Press

​The growing popularity of personal and commercial drone use in populated areas poses significant risks both for society and drones as a result of lack in additional technology that is required to secure both parties from one another. The lack of supporting technology could be exploited by malicious entities for cyberattacks, terrorism, crime and threats to privacy and also to attack drones while flying for a legitimate purpose, according to a new research report by Ben-Gurion University of the Negev (BGU) researchers and Fujitsu System Integration Laboratories Ltd.

The first comprehensive study on “Security and Privacy Challenges in the Age of Drones” evaluates 200 academic and industry techniques designed to detect and disable drones flying in both unrestricted and restricted areas. Its findings coincide with the U.S. government proposal to allow civilian drone flights with new security rules that permit deliveries and other commercial uses in populated areas.

“The cutting-edge technology and decreasing drone prices made them accessible to individuals and organizations, but has created new threats and recently caused an increase in drone-related incidents,” says Ben Nassi, a Ph.D. student in BGU’s Department of Software and Information Systems Engineering (SISE) and a researcher at the BGU Cyber Security Research Center. “There are many difficulties that militaries, police departments, and governments are seeking to overcome, as it is a recognized threat to critical infrastructure, operations, and individuals.”

The researchers examined different ways to detect drones in drone-restricted areas including radar, RF Scanners, thermal cameras, sound and hybrids of these methods. However, they believe the biggest challenge is determining the drone’s purpose in non-restricted areas. For example, whether a detected drone is being used by its operator to deliver a pizza, spy on someone in a shower, launch a cyber-attack, or smuggle goods.

“An open-skies policy that allow drones to fly over populated areas pose a significant challenge in terms of security and privacy within society” says Prof. Yuval Elovici, Ben Nassi’s Ph.D. advisor, who is director of the Deutsche Telekom Innovation Labs@BGU; director of the BGU Cyber Security Research Center, SISE faculty member and the Davide and Irene Sala Chair in Homeland Security Research.

“Attackers can disguise a cyber-attack as legitimate drone pizza delivery by hiding the hardware they use inside the pizza box. To illustrate, the BGU and Fujitsu researchers demonstrate an attack exploiting a pizza delivery to launch cyber-warfare against smart cities by triggering watering via cellular smart irrigation system.

​​​The researchers also demonstrate a new physical method to disable drone’s active tracking functionality, a new technology that was recently introduced by drone manufacturers that is based on computer vision algorithms.

​“In an unrestricted area, we believe that there is a major scientific gap and definite risks that can be exploited by terrorists to launch a cyber-attack,” Nassi says. “It is inevitable that drones will become more widespread, but we need to recognize that open-skies policy pose multiple risks and that current solutions are unable to solve as a result of a major scientific gap in this area.”

The researchers propose methods that enable flying drone identification as well as registration, which is now a U.S. regulation. This includes dedicated techniques for authenticating drones and their operators. While in their previous study, the researchers demonstrated a new technique to detect a spying drone, new methods to determine the purpose of a nearby drone must be developed.

The research team also included Dr. Asaf Shabtai from BGU SISE, as well as Dr. Ryusuke Masuoka and Kohki Ohhira from Fujitsu System Integration Laboratories Ltd.​

Media Coverage:
Security Brief Asia
IEEE Spectrum
Smart Cities World​

Source: Ben-Gurion University of the Negev

The new Center for Computational Criminology was launched on Wednesday at BGU. The Center, a joint initiative of the Israel Police and BGU, will develop advanced cyber, big data and artificial intelligence tools to fight crime.

The ceremony was held at BGU’s Advanced Technologies Park in the presence of Israel Police Commissioner Roni Alsheikh and BGU President Prof. Rivka Carmi.

Above: Israel Police Commissioner Roni Alsheikh and BGU President Prof. Rivka Carmi sign the agreement to create the Center for Computational Criminology during a ceremony at BGU’s Advanced Technologies Park in Beer-Sheva on Wednesday afternoon

Cybercrime has risen precipitously in recent years as criminals and even rogue governments have capitalized on the anonymity of cyberspace to cloak their activities while reaping sizeable profits. Use of social media-based evidence has also been on the uptick in recent years as more and more information is shared online.

BGU researchers will work side by side with the Israel Police’s cyber investigators to develop new artificial intelligence and machine learning tools for law enforcement.

“The last, most significant scientific breakthrough to change law enforcement was DNA testing,” says Prof. Lior Rokach, head of the new Center, Chair of the Department of Software and Information Systems Engineering, and a leading expert on artificial intelligence, “Today, we are on the threshold of the next big breakthrough: analyzing big data to discover hidden patterns to predict and prevent crime. The AI revolution of the past few years will prove to be even more significant than DNA testing for law enforcement, providing them with unprecedented investigative tools and new sources of evidence.”

Israel Police Commissioner Roni Alsheikh: “The Israel Police’s Cyber Unit, which was created to lead the national effort to combat cybercrime, will be collaborating with BGU’s cybersecurity experts to constantly improve the police’s enforcement and prevention capabilities, by staying at the cutting edge of technological developments in the field. This cooperation will enable the police to bring technology to bear more effectively in enforcing the law and fighting crime, whether cybercriminals or traditional criminals, by turning a threat into an opportunity.”

BGU President Prof. Rivka Carmi said at the event, “BGU is a recognized international leader in cybersecurity, IoT and Big Data research. Putting that expertise to work for the State of Israel is a privilege and comes on the heels of the government’s decision to place the national CERT here at the ATP in Beer-Sheva. The Center will bring together academic research expertise and the world of law enforcement to prevent crime in cyberspace and in general.”

Cyber@BGU Director Prof. Yuval Elovici: “We have no doubt that the Israel Police will benefit from our cybersecurity experience and knowledge by applying it to their operations.”

Cyber@BGU (CBG) serves as a shared research platform for the most innovative and technologically challenging cyber-related projects, in partnership with various multi-national companies and governmental organizations.

Situated in BGU’s Advanced Technologies Park in Beer-Sheva (Israel’s Cyber Capital), CBG encompasses, among others, the Cyber Security Research Center, a joint initiative with the Israel National Cyber Bureau, and the Telekom Innovation Laboratories in partnership with Deutsche Telekom.

Core research under the Cyber@BGU umbrella includes IoT security; cyber for intelligent transportation; cyber for aviation; malware; AI-based cyber defense; blockchain; network security; adversarial AI; machine learning; deep learning; fraud detection; and Big Data analysis for cyber security.

Above: Israel Police Commissioner Roni Alsheikh receives a memento of the occasion from BGU President Prof. Rivka Carmi

Source: Ben-Gurion University of the Negev

Faraday rooms or “cages” designed to prevent electromagnetic signals from escaping can nevertheless be compromised and leak highly sensitive data, according to new studies by BGU’s Cyber@BGU.

Research led by Dr. Mordechai Guri (pictured right), the head of research and development of Cyber@BGU showed for the first time that a Faraday room and an air-gapped computer that is disconnected from the internet will not deter sophisticated cyber attackers.

Air-gapped computers used for an organization’s most highly sensitive data might also be secluded in a hermetically-sealed Faraday room or enclosure, which prevents electromagnetic signals from leaking out and being picked up remotely by eavesdropping adversaries.

In two newly-released reports, the team demonstrated how attackers can bypass Faraday enclosures and air gaps to leak data from the most highly secured computers. The Odini method, named after the escape artist Harry Houdini, exploits the magnetic field generated by a computer’s central processing unit (CPU), to circumvent even the most securely- equipped room.

​“While Faraday rooms may successfully block electromagnetic signals which emanate from computers, low-frequency magnetic radiation disseminates through the air, penetrating metal shields within the rooms,” explains Dr. Guri. “That’s why a compass still works inside of a Faraday room. Attackers can use this covert magnetic channel to intercept sensitive data from virtually any desktop PCs, servers, laptops, embedded systems and other devices.”

In another documented cyberattack, researchers utilized malware keystrokes and passwords on an air-gapped computer to transfer data to a nearby smartphone via its magnetic sensor. Attackers can intercept this leaked data even when a smartphone is sealed in a Faraday bag or set on “airplane mode” to prevent incoming and outgoing communications. Click here to watch the demonstration.

Dr. Guri’s research team includes BGU Department of Electrical and Computer Engineering Ph.D. student Boris Zadov, Andrei Daydakulov, and Prof. Yuval Elovici, who is director of the Cyber@BGU, director of Deutsche Telekom Innovation Labs@BGU and a member of the BGU Department of Software and Information Systems Engineering.

Above: A smartphone in a Faraday bag.​​

BGU and Amdocs launched the joint Amdocs Ben-Gurion University Research Laboratory recently to cultivate cooperation in the areas of Artificial intelligence and Machine Learning. The Department of Software and Information Systems Engineering will partner with Amdocs to further research on these critical issues.

“We are excited about the launch of a new Amdocs-BGU research lab. The joint lab team will join forces to push the frontiers in these fields,” said Yaron Sverdlov, CIO of Amdocs, and Mr. Oleg Brodt, Head of Research and Development at BGU’s Cyber Security Research Center.

The joint lab will be led by Prof. Bracha Shapira, deputy dean for research of the Faculty of Engineering Sciences and the incumbent of the Carole Weinstein Chair in Information Systems Engineering.

In addition to Prof. Shapira and Brodt, Netta Cohen, CEO of BGN Technologies, represented BGU at the ribbon-cutting ceremony. Amdocs was represented by Sverdlov, Hanoch Sapoznikov, Lead of Worldwide Academic Relations, Daphne Gottschalk, Head of Innovation, and Dr. Tomer Simon, IT Futurist and Director of Innovation & Academic Collaboration.​

Source: Ben-Gurion University of the Negev

BGU’s W.A. Minkoff Senate Hall became a TEDx venue last week as President Prof. Rivka Carmi and five other speakers took to the stage to discuss issues at the heart of modern civilization.

The event was sponsored by the CyberSpark Industry Initiative.

Video clips of each talk will be available in the near future.

The speakers:

Rivka Carmi, BGU President

Prof. Carmi has studied & worked hard on her way up to the very top. Few have the perseverance and stubborn determination required to be a military commander, straight-A student, pediatrician, geneticist, University president & chair of Israel’s University presidents committee. All this despite and thanks to the fact she is a woman; and, like many other women, Prof. Carmi faced gender discrimination and bias on her way to the top. But now, from the height of her accomplishments, she’s able and ready to make a change.

Yuval Elovici, Head of Cyber Security Research Center

We hear the term ‘Internet of Things’ thrown around a lot and it seems that as a society we are developing some sort of phobia of ‘smart’ devices. Think of your typical day: you wake up, do your morning routine, open the fridge, maybe turn on the heating, and the boiler for the shower. You get into your car and drive to work. On the TEDxBGU stage, Prof. Elovici takes us through a typical day just a few years from now, when all those items will be connected to the cloud and make us realize the power of connectivity, for good or ill.

Ran Balicer, Director at Clalit Research Institute

Prof. Balicer is at the forefront of medical research. In fact, he’s so far ahead of us all that he sees the idea of going to the doctor when you are sick as absurd. Predictive technologies are making their way to medicine and, on the TEDx stage, Prof. ​Balicer proves to us that in just a few years, if we end up sick in the doctor’s office, then medicine failed us.

Yaniv Harel, Cyber Solutions Group CEO, Dell EMC

Yaniv’s group at Dell gets up close and personal day after day with the world’s scariest cyber threats. He faces groups of hackers who learn from each other all the time and try to develop collaborative mechanisms that can outsmart our own defense tactics. Yaniv dives deep into the future of cyber threats, telling us what we’re up against – and if we are ready.

Mark Gazit, ThetaRay, CEO

When’s the last time someone stole from you? Mark’s here to tell us it was yesterday, or maybe just five minutes ago. The point is – we don’t even know. Mark is an entrepreneur building solutions for complex problems. In his latest role, Mark is working on preventing online theft and fraud, and, in doing so, he encounters much bigger questions. Do we even know we are being robbed?

Doron Stern, TS Law, Founding Partner

In our modern world, it seems there is a precedent for everything we do, for every crime that occurs. Sometimes it feels like everything is regulated, maybe even over-regulated, and there are clearly defined authorities in charge of enforcing the law. However, when it comes to Cyber Law, Doron is constantly bombarded with unprecedented, new types of crime that we need to know about.  Is our justice system ready?

Source: ​​​Ben-Gurion University of the Negev

Malware Lab researchers at Ben-Gurion University of the Negev (BGU) are warning medical imaging device (MID) manufacturers and healthcare providers to become more diligent in protecting medical imaging equipment from cyber threats.

In their new paper, “Know Your Enemy: Characteristics of Cyber-Attacks on Medical Imaging Devices,” Malware Lab researchers demonstrate the relative ease of exploiting unpatched medical devices, such as computed tomography (CT) and magnetic resonance imaging (MRI) machines, many of which do not receive ongoing security updates. Consequently, an attacker can easily compromise the computer that controls the CT device causing the CT to emit high rates of radiation, which can harm the patient and cause severe damage. Attackers can also block access to MIDs or disable them altogether as part of a ransom attack, which has already occurred worldwide.

This study is a new frontier in cyber security research. It is part of a larger-scale research project called Cyber-Med, initiated by Dr. Nir Nissim, the head of the Malware Lab at BGU’s Cyber Security Research Center (CSRC). Cyber-Med aims to develop security mechanisms for the entirety of medical devices’ eco-systems including implanted pace-makers, robotic surgeon systems (e.g. Da-Vinci), medical information systems and protocols, ICU medical devices and MIDs. In recent years, MIDs are becoming more connected to hospital networks, which make them vulnerable to sophisticated cyber-attacks that can target a device’s infrastructure and components and fatally jeopardize a patient’s health and the hospital systems operations.

The research was released ahead of the Cybertech Conference which begins this afternoon (Monday) and runs through Wednesday at the Tel Aviv Fairgrounds. BGU is the conference’s academic partner. Cybertech is one of the biggest and most important cyber events in the world. Every year, Cybertech draws thousands of guests and groups from abroad, including delegations from 80 countries.

Malware Lab experts predict attacks on MIDs will increase. They foresee attackers developing more sophisticated skills directed at these types of devices, the mechanics and software of which are often installed on outdated Microsoft PCs.

“CTs and MRI systems are not well-designed to thwart attacks,” says lead author Dr. Nir Nissim, who simulates MID cyberattacks together with his MSc student Tom Mahler. Tom is part of the Malware Lab’s research team which includes 17 outstanding research students, and conducted the research under the supervision of Dr. Nir Nissim,  Prof. Yuval Elovici, director of Cyber@BGU and Prof. Yuval Shahar, director of BGU’s Medical Informatics Research Center. “The MID development process, from concept to market, takes three to seven years. Cyber threats can change significantly over that period, which leaves medical imaging devices highly vulnerable.”

Dr. Nir Nissim, head of BGU’s Malware Lab and lead author

The study, conducted in collaboration with Clalit Health Services, Israel’s largest health maintenance organization, included a comprehensive risk analysis survey based on the “Confidentiality, Integrity and Availability” risk model, which addresses information security within an organization.

Researchers targeted a range of vulnerabilities and potential attacks aimed at MIDs, medical and imaging information systems and medical protocols and standards. While they discovered vulnerabilities in many of the systems, they found that CT devices face the greatest risk of cyberattack due to their pivotal role in acute care imaging. Simulated cyberattacks revealed four dangerous outcomes:

1. Disruption of scan configuration files − By manipulating these files, an attacker can install malware that controls the entire CT operation and puts a patient at great risk.

2. Mechanical MID motor disruption – Medical imaging devices have several components with mechanical motors, including the bed, scanner and rotation motors, which receive instructions from a control unit, such as the host computer (PC). If malware infects the host computer, an attack on the motors can damage the device and injure a patient.

3. Image results disruption − Because a CT sends scanned results connected to a patient’s medical record via a host computer, an attack on that computer could disrupt the results, requiring a second exam. A more sophisticated attack may alter results or mix up a transmission and connect images to the wrong patient.

4. Ransomware − This malware encrypts a victim’s files and demands a ransom to decrypt them. The WannaCry attack, which affected more than 200,000 devices in more than 150 nations in May 2017, directly infected tens of thousands of U.K. and U.S. hospital devices, including MRIs.

“In cases where even a small delay can be fatal, or where a dangerous tumor is removed or erroneously added to an image, a cyberattack can be fatal,” says Mahler. “However, strict regulations make it difficult to conduct basic updates on medical PCs, and merely installing anti-virus protection is insufficient for preventing cyber-attacks.”

BGU Malware Lab researchers are working on new techniques to secure CT devices based on machine learning methods. The machine-learning algorithm analyzes the profile of the patient being scanned as well as many additional operational parameters of the CT itself, and produces an anomaly detection model based on a clean CT machine. Once the machine is infected, the detection model can identify the change in its behavior and its operational parameters and alert the administrator accordingly.

In future research, Nissim and his team will conduct nearly two dozen attacks to further uncover vulnerabilities and propose solutions to address them. They are interested in collaborating with imaging manufacturers or hospital systems for in situ evaluation.

In addition to Dr. Nir Nissim, the head of the Malware-Lab and a researcher in the Telekom Innovation Labs@BGU, the research team includes  Dr. Erez Shalom, research manager at BGU’s Center for Digital Innovation Digital Health Lab; Prof. Yuval Elovici, director of the Telekom Innovation Labs@BGU, director of Cyber@BGU and a member of the BGU Department of Software and Information Systems Engineering; and Prof. Yuval Shahar, who is head of BGU’s Medical Informatics Research Center and Tom Mahler. They collaborated with Dr. Arnon Makori, Itzik Kochav and Israel Goldenberg from Clalit Health Services.

Dr. Nissim’s student Tom Mahler

“As the Israeli academic leader in cyber security research, we partnered with Israel Defense to help create the Cybertech Conferences four years ago,” says BGU President Prof. Rivka Carmi. “Cybertech is the preeminent forum in Israel to showcase our success in cyber research, innovation and commercialization and we will continue to play a leadership role in that arena.”

BGU will be represented both at the Cybertech conference and the exhibition. At the exhibition, BGU will be part of the CyberSpark Beer-Sheva pavilion. At the conference, Prof. Carmi will welcome the attendees on Tuesday morning at 8:50 a.m. and BGU researchers will take part in the panel sessions.

Source: Ben-Gurion University of the Negev

Prof. Lior Rokach head of the department, ​ ​Prof. Bracha Shapira deputy dean for research, Prof. Yuval Elovici director of deutsche telekom laboratories and cyber labs​ in Israel and Mr. Oleg Brodt director of development at the cyber labs
participated in the World Economic Forum Davos 2018

They lectured on the subject of artificial intelligence and cyber security

Source: Ben-Gurion University of the Negev

BGU’s top cybersecurity researchers will address the impact of artificial intelligence (AI) – the good, bad and the future at the World Economic Forum Annual Meeting in Davos, Switzerland, Tuesday, January 23. They are one of only two Israeli delegations presenting at the high-profile Davos event.

The BGU researchers’ session entitled Cyber-Forensics with Ben-Gurion University of the Negev is part of the IdeasLab forum on Tuesday, January 23 from 4:15 – 5:30 p.m. in the Congress Centre. The IdeasLab connects big ideas with big thinkers in an engaging session format where discussion leaders pitch cutting-edge scientific innovations.

The BGU cyber research experts will discuss how both hackers and defenders are harnessing the power of AI and how AI-enabled attacks are no match for current defenses.

“Ben-Gurion University is honored that our world-renowned cybersecurity research expertise will be prominently featured at this major world event,” says BGU President Prof. Rivka Carmi. “This is a significant milestone for the University and further acknowledgment that BGU is the place to go for cutting-edge cybersecurity innovation.”

BGU speakers include:

Prof. Yuval Elovici – Prof. Elovici will explain how attackers utilize AI to render their attacks undetectable. He is director of the Deutsche Telekom Innovation Labs@BGU, the telecommunications company’s only research and development lab outside of Germany. Elovici is also director of the Cyber Security Research Center and a member of the BGU Department of Software and Information Systems Engineering.

Prof. Bracha Shapira – Prof. Shapira will address how defenders use AI to catch abnormalities and deviations. She is the vice dean for Research, Faculty of Engineering Sciences, BGU. Prof. Shapira is a former chair of the Department of Software and Information Systems Engineering, and a member of the Deutsche Telekom Innovation Labs@BGU and the Cyber Security Research Center.

Prof. Lior Rokach – Prof. Rokach will discuss adversarial AI, and how attackers have started an AI arms race as they seek to circumvent systems. He will also provide recommendations on how defenders can prevent such circumvention. Prof. Rokach is chair of the Department of Software and Information Systems Engineering as well as a member of the Deutsche Telekom Innovation Labs@BGU and the Cyber Security Research Center.

Cyber@BGU (CBG) serves as a shared research platform for some of the world’s most innovative and technologically challenging projects in partnership with multi-national companies and governmental organizations. Situated in the Ben-Gurion Advanced Technologies Park in Beer-Sheva, Israel’s Cyber Capital, CBG encompasses the Cyber Security Research Center, a joint initiative with the Israel National Cyber Bureau, and the Telekom Innovation Laboratories, in partnership with Deutsche Telekom.

Core research included under the Cyber@BGU umbrella includes IoT security; cyber for intelligent transportation; cyber for aviation; malware; AI-based cyber defense; fraud detection; and Big Data analysis for cybersecurity.

The World Economic Forum Annual Meeting will be held January 23-26, 2018, in Davos, Switzerland. The BGU sessions will be available on demand on the Forum YouTube channel and TopLink following the session.

Source: Ben-Gurion University of the Negev

In this week’s IoT cyber security and cyber hygiene podcast, we had the pleasure of interviewing Omer Shwartz, a Ph.D student at the prestigious Information Systems Engineering Department at Ben Gurion University of the Negev, and an active member of the Implementation Security and Side-Channel Lab under Dr. Yossi Oren.
His latest published paper is titled, Opening Pandora’s Box: Effective Techniques for Reverse Engineering IoT Devices, in which him and his team analyzed the practical security level of 16 popular IoT devices and discuss how to improve their security without significantly increasing their cost.

This interview is <20 minutes, feel free to listen to it below or go ahead and read the edit. Enjoy!

Could you explain a bit about the work being done at the Implementation Security and Side-Channel Lab at Ben-Gurion University?
We are a relatively new lab, but with very exciting work: investigating all kinds of side channel leakage models and implementing security. My field is mainly around hardware security, but we research and work on all kinds of metrics to get information in and out of devices that are not meant to broadcast information. Some research I’ve done under Dr. Yossi Oren include a phone case that can exfiltrate phone data (location and conversations) while the user is unaware, and a project on how replacement touch-screens could be malicious and used to harm or spy on users.

How did you first get involved in cyber security and hacking, were you always breaking things?
Yeah, actually (laughing) since I was little I liked looking into things and figuring out how they work. I’ve been in the hacking community for around 15 years and always had an interest in hacking and cyber security before it became a really big and known issue as it is today. Cyber security always interested me, it’s like a hidden thing that really affects our world, and nobody really talked about it until recently, and it has a long way to go. There are so many threats that we have not seen yet, and that’s why I’m a part of this lab and studying towards a PhD, because I think there is so much to discover.

If cyber security has a long way to go, it’s probably because of the exponential growth of IoT devices, right?
IoT devices are a really big part of it. Nobody cared about cyber security before, but now that we have all these phones and IoT devices, everybody suddenly realizes that these things were never designed to be secure -they use infrastructure that was not designed to be secure.
It’s a really good place to be, from an Academic point of view, because there is so much to invest and research everywhere.

Share with us some details behind the research you conducted with Asaf Shabtai, Opening Pandora’s Box: Effective Techniques for Reverse Engineering IoT Devices, what was the thought process that went into it?
A friend of mine had hundreds of IoT devices for some cyber security research he was conducting and, out of curiosity he asked me if I could find any vulnerabilities in them, we didn’t think of writing a paper about it.
We began taking devices apart and looking inside and noticed that all the devices were really insecure. Many, if not most, IoT devices sold today can be accessed remotely with a default password, which is usually really simple.
But we also looked into what happens when an attacker has one of your networked devices, using it as a gateway to get network information and access. So we wrote a really comprehensive analysis of the devices’ vulnerabilities and compiled a large array of techniques used, some of them already known, but gathered in such a way as to allow other people to try them and see if their devices are secure.
Other than easily and cheaply cracking the passwords stored in these devices’ hash and creating our own Mirai botnet with them, we found vulnerabilities such as devices holding private communication key in the file system. Anyone that gets that key can listen to the device’s communication. It’s really bad security practice, but it seems that in IoT the most important thing is getting a product to market and not securing it properly.

What would be your recommendations for IoT manufacturers?
I’d start with not having hard-coded easy passwords and completely disabling remote-access. Also, nobody considers attackers with access to your device, but devices should be built in a way that make it harder to reverse-engineer -this is a difficult problem, but at least it shouldn’t be so easy to reverse-engineer. All the devices we used were really easy to reverse-engineer, they have special ports in the board that allows us to connect and communicate with the console quite easily, and that’s something that shouldn’t be on a production board, just on a development board. We were actually able to get all of our information because most of the devices’ debug ports were open, which combined with weak passwords, gave us full access to install our own software. So my recommendation is to disable the debug and WRT ports, and strong passwords hashed with strong algorithms.

What would be your cyber hygiene recommendations for technology consumers?
You know, they always say that humans are the weakest link in the cyber security chain, and this is correct in a way. I would recommend strong passwords, because the current way people use them today is incorrect, they should be long and hard to crack – and one should never reuse passwords to avoid bigger problems.
When it comes to IoT devices, I would recommend staying away from unknown manufacturers. I hope some of my research will lead to consumers and researchers using our techniques to inspect their own devices and realize what is in there, and whether they are secure or not, giving power to the consumers to understand what is being sold.

Source: The Netonomy Blog

The first technique to detect a drone camera illicitly capturing video is revealed in a new study published by Ben-Gurion University of the Negev (BGU) and Weizmann Institute of Science cyber security researchers. The study addresses increasing concerns about the proliferation of drone use for personal and business applications and how it is impinging on privacy and safety.

In a new paper, “Game of Drones – Detecting Captured Target from an Encrypted Video Stream,” the researchers demonstrate techniques for detecting if a targeted subject or house is being recorded by a drone camera.

“The beauty of this research is that someone using only a laptop and an object that flickers can detect if someone is using a drone to spy on them,” says Ben Nassi, a Ph.D. student of Prof. Yuval Elovici’s in BGU’s Department of Software and Information Systems Engineering and a researcher at the BGU Cyber Security Research Center. Elovici is the Center’s director as well as the director of Telekom Innovation Labs at BGU. “While it has been possible to detect a drone, now someone can also tell if it is recording a video of your location or something else.”

In the first demo, researchers show how a privacy invasion against a house can be detected. They used smart film placed on a window and entered a few software commands on a laptop to access the encrypted video the drone operator sees, called the FPV channel. This enabled the researchers to demonstrate how they detect that a neighbor is using a DJI Mavic drone to capture images of his own home and then illicitly stream video of his neighbor’s house, as well.

In a second outdoor test, researchers demonstrate how an LED strip attached to a person wearing a white shirt can be used to detect targeted drone activity. When researchers flickered the LED lights on the cyber-shirt, it caused the FPV channel to send an “SOS” by modulating changes in data sent by the flickering lights.

“This research shatters the commonly held belief that using encryption to secure the FPV channel prevents someone from knowing they are being tracked,” Nassi says. “The secret behind our method is to force controlled physical changes to the captured target that influence the bitrate (data) transmitted on the FPV channel.”

This method can be used on any laptop that runs Linux OS and does not require any sophisticated hacking or cryptographic skills.

“Our findings may help thwart privacy invasion attacks that are becoming more common with increasing drone use,” Nassi says. “This could have significant impact for the military and for consumers because a victim can now legally prove that a neighbor was invading their privacy.”

In previous research, Nassi showed how a laser mounted to a DJI Inspire 1 drone can use malware installed on an isolated (air-gapped) network scanner.

The research team also included Raz Ben-Netanel, a student in the BGU Department of Communication Systems Engineering. Prof. Adi Shamir from the Weizmann Institute of Science conceived the Game of Drones technique.

Source: Ben-Gurion University

Such cyberattacks in limelight as WikiLeaks shows how US spies use TVs, callphones and computers to get data

A researcher at Ben-Gurion University of the Negev (BGU) claims he has developed a series of algorithms that can “completely prevent” attackers from being able to utilize videos or pictures for spying purposes, warning that any video picture downloaded or streamed by users could be a potential vehicle for a cyberattack.

“Hackers like videos and pictures because they bypass the regular data transfer systems of even secure systems and there is a lot of space to implant malicious code,” said Prof. Ofer Hadar, chair of the Department of Communication Systems Engineering at Ben-Gurion University.

Video and picture downloads and video streaming account for 50 percent of internet traffic today and are expected to rise to 67% of web traffic by 2020, the university said in a statement.

Video vulnerability to hacking took front stage this week after WikiLeaks allegedly revealed thousands of pages about US Intelligence agencies’ cyber-espionage capabilities. These suggested that American spies can break into most things connected to the internet, including TVs, cellphones and computers.

Hadar said he has developed a multi-vector series of algorithms that has the ability to prevent attackers from being able to utilize videos or pictures for malicious purposes.

The method is based on steganography — the practice of concealing a file, message, image, or video within other files, messages, images, or videos in the compressed form in which most video is stored.

“We use steganography to manipulate the video so the malicious code will be affected without affecting the quality — such as the runtime or image — of the video,” said Hadar in a phone interview. “Preliminary experimental results show that a method based on a combination of our techniques results in 100% protection against cyberattacks.”

Hadar preferred not to go into further details about how the algorithms work on malicious codes, to preserve the secrecy of the software.

Called The Coucou Project, Hadar’s research has received funding from the Cyber Security Research Center at BGU, a joint initiative of BGU and the Israeli National Cyber Bureau, to develop the solution. In addition, the BaseCamp Innovation Center at the Advanced Technologies Park adjacent to BGU is interested in developing the platform into a commercial company, BGU said in a statement.

Hadar says the project does not try to identify the malware, but rather assumes it is there and automatically works against it.

The Coucou software — named after the cuckoo bird which lays its eggs in the nests of other species of birds — is in the middle of a real-time simulation and will have a demonstration of the system by summer, Hadar said.

Future customers of an eventual software product could be firewall and antivirus companies or spy agencies, he said.

Source: The Time Of Israel

The launching of the Smart Mobility Analysis and Research Test Range (SMART Range) was announced jointly by BGU, CYMOTIVE Technologies​, HARMAN – a wholly-owned subsidiary of Samsung Electronics Co., Ltd – Deutsche Telekom Innovation Laboratories and JVP at the Cyber Security Workshop for Futu​re Smart Mobility held today (Monday) in cooperation with Israel’s National Cyber Bureau at Ben-Gurion University of the Negev. The SMART Range is a unique project that will serve as an international center for smart mobility in the capital city of Israel’s Negev – Beer-Sheva.

The SMART Range will fulfill the vision of an automotive development ‘playground’ in a smart-city environment, hosting academic research, an innovation hub, an institute for testing and certification in the cyber arena, and a standards development body for smart mobility.

The SMART Range will function as a living lab within a smart-city environment encompassing all aspects of future mobility systems, including public transportation, private vehicles, and personal mobility devices. The environment will simulate a complex reality and enable effective testing of advanced technologies, assessment of human-machine-environment interfaces, evaluation of transport solutions in a future networked reality, and operability and robustness testing of software and hardware systems against cyber threats.

The range will feature the unique ability to combine the highest-level practical knowledge possessed by leading commercial firms together with advanced academic research. This cooperation between commercial and academic stakeholders will enable the center to further its main objectives:

? Promotion of innovation in the smart mobility arena
? Advancement of global regulation in the field of cybersecurity for smart mobility systems
? Cybersecurity certification for smart mobility software and hardware systems
? Global leadership in the definition, assessment, and verification of the resilience of smart mobility systems to cyber threats
?​ Consolidation of Israel’s position as a world leader in smart mobility

Prof. Rivka Carmi, President, BGU: “The SMART Range represents a natural stride forward in light of the University’s broad and diverse research activities in the fields of technology, autonomous robotics, information technology, and cybersecurity, while fulfilling the University’s role as a leader in developing innovation and excellence in Beer-Sheva.”

Roni Zehavi, CEO, CyberSpark: “The range will address the ever-growing global need for a testing and evaluation infrastructure of smart mobility solutions’ resiliency to continually-escalating cyber threats, as well as the need for a recognized international body for certification as a pre-condition for the integration of solutions into the smart city environment.”

Netta Cohen, CEO, BGN Technologies (the technology company of BGU): “The range is attracting great interest within the global industry. We are working in full coordination with the relevant government and local industry parties, and are moving quickly to create a powerful and comprehensive research center with strong ties to business, government, and the city of Beer-Sheva. We expect the formal association of the founding partners to be completed by the end of the year, with the range already starting to operate at the beginning of next year.”

Saar Dickman, Vice President, Automotive Cyber Security Business Unit at HARMAN: “This joint venture to establish an international center in the Negev for the research and evaluation of automotive cyber threats expresses Samsung-HARMAN’s commitment to global innovation, while recognizing the advantages and knowledge resources of the human capital in Israel in general, and in the Negev in particular.”

Yuval Diskin, Executive Chairman, CYMOTIVE Technologies: “CYMOTIVE Technologies, a company partially owned by Volkswagen Group, sees the establishment of the SMART Range in Beer-Sheva as a significant opportunity to advance smart mobility technologies and make them better and safer to use. To this end, the range will incorporate the vast existing knowledge within these industries in Israel, together with advanced academic research.”

Yoav Tzruya, JVP Partner: “In a rapidly changing world where the automotive industry is at the forefront of global technology, the need to focus on cyber security solutions, as well as seizing opportunities by leveraging AI and deep learning is the new frontier. Israeli innovation has proven its global leadership in these two categories. The partnership between the leading players in the cyber industry and data sciences as part of the new research and testing center in Beer-Sheva adds significant value for the rapidly developing automotive industry.”

Yigal Unna, Director of New Cyber Technologies Unit, National Cyber Bureau, praised the announcement: “Protecting the smart transportation domain, with all its inherent opportunities, is essential to fulfill its vast potential. Since the Government of Israel declared Beer-Sheva the “National Cyber City” a long time ago, I consider SMART Range yet another promising initiative generated by its highly vibrant and innovative cyber ecosystem. I am confident of its contribution to the growth of the Smart Mobility arena in general and Israeli global cyber leadership in particular.”

Researchers at BGU’s Cyber Security Research Center (CSRC) have demonstrated for the first time that it is possible to covertly siphon sensitive files, passwords or other critical data from any common router.

In the new p​aper, the researchers demonstrated how LEDs functionality can be silently overridden by malware they developed (code named “xLED”), which infects firmware in the device. Once the xLED malware infects the network device, it gains full control of the LEDs that flash to indicate status.

Network devices such as routers and local area network switches typically include activity and status LEDs used to monitor traffic activity, alerts and provide status.

According to Dr. Mordechai Guri, head of research and development at the BGU CSRC, who led this study, “Sensitive data can be encoded and sent via the LED light pulses in various ways. An attacker with access to a remote or local camera, or with a light sensor hidden in the room, can record the LED’s activity and decode the signals.”

“Unlike network traffic that is heavily monitored and controlled by firewalls, this covert channel is currently not monitored. As a result, it enables attackers to leak data while evading firewalls, air-gaps (computers not hooked up to the internet) and other data-leakage prevention methods,” Dr. Guri says.

The xLED malware can program the LEDs to flash at very fast speeds – more than 1,000 flickers per second for each LED. Since a typical router or network switch includes six or more status LEDs, the transmission rate can be multiplied significantly to as much as thousands of bits per second. As a result, a significant amount of highly sensitive information can be encoded and leaked over the fast LED signals, which can be received and recorded by a remote camera or light sensor.

The CSRC has a dedicated research program to uncover and demonstrate vulnerabilities of electronic devices. Over the past two years, they have successfully demonstrated how malware can siphon data from computer speakers, headphone jacks, hard drives, and computer fans, as well as 3D printers, smartphones, LED bulbs, and other IoT devices.

In addition to Dr. Guri, the other BGU researchers include Boris Zadov, who received his M.Sc. degree from the BGU Department of Ele​ctrical and Computer Engineering; Andrey Daidakulov, CSRC security researcher, and Prof. Yuval Elovici, director of the BGU Cyber Security Research Center. Prof. Elovici is also a member of BGU’s Dep​artment of Software and Information Systems Engineering​ and director of Deut​sche Telekom Innovation Laboratories at BGU.

​​

A typical office scanner can be infiltrated and a company’s network compromised using different light sources, according to a new paper by researchers from BGU and the Weizmann Institute of Science.

“In this research, we demonstrated how to use a laser or smart bulb to establish a covert channel between an outside attacker and malware installed on a networked computer,” says Ben Nassi, a graduate student in BGU’s Department of Software and Information Systems Engineering as well as a researcher at BGU’s Cyber Security Research Center (CSRC).  “A scanner with the lid left open is sensitive to changes in the surrounding light and might be used as a back door into a company’s network.”

The researchers conducted several demonstrations to transmit a message into computers connected to a flatbed scanner. Using direct laser light sources up to a half-mile (900 meters) away, as well as on a drone outside their office building, the researchers successfully sent a message to trigger malware through the scanner.

In another demonstration, the researchers used a Galaxy 4 Smartphone to hijack a smart lightbulb (using radio signals) in the same room as the scanner. Using a program they wrote, they manipulated the smart bulb to emit pulsating light that delivered the triggering message in only seconds.

“We believe this study will increase the awareness to this threat and result in secured protocols for scanning that will prevent an attacker from establishing such a covert channel through an external light source, smart bulb, TV, or other IoT (Internet of Things) device,” Nassi says.

Prof. Adi Shamir of the Department of Applied Mathematics at the Weizmann Institute conceived of the project to identify new network vulnerabilities by establishing a clandestine channel in a computer network.

Ben Nassi’s Ph.D. research advisor is Prof. Yuval Elovici​, a member of the BGU Department of Software and Information Systems Engineering and director of the Deutsche Telekom Innovation ​Laboratories at BGU. Elovici is also director of the CSRC.​​

An innovative, new system that uses smartwatch devices and software to verify handwritten signatures and detect even the most skilled forgeries has been developed by BGU and TAU researchers. 

While most online signature verification technologies rely on dedicated digital devices — such as tablets or smart pens — to capture, analyze and verify signatures, this new method utilizes motion sensors found in readily available hand-worn devices.  Recent market research shows that one out of six people already wear a smartwatch and the market is expected to reach 373 million devices by 2020. 

Signature verification technology addresses both random and skilled forgeries. A random forger does not have any information about the other person and uses his or her own signature style. Skilled forgers often practice copying a person’s name as accurately as possible, which makes their forgeries harder to detect. 

The research team developed software that uses motion data gathered from the movements of a person’s wrist to identify the writer during the signing process. This information, compiled from accelerometer and gyroscope sensors, senses changes in rotational motion and orientation, and trains a machine learning algorithm to distinguish between genuine or forged signatures.  

“We based our hypothesis on the assumption that people adopt a specific signing pattern that is unique and very difficult for others to imitate, and that this uniqueness can be captured adequately using the motion sensors of a hand-worn device,” says Ben Nassi, who is a graduate student in the Department of Software and Information Systems Engineering. 

The research team also included: Prof. Yuval Elovici, director of BGU’s Cyber Security Research Center, Dr. Erez Shmueli of TAU’s Department of Industrial Engineering, and Alona Levy, a graduate student in the same department.

In the research study, 66 TAU students used a digital pen to record 15 samples of their genuine signature on a tablet while wearing a smartwatch on their writing hand. Then, each student studied trace recordings of other people’s genuine signatures and was asked to forge five of them.  

“The results for both random and skilled forgery tests were encouraging, and confirmed our system is able to successfully distinguish between genuine and forged signatures with a high degree of accuracy,” says Nassi.  

While several recent studies have examined the use of motion data to identify people within various scenarios, the approach in this research is the first of its kind. “Using a wrist-worn device or fitness tracker provides more comprehensive data than other wearable devices, since it measures the gestures of a user’s arm, hand and all fingers rather than just a single finger or the forearm,” Nassi says. 

“We’ve combined the benefits of both offline and online verification methods,” says Dr. Shmueli. “Like offline methods, our approach doesn’t require a designated ad-hoc device to capture a signature. You can use virtually any hand-worn device to write and collect the signature itself on a paper document, such as a contract, receipt or other non-digitized document. Then, our system operates like an online verification system to comprehensively capture the dynamics of the signing process and confirm authenticity.”  

The researchers have filed for a patent for the initial system, which enables a generic smartwatch to become a signature verifier.  

They plan to expand their research to include larger-scale experimentation and will investigate the benefits of collecting data from both a smartwatch device and a writing digitizer, such as a tablet, to see if combining information from both sources improves accuracy. They will also study the impact of data extracted from additional sensors, such as the ones used in lie detector machines to measure heart-rate variability.

Handwritten Signature Verification Using Hand-Worn Devices.pdf

​A new “virtual breathalyzer” developed by a BGU researcher uses sensors in smartphones, smartwatches, fitness bands and virtual glasses to measure changes in gait that indicate intoxication levels with identical accuracy as police breathalyzer tests.  

According to the U.S. Center for Disease Control, in 2013, one person died every 51 minutes in a motor vehicle accident caused by an alcohol-impaired driver.  

“Alcohol distinctly affects movement, gait and balance in ways that can be detected by the built-in motion sensors on devices people carry around with them all the time,” says Ben Nassi, a Master of Science student  at BGU’s Department of Software and Information Systems Engineering,  who developed the device. “Our system simply takes a baseline reading while walking from the car to the bar and another one on the way back to compare and identify movements that indicate drunkenness.” 

Applications based on Nassi’s trained machine learning model for measuring intoxication could be used to alert people, or even a connected car, and prevent users from driving under the influence. 

In the study, Nassi and his team collected test data from patrons at different bars on five nights. They asked 30 participants (60 percent men, 40 percent women) to measure their gait before drinking and then 15 minutes after their last drink, which is the same standard used for police breathalyzers. Most of the study participants were in their early twenties, which is the group considered by the U.S. National Highway Traffic Safety Administration to have the highest risk of causing fatal accidents due to alcohol consumption.   

Participants wore Google Glass augmented reality glasses, an LG G-watch on their left hand, a Microsoft Band on their right hand, and carried a Samsung Galaxy S4 cell phone in their right rear pocket. Each person walked for 16 seconds until they heard a beep through their headphones. Test results validated with a police breathalyzer detected intoxication levels with 100 percent accuracy. 

“While the experiment used all four devices to measure movements in different parts of the body, a combination of watch and smartphone readings taken from at least two parts of the body yields similar results,” Nassi says.  

Smart wearable devices are a burgeoning market, with 275 million sold in 2016, and another 322 million units forecast in 2017. The researchers are optimistic that within a few years, the application will be useful for people who routinely use a smartwatch along with their smartphone.  

“A system based on our approach could prevent a person from driving under the influence after an alert unobtrusively detects intoxication while they are walking to their car,” says Nassi. “As the Internet of Things (IoT) progresses, the system could even trigger a connected car not to start when a driver tests above the legal limit.”  

Nassi worked with his advisors, Professors Yuval Elovici and Lior Rokach of BGU’s Department of Software and Information Systems Engineering on his Virtual Breathalyzer project, which has been uploaded to Arxiv.

Researchers at BGU have demonstrated malware that can turn computers into perpetual eavesdropping devices, even without a microphone. 

In the new paper, “SPEAKE(a)R: Turn Speakers to Microphones for Fun and Profit”, the researchers explain and demonstrate how most PCs and laptops today are susceptible to this type of attack. Using SPEAKE(a)R, malware that can covertly transform headphones into a pair of microphones, they show how commonly used technology can be exploited.  

“The fact that headphones, earphones and speakers are physically built like microphones and that an audio port’s role in the PC can be reprogrammed from output to input creates a vulnerability that can be abused by hackers,” says Prof. Yuval Elovici, director of the BGU Cyber Security Research Center (CSRC) and member of BGU’s Department of Software and Information Systems Engineering.  

“This is the reason people like Facebook Chairman and Chief Executive Officer Mark Zuckerberg tape up their mic and webcam,” says Mordechai Guri, lead researcher and head of Research and Development at the CSRC.  “You might tape the mic, but would be unlikely to tape the headphones or speakers.” 

A typical computer chassis contains a number of audio jacks, either in the front panel, rear panel or both. Each jack is used either for input (line-in), or for output (line-out). The audio chipsets in modern motherboards and sound cards include an option for changing the function of an audio port with software –a type of audio port programming referred to as jack retasking or jack remapping.  

Malware can stealthily reconfigure the headphone jack from a line-out jack to a microphone jack, making the connected headphones function as a pair of recording microphones and turning the computer into an eavesdropping device. This works even when the computer doesn’t have a connected microphone, as demonstrated in the SPEAKE(a)R video (below). 

The BGU researchers studied several attack scenarios to evaluate the signal quality of simple off-the-shelf headphones. “We demonstrated it is possible to acquire intelligible audio through earphones up to several meters away,” said Dr. Yosef Solewicz, an acoustic researcher at the BGU CSRC.

Potential software countermeasures include completely disabling audio hardware, using an HD audio driver to alert users when microphones are being accessed, and developing and enforcing a strict rejacking policy within the industry. Anti-malware and intrusion detection systems could also be developed to monitor and detect unauthorized speaker-to-mic retasking operations and block them. 

Researchers from three universities combined their expertise to demonstrate the first complete sabotage attack on a 3D additive manufacturing (AM) system, illustrating how a cyber attack and malicious manipulation of blueprints can fatally damage production of a device or machine.  

In their paper titled “Dr0wned,” researchers from BGU, the University of South Alabama and Singapore University of Technology and Design detail how to sabotage the quality of a 3D-printed functional part, which leads to the destruction of a device.  

A proof-of-concept video shows how the researchers destroyed a $1,000 quadcopter UAV drone by hacking into the computer used to control the 3D printing of replacement propellers. Once they penetrated the computer, the researchers identified the propeller blueprint file and inserted defects undetectable by visual inspection. During flight tests, the sabotaged propeller broke apart during ascent, causing the drone to smash into the ground. 

More than 100 industries, including aerospace, automotive and defense, employ additive printing processes. According to the Wohlers Report, the AM industry accounted for $5.165 billion of revenue in 2015. Furthermore, 32.5 percent of all AM-generated objects are used as functional parts.  

“Imagine that an adversary can sabotage functional parts employed in an airplane’s jet engines. Such an attack could cost lives, cause economic loss, disrupt industry, and threaten a country’s national security,” says Prof. Yuval Elovici. Elovici is a member of BGU’s Department of Software and Information Systems Engineering, director of the Deutsche Telekom Innovation Labs @ BGU and the BGU Cyber Security Research Center (CSRC). The CSRC is a collaboration between the University and Israel’s National Cyber Bureau, focused on advanced cyber security topics.  

“With the growth of additive manufacturing worldwide, we believe the ability to conduct malicious sabotage of these systems will attract the attention of many adversaries, ranging from criminal gangs to state actors, who will aim either for profit or for geopolitical power,” says Elovici. 

“‘Dr0wned’ is not the first article that raises this issue. However, all prior research has focused on a single aspect of a possible attack, assuming that all other attack elements are feasible,” the researchers say. “This is the first experimental proof of a complete attack chain initiated by sabotaging the 3D-printed propeller.” 

The collaborative study addresses the dangerous consequences of cyber attacks, and proposes a systematic approach for identifying opportunities and a methodology for assessing the level of difficulty of an attack involving AM. 

Maryland Governor Larry Hogan led a large delegation to BGU last week with the intent to generate “real collaboration” in the field of cyber security research as well as other fields.

Hogan headed a week-long trade delegation comprised of some of his officials, representatives of four Maryland universities and members of the Jewish community.

“This is an incredible opportunity for real collaboration,” Hogan said, “Maryland is the heart of the Mid-Atlantic region and Beer-Sheva is right in the geographic center of Israel. Maryland is the cyber capital of the US and Beer-Sheva is the cyber capital of Israel.” He said 24 Israeli companies had headquarters in Maryland and he hoped to bring in many more.

Mike Gill, Secretary of Commerce, noted that Maryland had great assets to support cyber security research such as Fort Mead and the NSA, which has 60,000 employees. He praised the Israeli mentality of not waiting for permission but just going out and getting it done.

Christy Wyskiel, Senior Advisor to Johns Hopkins University President, mentioned two potential institutes that were good candidates for collaboration with BGU’s Cyber Security Research Center. The Applied Physics Lab has 30,000 employees, 400 of whom research cyber security. She also mentioned the Information Security Institute, which made the news last year by hacking one of the San Bernardino terrorists’ mobile phones. “We are excited to work together toward common goals,” she said.

University of Maryland Vice Provost for Academic Affairs Antonio Moreira said 60% of their students study computer science or engineering. “Partnerships are the secret to our success,” he added.

University of Maryland Cyber Initiative Executive Director Daniel Ennis said the triad of academia, government, and industry was crucial for promoting cyber security research. He opined that the government could help set funding priorities.

A longtime US intelligence official, Ennis said he had collaborated with Israeli security agencies for years. As part of his new role to generate more global partnerships, he said he had already met with Israel National Cyber Bureau head Dr. Evyatar Matania.

BGU was represented by VP and Dean for R&D Prof. Dan Blumberg who warmly welcomed the delegation and gave a brief overview of the university.

Deutsche Telekom Innovation Labs@BGU Director and Cyber Security Research Center Director Prof. Yuval Elovici highlighted the threats inherent in the Internet of Things. He gave a seemingly simple example of a smart fridge being hacked and locked and the hacker demanding a ransom to let you back into your own fridge. Elovici is a member of the Department of Information and Software Systems Engineering.

Dell-EMC Site Manager Maya Hofman-Levy gave a brief overview of their work in Beer-Sheva and Barrel Kfir, Business Development Manager at JVP Cyber Labs outlined the venture capital fund’s activities.

The mood at the meeting was upbeat and optimistic with much emphasis put on generating real partnerships rather than just partnerships on paper.

Air-gapped computers are disconnected from the Internet physically and logically. This measure is taken in order to prevent the leakage of sensitive data from secured networks. In the past, it has been shown that malware can exfiltrate data from air-gapped computers by transmitting ultrasonic signals via the computer’s speakers. However, such acoustic communication relies on the availability of speakers on a computer.

In a new paper, security researcher Mordechai Guri along with Yosef Solewicz (acoustic researcher), Andrey Daidakulov and Prof. Yuval Elovici of the Cyber Security Research Center and the Department of Software and Information Systems Engineering present ‘DiskFiltration,’ a covert channel which facilitates the leakage of data from an air-gapped computer via acoustic signals emitted from its hard disk drive (HDD). The method, which was introduced by Guri and the team, is unique in that, unlike other acoustic covert channels, it doesn’t require the presence of speakers or audio hardware in the air-gapped computer.

A malware installed on a compromised machine can generate acoustic emissions at specific audio frequencies by controlling the movements of the HDD’s actuator arm. Digital Information can be modulated over the acoustic signals and then be picked up by a nearby receiver (e.g., smartphone, smartwatch, laptop, etc.).

The researchers examined the HDD anatomy and analyzed its acoustical characteristics determining that they could present signal generation and detection, and data modulation and demodulation algorithms. Based on their proposed method, they developed a transmitter on a personal computer and a receiver on a smartphone, and provided the design and implementation details. They also evaluated the covert channel on various types of internal and external HDDs in different computer chassis and at various distances. With DiskFiltration, they were able to covertly transmit data (e.g., passwords, encryption keys, and keylogging data) between air-gapped computers to a smartphone at an effective bit rate of 180 bits/minute (10,800 bits/hour) and a distance of up to two meters (six feet).

“Air-gap isolation is considered to be a hermetic security measure which can prevent data leakage,” Guri told Ars Technica. “Confidential data, personal information, financial records and other types of sensitive information are stored within isolated networks. We show that despite the degree of isolation, the data can be exfiltrated (for example, to a nearby smart phone).”

The first International Summer program in Data Mining and Business Intelligence with a focus in Cyber Security Applications recently opened at BGU. 

The International Cyber Security and Machine Learning Academic and Professional Program (ICSML) is a collaboration of BGU’s Office of International Academic Affairs and Malware Lab and the Cyber Security Research Center. 

ICSML is led by Dr. Nir Nissim, researcher and Head of the Malware Lab at the Cyber Security Research Center. 

The international students will partake in theoretical lectures and practical sessions in cyber security and machine learning topics, meet with successful companies, and sit through interesting lectures given by top tier experts including new cutting edge technologies that are not available in market yet. Some of the experts presenting in the course are academic members of the Department of Information Systems Engineering at BGU. 

The ICSML program includes two keynote experts: Prof. Yuval Elovici (Cyber Security) and Prof. Lior Rokach (Machine Learning and Big Data).

Elovici, the Director of the Telekom Innovation Laboratories at BGU, head of the Cyber Security Research Center (CSRC), Research Director of iTrust at SUTD, and a Professor in the Department of Information Systems Engineering, gave the opening lecture for the selected excellent Chinese and Indian students from top universities who were accepted to the program. 

Rokach, one of the leading researchers and experts in machine learning and big data and the head of the Big-data research center, will provide an interesting Lecture on the fundamentals of ensemble learning.