Als das Internet entstand und für jeden zugänglich wurde, war in Israel schnell klar, dass das völlig neue Risiken bringen würde“, sagt Shwed: „Ich wollte den Zugang für jeden sicher gestalten.“ Mittlerweile werden die Aktien des Unternehmens an der Nasdaq gehandelt, zu den Kunden zählen multinationale Konzerne.

Auch immer mehr deutsche Unternehmen entdecken die digitale Kompetenz des Landes – aus gutem Grund, wie Yochai Corem, Vice President beim Technologieanbieter Cyberbit, weiß: „Viele Unternehmen erkennen keine Bedrohung und verweisen auf ihre Firewall oder gehen davon aus, dass ihnen nichts passieren wird.“ Dabei sei es für Angreifer heute sehr einfach, die Schutzmaßnahmen zu überwinden.

Cyberbit gehört zum israelischen Technologie- und Rüstungskonzern Elbit und bietet eine Trainings- und Simulationsplattform für Cybersicherheitsexperten. Die nutzte etwa der IT-Dienstleister der Sparkassen-Gruppe. Deren Sicherheitsexperten nahmen zusammen mit Kollegen von israelischen Banken an einem gemeinsamen Training in Israel teil.

Deutsche Firmen vor Ort

Konzerne wie Daimler oder Porsche sind mit eigenen Büros in Israel vor Ort, der Autozulieferer Continental übernahm Ende 2017 das IT-Sicherheitsunternehmen Argus, das vernetzte Fahrzeuge vor dem Zugriff von außen schützen soll.

Die Deutsche Telekom habe seit 2004 rund 50 Millionen US-Dollar in den Forschungsstandort in Be’er Sheva investiert, sagt Amit Keren, Managing Director des Unternehmens in Israel: „Es war der erste deutsche Konzern, der die Forschungsmöglichkeiten für die Cyber-Abwehr erkannt hat.“

Be’er Sheva liegt an der Grenze zur Wüste Negev. Es ist eine dieser Retortenstädte, die Staatsgründer Ben Gurion im Sinn hatte, als er das Ziel ausgab, „die Wüste zum Blühen“ zu bringen. Grün ist die Stadt zwar dank künstlicher Bewässerung, wirtschaftliche Blüte suchte man hier allerdings lange vergebens: Be’er Sheva gilt vielen als der Inbegriff der Peripherie, abgehängt vom Wirtschaftswunder an der Küste, sozial schwach und als Standort unattraktiv.

Ende der 60er-Jahre gründete der Staat hier die Ben Gurion Universität, um das zu ändern. Nachhaltig gefördert hat sie den Standort bislang nicht – noch nicht. Nach dem Willen der Regierung soll hier nun ein High-Tech-Park entstehen – ein Campus aus Universität, Unternehmen und den Cyber-Einheiten des Militärs.

„Die Idee ist, den größten Tech-Hub des Landes zu schaffen“, sagt Oleg Brodt, Forschungs- und Entwicklungschef von „Cyber@BGU“, eine Organisation die für die gesamte Cyber-Forschung und Kooperationen der Universität zuständig ist.

Brodt und sein Team forschen hier an den Gefahren der Zukunft – im Auftrag von Unternehmen wie der Deutschen Telekom. Auch Konzerne wie AudiIBM oder EY haben den Standort für sich entdeckt. Fragt man Brodt nach Bedrohungsszenarien der Zukunft, hat er schnell die passenden Beispiele zur Hand.

Ein Szenario ist fast so alt wie die Idee des selbstfahrenden Autos: Hacker übernehmen die Kontrolle über eines der smarten Vehikel und steuern es aus der Ferne. Forscher Brodt fürchtet allerdings ganz andere Angriffe. Die würden sich eher gegen eine ganze Serie von Automobilen richten, die abgeschaltet und die Eigentümer zum Zahlen aufgefordert werden, damit sie den Wagen wieder nutzen können. Solche Attacken seien günstiger und sehr einfach in der Masse zu wiederholen.

Mit genau dieser Möglichkeit beschäftigt sich das 2016 gegründete Start-up Cybellum. Dessen Technologie untersucht Software auf Sicherheitslücken, zu den ersten Kunden zählen vor allem Automobilhersteller und ihre Zulieferer: „Es ist wirklich erstaunlich, wie viel am Automobil mittlerweile vernetzt ist – zum Beispiel kann oft selbst das Reifenventil via Bluetooth an den Bordcomputer Informationen übermitteln“, erklärt Co-Gründer Michael Engstler.

Und das könnte am Ende gewaltige Auswirkungen haben: „Wenn eine Sicherheitslücke von den falschen Leuten entdeckt wird, könnte damit eine ganze Fahrzeugflotte angegriffen werden – das wären Millionen von Automobilen weltweit und ein erheblicher Schaden für die Hersteller.“

Immer mehr Ziele

Im Zeitalter der vernetzten Welt ist nahezu alles ein potenzielles Ziel. Forscher Brodt skizziert einen Fall, den einer seiner Studenten untersuchte. Dabei wurde die Sicherheitslücke eines smarten Kühlschranks identifiziert. Hacker könnten darüber in das Gerät eindringen und beispielsweise drohen, die Temperatur stündlich um einen Grad zu erhöhen, wenn nicht gezahlt werde.

Auf den ersten Blick ein banal wirkender Angriff, aber die Masse macht es. Allein für die privaten Haushalte prognostizierte Gartner für das Jahr 2020 weltweit über zwölf Milliarden vernetzte Geräte in privaten Haushalten. Hinzu kommen dann aber auch noch smarte Thermostate oder Feuermelder, die in den Büros von Unternehmen zum Einsatz kommen.

Oft hätten Konzerne große Probleme ihr Inventar an vernetzten Geräten zu identifizieren, meint Forscher Brodt: „Wie soll man sich dann schützen?“

Die ehemalige Kapitänin der Eliteeinheit 8200, Sivan Rauscher, ist Mitgründerin von Securing Sam. Sie glaubt, eine Lösung für das Problem zu haben: ein digitaler Fingerabdruck. „Mittels künstlicher Intelligenz weist die Cloud den Geräten den entsprechenden Schutz zu und überwacht Anomalien“, erklärt Rauscher.

Doch auch künstliche Intelligenz könne manipuliert werden, warnt Brodt. So fanden er und sein Team heraus, wie autonom fahrende Autos mithilfe von Stickern auf Verkehrsschildern durcheinander gebracht werden konnten. Die Schilder wurden nicht erkannt, oder das System las ein falsches Verkehrszeichen – mit womöglich verheerenden Folgen.

Eine im 3D-Drucker hergestellte Brille wiederum wirkte für das menschliche Auge völlig normal, war aber in der Lage, ein biometrisches Gesichtserkennungssystem komplett durcheinander zu bringen – so sehr, dass am Ende eine Person falsch identifiziert wurde.

Die Beispiel zeigen: Die weltweite Sicherheitslage im Netz ist für Israel und seine Gründer gutes Marketing. Dennoch müssen sie weiter Überzeugungsarbeit leisten, auch in Deutschland. Dax-Konzerne investierten viel, meint Cyberbit-Manager Corem: Aber bei den kleinen und mittelständischen Betrieben sei das oft noch nicht der Fall.

Immerhin: Telekom-Manager Keren stellt fest, dass die Aufmerksamkeit wachse. Aber immer noch dominiere häufig die Frage, wie sich Cybersicherheit am Ende rentiere. Seine Antwort: „Jeder hat ein Schloss an der Haustür und da gibt es keine Gespräche über Amortisierung oder einem Finanzierungsmodell.“

Source: Handelsblatt

Dojo by BullGuard and Cyber@BGU, the Ben-Gurion Cyber Research Lab, Join Forces to Develop Advanced, Future IoT Security Technologies Together to Address the Rising Tide of IoT Cybercrime

SAN FRANCISCO and BEER SHEVA, IsraelAug. 21, 2018 /PRNewswire/ — Dojo by BullGuard, a market leader in IoT security, and BGN Technologies, the technology transfer company of Ben-Gurion University of the Negev (BGU) today announced a partnership to develop advanced technologies for automated IoT threat detection utilizing artificial intelligence (AI) and highly advanced machine learning algorithms. Researchers from Cyber@BGU, the cyber research lab at BGU, one of the world’s leading sources for cybersecurity research and development, and Dojo by BullGuard will join forces to develop practical, implementable research, which will be part of the Dojo Intelligent IoT Security Platform for Communication Service Providers (CSPs).

“We’re proud to announce the launch of the new Cyber@BGU-Dojo by BullGuard research lab. Together, our mutual teams will join forces to expand the frontiers of IoT cybersecurity and move the sector forward through our findings,” said Professor Yuval Elovici, Software and Information Systems Engineering, and Director of Ben-Gurion University Cyber Research Lab.

Ben-Gurion University is considered a world leader in the field of cybersecurity research, while award-winning Dojo by BullGuard offers advanced cloud based IoT cybersecurity platform designed from the ground up for the service provider market. The Dojo Intelligent IoT Security Platform for CSPs (DIP) was designed from its early days as an IoT security solution at CSP scale, providing an end-to-end cyber security and privacy solution for all IoT connected devices. The platform is easily integrated into any CSP’s network. Using DIP, CSPs can leverage their existing network connectivity services and offer enterprise-grade cybersecurity and privacy services to their customers.

The IoT market is exploding, with consumer spending on smart home systems and services predicted to reach $158 billion by 2020 (Source: Strategy Analytics). “An estimated 80 percent of IoT devices have built-in vulnerabilities, creating a tremendously vulnerable IoT landscape,” said Yossi Atias, general manager, IoT Security at BullGuard. “Many IoT devices are not properly designed cybersecurity-wise.  As a result, they introduce multiple cybersecurity risks for both physical and digital assets, posing significant risk to data integrity and privacy. The joint research partnership between Dojo by BullGuard and Cyber@BGU will foster cybersecurity innovation. The technology will be used to advance the Security of Things, with a high level focus on threat detection and privacy issues created by IoT devices.”

About BGN Technologies

BGN Technologies is the technology company of Ben-Gurion UniversityIsrael. BGN Technologies brings technological innovations from the lab to the market and fosters research collaborations and entrepreneurship among researchers and students. To date, BGN Technologies has established over 100 startup companies in the fields of biotech, hi-tech, and cleantech as well as initiated leading technology hubs, incubators, and accelerators. Over the past decade, BGN Technologies has focused on creating long-term partnerships with multinational corporations such as Deutsche Telekom, Dell-EMC, IBM and PayPal, securing value and growth for Ben-Gurion University as well as the Negev region. For more information, visit the BGN Technologies website.

About Ben-Gurion University and Cyber@BGU

Ben-Gurion University of the Negev is the fastest growing, research university in Israel, fulfilling the vision of David Ben-Gurion, Israel’s first prime minister, who envisaged the future of Israel emerging from the Negev. From medicine to the humanities to the natural sciences, BGU conducts groundbreaking research and offers insightful instruction. The University is at the heart of Beer-Sheva’s transformation into Israel’s cyber capital, where leading multi-national corporations leverage BGU’s expertise to generate innovative R&D. A third of Israel’s engineers graduate from BGU, with that number destined to rise as the IDF moves south and sends its brightest to swell the ranks of BGU’s student body. To accommodate that growth, BGU has launched an ambitious campaign to double the size of its main campus. Cyber@BGU is an umbrella organization at Ben-Gurion University of the Negev and is home to various cybersecurity, big data analytics and AI applied research activities. Residing in a newly established R&D center at the new high tech park of Israel’s Cyber Capital, Beer Sheva, Cyber@BGU serves as a platform for the most innovative and technologically challenging projects with various industrial and governmental partners. As it counts up to its fiftieth anniversary, the University’s research becomes ever more relevant as its global reach broadens.

About BullGuard

BullGuard is a market leader in consumer cybersecurity. We make it simple to protect everything in your digital life – from your data, to your identity and your smart home. The BullGuard product portfolio extends to PCs, Macs, and Android tablet and smartphone protection, and includes internet security, comprehensive mobile security and 24/7 identity protection. BullGuard released the world’s first IoT vulnerability scanner and leads the consumer cybersecurity industry in providing continuous innovation.

Dojo by BullGuard is an award-winning intelligent cyber defense system and service that provides the highest level of protection to consumers across all of their connected devices and smart homes. Dojo is the cornerstone of a smart home, ensuring a connected world where every consumer in every home, is smart, safe and protected.

Privately held, BullGuard is based in BucharestLondon, Silicon Valley and Herzliya, Israel. Follow us on Twitter @BullGuard and @DojoSafe, like us on Facebook at BullGuard and Dojo or learn more at

All trademarks contained herein are the property of their respective owners.


Source: PRNewswire

Israel slides to number 70 out of 200 nations surveyed on average download speed, as the duopoly that controls the market drags its feet on fiber optics


The Startup Nation has slow internet.

In fact, not only is Israel’s internet speed slow, it is also increasing more slowly than other countries’. A lack of competition in the market means there is little incentive for the only two major suppliers to invest in costly infrastructure, resulting in Israelis not having the speed they need in a world that is becoming increasingly digitalized.

According to a report published last month by M-Lab that looked at internet speeds from June 2017 to May 2018, Israel ranks 70th out of 200 nations surveyed, and is losing pace compared with other nations.

The nation has an average download speed of 7.64 megabits per second, well below the global average of 9.10 Mbps, for the period studied. In the same period a year earlier, Israel ranked 60th out of the 189 nations surveyed, with an average download speed of 7.2 Mbps.

Israel’s internet speed is listed among the lowest for European states, just above Bosnia and Herzegovina, ranked 71.

Montenegro (74), Georgia (77), Albania (86), Turkey (91) and Armenia (107) were the only European countries that came in below Israel and Bosnia and Herzegovina.

The data for the report was collected by M-Lab — a partnership between New America’s Open Technology Institute, Google Open Source Research, Princeton University’s Planet Lab and others — and compiled by Cable.

“There is a lack of investment in infrastructure,” said Lavi Shiffman, a member of the board of the Israel Internet Association, a nonprofit organization dedicated to promoting the use of the internet for research and collaboration. “If you don’t march forward you go backward.”

Lavi Shiffman, a member of the Israel Internet Association (Courtesy)

It takes 1 hour, 29 minutes and 21 seconds to download a typical HD movie in Israel compared to 11 minutes and 18 seconds in Singapore, according to the report.

For the June 2017- May 18 period, Singapore topped the ranking, unchanged from the same period a year earlier, with a 60.39 Mbps average download speed. Yemen was at the bottom of the list for both periods, with an average download speed of 0.31 Mbps.

“It is difficult to actually rank internet speeds, “said Shiffman. There are many methods of calculation, he said, each yielding different averages. But even if the numbers could be quibbled about, “it is clear that we are not in a good place, and much lower than what we’d expect from Startup Nation” — with all its high tech, cybersecurity and artificial intelligence prowess. “We are not where we should be.”

The need for speed

As more things become connected to the internet — from smart cars to smart homes and fridges and TVs — faster internet speeds are needed for their use to be efficient. And research has shown that an increase in internet speed, through the penetration of fixed broadband, helps boost economic growth.

According to a 2009 World Bank study, a 10-percentage point increase in fixed broadband penetration would increase GDP growth by 1.21% in developed economies and 1.38% in developing ones. Broadband internet could have a positive effect on the economy, including the creation of new jobs and new small and medium-sized businesses, a June 2017 Knesset research department paper (Hebrew) said.

“Internet today is not a luxury, but a utility. We need it just as we need electricity, gas and water,” said Shiffman.

“Speed means opportunities,” said Oleg Brodt, chief innovation officer of the cybersecurity unit at Ben-Gurion University of the Negev (Cyber@BGU) and the R&D director for Deutsche Telecom Innovation Labs Israel. Users are moving to the cloud to perform their calculations and store their data, and to do that they need high internet speeds.

Oleg Brodt, R&D director, Deutsche Telekom Innovation Labs Israel and chief innovation officer, Cyber@BGU (Courtesy)

“Without the necessary speeds, the whole cloud economy gets hit,” as does the self-driving car revolution, since these cars need high-speed internet for the constant transmission of data to the car operators, he explained. “As a country, we cannot be in a situation in which we cannot be ready for these revolutions.”

In addition, because of slow internet speeds, Israel’s startup industry has not been able to jump onto the internet streaming bandwagon — as Sweden’s Spotify Technology, US media services provider Netflix and video-sharing website YouTube have done.

“We are Startup Nation but we have very few startups of services based on internet speed,” he said.

What’s the holdup?

The low speeds, and the lack of rapid progress, can be attributed to an absence of competition in the market and to the failure of the companies that rule the market to spend the money needed to deploy the infrastructure necessary for an upgrade.

The 2017 Knesset 2017 study mentioned above showed that in 2002-2015, investment in communications infrastructure in Israel declined by 36%, whereas investments in transportation, energy and water infrastructure grew 81%, 57% and 165%, respectively.

Israel’s internet industry is controlled by two companies — telecom giant Bezeq and Hot Telecommunication Systems Ltd., a cable television and telecommunications provider. These two firms control some 95 percent of the internet market, according to the Israel Internet Association. They have also been granted licenses to roll out fiber-optic networks.

Fiber-optic networks use light signals beamed along hollow cables rather than electricity along copper wires, as the current systems use. Fiber optics can offer download speeds of several gigabits per second, compared to current speeds, which are measured in tens of megabits per second.


Bezeq workers installing fiber optic cables. (Courtesy)

In 2009, Bezeq launched its Next Generation Network project (NGN), which laid fiber-optic cables as close as it could to homes and offices, but the so-called “last mile” — the portion of the network that reaches into consumers’ premises — still consists of copper cables. These copper cables slow down the network, and the further the fiber-optic cables are from the premises, the slower the speeds.

Today, all of Bezeq’s customers have been connected to the NGN network, which provides speeds of 40 to 100 Mbps, according to company data. In addition, the company has deployed fiber optic cables to the home networks of 60% of its customers, but has not activated the network, nor has it performed the intensive manual work to connect it to homes and offices.

Bezeq has claimed that it is expensive to activate the system and is still debating what technology it should use to bring it online. It also says it is waiting for the regulator to set out the service terms for the network’s operation.

Meanwhile, Hot boasts it can provide customers with the fastest internet in Israel with speeds of 200 Mbps, but, according to a Channel 10 TV report, these are not fiber optic cables, and so the speeds enjoyed by its 700,000 customers are way below what they could actually be.

A spokeswoman for Hot did not respond to phone calls and text messages seeking comment.

No incentive to invest

There are a number of reasons Israel doesn’t have fast internet, explained a former Communications Ministry official.

First, rolling out the networks and activating them is far more expensive and less cost-effective than originally thought, due in part to Israel’s relatively small population. For cities like London and New York, which could have thousands of customers per building, the effort and expense are more worthwhile.

In addition, the official said, the duopoly controlling the fixed line telecommunications market has no competition and no real incentive to spend large sums to deploy the new systems.

Furthermore, the controlling shareholders of the two firms have been mired in debt, said the official, making it less attractive for them to invest in infrastructure when they could be milking their companies for dividends instead.

The controlling shareholder of Bezeq and its former chairman, business tycoon Shaul Elovitch, who is also reportedly a friend of Prime Minister Benjamin Netanyahu, is embroiled in a fraud probe by the securities watchdog and the police for alleged dodgy dealings with the Communications Ministry and favorable treatment by its managing director, appointed by Netanyahu, who also headed the ministry at the time. Other Bezeq officials, including its chief executive officer, have also been involved in the probe and have since resigned, including Elovitch himself, who reportedly owes nearly NIS 1 billion to banks.

All of those involved in the probe, including Netanyahu, have denied any wrongdoing or impropriety.

Meanwhile, the French and Israeli billionaire founder of Hot Telecommunication, Patrick Drahi, who has also made a series of debt-fueled acquisitions around the world, is seeing his global telecom provider Altice NV struggle with debt.

In an emailed statement to The Times of Israel, Bezeq said: “Bezeq is the only entity that can speed up surfing speeds via the optic fibers for each and every home in Israel, from Kiryat Gat to Eilat, as opposed to other telecom firms that connect just the wealthiest towers and homes in Tel Aviv and high-tech areas in the center of the country.”

Bezeq has laid out its initial infrastructure of fiber optic cables throughout the country “with an investment of hundreds of millions of shekels,” the statement said. “We will continue to invest, and will activate it as soon as possible” and as soon as the regulator determines the terms for the service.

“Bezeq will connect both the periphery and the center of the nation to the fiber optic network, as soon as it can,” the statement said.

Efforts by the regulator to inject competition into the market have failed, even as the government poured some NIS 150 million ($41 million) into a fiber-optics venture that aims to bring the fast internet speed revolution to Startup Nation.

An illustrative image of a router with a serial console (GrashAlex; iStock by Getty Images)

On Sunday cabinet ministers approved a measure to revitalize the Israel Broadband Company (IBC), also known by its brand name Unlimited — a faltering fiber-optics company that had initially been hailed as “revolutionary.”

In their decision, the ministers agreed to ease the terms of the license granted to the consortium, which had been set up IN 2013 by the Israel Electric Corporation and Sweden’s Via Europa, to allow it to deploy its network to just 40 percent of households in Israel, located in the major cities, rather than across the entire country, as originally mandated.

This reduction was a key demand from communications company Cellcom, which agreed to purchase a 70% stake in IBC in order to keep the financially struggling enterprise afloat.

The original plan envisioned IBC installing fiber optics along the electric company’s existing electric cables, saving the enormous cost of creating a separate infrastructure, and connecting every user in Israel. However, because layout costs have far exceeded expectations, IBC has only succeeded in connecting around 150,000 households to the upgraded system.

In a text message, IBC said that the government’s Sunday decision “ensures the future of the company” and its task of bringing fiber-optic cables to Israel.

“The process approved by the government will enable high-speed surfing for the country’s citizens…. and will position the country at the forefront of countries benefiting from a fiber-optic layout,” Communications Minister Ayoub Kara said in a statement, following the decision on IBC.

The cabinet decision paved the way for Cellcom on Wednesday to enter as a partner into the venture. Cellcom and Israel Electric said that the cellular communications provider will inject NIS 100 million ($27 million)  into IBC for a 70 percent stake, a move that the new partners hope will breathe new life into the project.

“This is good news for Israel as the partnership will help IBC get out of the rut it has been stuck in,” Israel Internet Association’s Shiffman told The Times of Israel. “It is a pity though that for the deal to happen the government had to forfeit 60% of households,” which will not have access to the IBC network.

The ministry is also planning to compel Bezeq to share its internet infrastructure with Israeli cellular providers Cellcom Israel Ltd. and Partner Communications Co. to increase competition, Globes reported on Wednesday, as part of a wholesale market reform that was passed in 2014 but never enforced.

Other paths to speed

Besides upgrading the current infrastructure, internet speeds could be boosted through the use of other technologies, such as the deployment of fifth-generation wireless networks, which promise to greatly increase the speed, degree of coverage and responsiveness of wireless networks, said Ben-Gurion University’s Brodt.

“But even in this we are lagging behind,” he said. South Korea is already planning to launch 5G service in March, while in the US and in European countries it is expected to take off sometime in 2020.

“In Israel we are only now talking about 5G,” he said.

More competition in the internet market will lead to better services, said Brodt.

“If it doesn’t happen, it will be very unfortunate,” he said. “We will find ourselves more and more falling behind.”



Researchers at a university in Israel have found ways to turn smart irrigation systems into a botnet that could theoretically drain some of a city’s water reserves. But don’t panic.

Hackers could mess with a city’s water supplies without attacking its critical infrastructure directly, but instead targeting its weakest link: internet-connected sprinklers, researchers warn in a new academic study.

The researchers studied three different Internet of Things devices that help control irrigation and found flaws that would allow malicious hackers to turn them on remotely in an attempt to drain water. The attacks don’t rely on fancy hacking techniques or hard to find vulnerabilities, but to make a real, negative impact on a city’s water reserves, the hackers would need to take control of a lot of sprinklers. According to the researcher’s math, to empty an average water tower, hackers would need a botnet of 1,355 sprinklers; to empty a flood water reservoir, hackers would need a botnet of 23,866 sprinklers.

The researchers say their attacks are innovative not because of the techniques, but because they don’t rely on targeting a city’s critical infrastructure itself, which is (or should be) hardened against hackers. Instead, it attacks weak Internet of Things devices connected to that infrastructure.

It’s an “indirect attack,” Ben Nassi, a Ph.D student at Ben Gurion University and the main author of the study, told me in an email, “using IoT devices that are much easier to hack and attack.”

Nassi and his colleagues focused on the GreenIQRainmachine, and BlueSpray, which are all internet-connected irrigation controllers. They theorized that hackers could attack them by first taking control of a botnet of computers, and then scanning it to find whether there’s any of those smart irrigation systems connected.

The researchers found that GreenIQ and BlueSpray devices connect to their servers using unencrypted HTTP connections. So an attacker who has compromised a computer in the same network as the GreenIQ device can just intercept the commands and replace them in a classic Man In The Middle attack.

In the case of the RainMachine, the researchers found that they could spoof the weather forecast that the server sends to the RainMachine, tricking it into believing the weather is hot and arid and thus triggering it to irrigate. This attack also relies on the lack of HTTPS encryption between the server and the RainMachine weather API, according to the researchers.

GreenIQ, Rainmachine, and BlueSpray did not respond to a request for comment. The researchers said that GreenIQ added encryption after they reported the issue.

It’s unclear how dangerous these attacks can really be outside of an academic scenario, but they do demonstrate that the proliferation of internet of things devices—many of which are insecure—can have unintended security implications.

Cesar Cerrudo, the chief technology officer at IOActive, and a security researcher who has studied smart cities, said that the attacks laid out by the Ben Gurion researchers are “not a cool hack,” because they rely on tried and tested techniques.

“These are just weak systems that are not externally exposed nor using wireless communications, then you need internal network access, non encrypted communications and other vulnerabilities to hack them,” Cerrudo told me in an email.

Robert Lee, the CEO of infrastructure security startup Dragos, told me that the impact of this attack is likely “hyped” because in the real world “a water company would see an increase flow and cut it off until they determined what was wrong—wouldn’t just let it drain all the water.”

In other words, yes, we need to think about internet of things security, and cool proof-of-concept hacks like this are instrumental in showing these weaknesses. But we aren’t likely to see a hacker draining a town’s water supply doing this anytime soon..


Source: Motherboard

About Us

Cyber@BGU is an umbrella organization at Ben Gurion University, being home to various cyber security, big data analytics and AI applied research activities.Residing in newly established R&D center at the new Hi-Tech park of Beer Sheva (Israel’s Cyber Capital), Cyber@BGU serves as a platform for the most innovative and technologically challenging projects with various industrial and governmental partners.

Latest Publications

Deployment Optimization of IoT Devices through Attack Graph Analysis

Noga Agmon, Asaf Shabtai, Rami Puzis

Department of Software and Information Systems Engineering, Ben-Gurion University of the Negev, 11 Apr 2019

Deployment Optimization of IoT Devices through Attack Graph Analysis

Noga Agmon, Asaf Shabtai, Rami Puzis

Department of Software and Information Systems Engineering, Ben-Gurion University of the Negev, 11 Apr 2019

The Internet of things (IoT) has become an integral part of our life
at both work and home. However, these IoT devices are prone to vulnerability exploits due to their low cost, low resources, the diversity
of vendors, and proprietary firmware. Moreover, short range communication protocols (e.g., Bluetooth or ZigBee) open additional
opportunities for the lateral movement of an attacker within an organization. Thus, the type and location of IoT devices may significantly
change the level of network security of the organizational network.
In this paper, we quantify the level of network security based on
an augmented attack graph analysis that accounts for the physical
location of IoT devices and their communication capabilities. We
use the depth-first branch and bound (DFBnB) heuristic search algorithm to solve two optimization problems: Full Deployment with
Minimal Risk (FDMR) and Maximal Utility without Risk Deterioration (MURD). An admissible heuristic is proposed to accelerate the
search. The proposed method is evaluated using a real network with
simulated deployment of IoT devices. The results demonstrate (1)
the contribution of the augmented attack graphs to quantifying the
impact of IoT devices deployed within the organization on security,
and (2) the effectiveness of the optimized IoT deployment.


CT-GAN: Malicious Tampering of 3D Medical Imagery using Deep Learning

Yisroel Mirsky, Tom Mahler, Ilan Shelef, Yuval Elovici

Department of Information Systems Engineering, Ben-Gurion University, Israel Soroka University Medical Center. 3 Apr 2019

CT-GAN: Malicious Tampering of 3D Medical Imagery using Deep Learning

Yisroel Mirsky, Tom Mahler, Ilan Shelef, Yuval Elovici

Department of Information Systems Engineering, Ben-Gurion University, Israel Soroka University Medical Center. 3 Apr 2019

In 2018, clinics and hospitals were hit with numerous attacks
leading to significant data breaches and interruptions in
medical services. An attacker with access to medical records
can do much more than hold the data for ransom or sell it on
the black market.
In this paper, we show how an attacker can use deeplearning to add or remove evidence of medical conditions
from volumetric (3D) medical scans. An attacker may perform
this act in order to stop a political candidate, sabotage research,
commit insurance fraud, perform an act of terrorism, or
even commit murder. We implement the attack using a 3D
conditional GAN and show how the framework (CT-GAN)
can be automated. Although the body is complex and 3D
medical scans are very large, CT-GAN achieves realistic
results which can be executed in milliseconds.
To evaluate the attack, we focused on injecting and
removing lung cancer from CT scans. We show how three
expert radiologists and a state-of-the-art deep learning AI are
highly susceptible to the attack. We also explore the attack
surface of a modern radiology network and demonstrate one
attack vector: we intercepted and manipulated CT scans in an
active hospital network with a covert penetration test.


Analysis of Location Data Leakage in the Internet Traffic of Android-based Mobile Devices

Nir Sivan, Ron Bitton, Asaf Shabtai

Department of Software and Information Systems Engineering Ben-Gurion University of the Negev. 12 Dec 2018

Analysis of Location Data Leakage in the Internet Traffic of Android-based Mobile Devices

Nir Sivan, Ron Bitton, Asaf Shabtai

Department of Software and Information Systems Engineering Ben-Gurion University of the Negev. 12 Dec 2018

In recent years we have witnessed a shift towards personalized, context-based applications and services for mobile device users. A key component of many of these services is the ability to infer the current location and predict the future location of users based on location sensors embedded in the devices. Such knowledge enables service providers to present relevant and timely offers to their users and better manage traffic congestion control, thus increasing customer satisfaction and engagement. However, such services suffer from location data leakage which has become one of today’s most concerning privacy issues for smartphone users.

BGU researchers focused specifically on location data that is exposed by Android applications via Internet network traffic in plaintext (i.e., without encryption) without the user’s awareness. An empirical evaluation, involving the network traffic of real mobile device users, aimed at: (1) measuring the extent of location data leakage in the Internet traffic of Android-based smartphone devices; and (2) understanding the value of this data by inferring users’ points of interests (POIs).

The key findings of this research center on the extent of this phenomenon in terms of both ubiquity and severity.


Incentivized Delivery Network of IoT Software Updates Based on Trustless Proof-of-Distribution

Oded Leiba, Yechiav Yitzchak, Ron Bitton, Asaf Nadler, Asaf Shabtai


Incentivized Delivery Network of IoT Software Updates Based on Trustless Proof-of-Distribution

Oded Leiba, Yechiav Yitzchak, Ron Bitton, Asaf Nadler, Asaf Shabtai


The Internet of Things (IoT) network of connected devices currently contains more than 11 billion devices and is estimated to double in size within the next four years. The prevalence of these devices makes them an ideal target for attackers. To reduce the risk of attacks vendors routinely deliver security updates (patches) for their devices. The delivery of security updates becomes challenging due to the issue of scalability as the number of devices may grow much quicker than vendors’ distribution systems. Previous studies have suggested a permissionless and decentralized blockchainbased network in which nodes can host and deliver security updates, thus the addition of new nodes scales out the network. However, these studies do not provide an incentive for nodes to join the network, making it unlikely for nodes to freely contribute their hosting space, bandwidth, and computation resources.
In this paper, we propose a novel decentralized IoT software update delivery network in which participating nodes (referred to as distributors) are compensated by vendors with digital currency for delivering updates to devices. Upon the release of a new security update, a vendor will make a commitment to provide digital currency to distributors that deliver the update; the commitment will be made with the use of smart contracts, and hence will be public, binding, and irreversible. The smart contract promises compensation to any distributor that provides proof-of-distribution, which is unforgeable proof that a single update was delivered to a single device. A distributor acquires the proof-of-distribution by exchanging a security update for a device signature using the Zero-Knowledge Contingent Payment (ZKCP) trustless data exchange protocol. Eliminating the need for trust between the security update distributor and the security consumer (IoT device) by providing fair compensation, can significantly increase the number of distributors, thus facilitating rapid scale out.


Photo Gallery