The First International Cyber Security Smart Mobility Analysis and Research Test Range, in Partnership with BGU


The launching of the Smart Mobility Analysis and Research Test Range (SMART Range) was announced jointly by BGU, CYMOTIVE Technologies​, HARMAN – a wholly-owned subsidiary of Samsung Electronics Co., Ltd – Deutsche Telekom Innovation Laboratories and JVP at the Cyber Security Workshop for Futu​re Smart Mobility held today (Monday) in cooperation with Israel’s National Cyber Bureau at Ben-Gurion University of the Negev. The SMART Range is a unique project that will serve as an international center for smart mobility in the capital city of Israel’s Negev – Beer-Sheva.

The SMART Range will fulfill the vision of an automotive development ‘playground’ in a smart-city environment, hosting academic research, an innovation hub, an institute for testing and certification in the cyber arena, and a standards development body for smart mobility.

The SMART Range will function as a living lab within a smart-city environment encompassing all aspects of future mobility systems, including public transportation, private vehicles, and personal mobility devices. The environment will simulate a complex reality and enable effective testing of advanced technologies, assessment of human-machine-environment interfaces, evaluation of transport solutions in a future networked reality, and operability and robustness testing of software and hardware systems against cyber threats.

The range will feature the unique ability to combine the highest-level practical knowledge possessed by leading commercial firms together with advanced academic research. This cooperation between commercial and academic stakeholders will enable the center to further its main objectives:

? Promotion of innovation in the smart mobility arena
? Advancement of global regulation in the field of cybersecurity for smart mobility systems
? Cybersecurity certification for smart mobility software and hardware systems
? Global leadership in the definition, assessment, and verification of the resilience of smart mobility systems to cyber threats
?​ Consolidation of Israel’s position as a world leader in smart mobility

Prof. Rivka Carmi, President, BGU: “The SMART Range represents a natural stride forward in light of the University’s broad and diverse research activities in the fields of technology, autonomous robotics, information technology, and cybersecurity, while fulfilling the University’s role as a leader in developing innovation and excellence in Beer-Sheva.”

Roni Zehavi, CEO, CyberSpark: “The range will address the ever-growing global need for a testing and evaluation infrastructure of smart mobility solutions’ resiliency to continually-escalating cyber threats, as well as the need for a recognized international body for certification as a pre-condition for the integration of solutions into the smart city environment.”

Netta Cohen, CEO, BGN Technologies (the technology company of BGU): “The range is attracting great interest within the global industry. We are working in full coordination with the relevant government and local industry parties, and are moving quickly to create a powerful and comprehensive research center with strong ties to business, government, and the city of Beer-Sheva. We expect the formal association of the founding partners to be completed by the end of the year, with the range already starting to operate at the beginning of next year.”

Saar Dickman, Vice President, Automotive Cyber Security Business Unit at HARMAN: “This joint venture to establish an international center in the Negev for the research and evaluation of automotive cyber threats expresses Samsung-HARMAN’s commitment to global innovation, while recognizing the advantages and knowledge resources of the human capital in Israel in general, and in the Negev in particular.”

Yuval Diskin, Executive Chairman, CYMOTIVE Technologies: “CYMOTIVE Technologies, a company partially owned by Volkswagen Group, sees the establishment of the SMART Range in Beer-Sheva as a significant opportunity to advance smart mobility technologies and make them better and safer to use. To this end, the range will incorporate the vast existing knowledge within these industries in Israel, together with advanced academic research.”

Yoav Tzruya, JVP Partner: “In a rapidly changing world where the automotive industry is at the forefront of global technology, the need to focus on cyber security solutions, as well as seizing opportunities by leveraging AI and deep learning is the new frontier. Israeli innovation has proven its global leadership in these two categories. The partnership between the leading players in the cyber industry and data sciences as part of the new research and testing center in Beer-Sheva adds significant value for the rapidly developing automotive industry.”

Yigal Unna, Director of New Cyber Technologies Unit, National Cyber Bureau, praised the announcement: “Protecting the smart transportation domain, with all its inherent opportunities, is essential to fulfill its vast potential. Since the Government of Israel declared Beer-Sheva the “National Cyber City” a long time ago, I consider SMART Range yet another promising initiative generated by its highly vibrant and innovative cyber ecosystem. I am confident of its contribution to the growth of the Smart Mobility arena in general and Israeli global cyber leadership in particular.”


Security Cameras can be Infiltrated Using Infrared Light for Malicious Attacks, according to Ben-Gurion University Cyber Researchers

The method, according to researchers, will work on professional security cameras as well as home security cameras and even LED doorbells, which can see infrared light (IR), not visible to the human eye.

In the new paper, the technique the researchers have dubbed, “aIR-Jumper,” also enables the creation of bidirectional covert optical communication between air-gapped internal networks that are isolated and disconnected from the internet, without remote access to the organization. The attacker can use this channel to send commands and receive response messages.

The cyber team led by Dr. Mordechai Guri, head of research and development at BGU’s BGU Cyber Security Research Center (CSRC) shows how infrared light can be used to create a covert communication channel between malware installed on an internal computer network and an attacker located outside hundreds of yards or even miles away with direct line of sight.

To transmit sensitive information, the attacker uses the camera’s infrared (IR) light emitting LEDs, which are typically used for night vision. The researchers showed how a malware can control the intensity of the IR light to communicate with a remote attacker that can receive signals with a simple camera without detection. Then the attacker can record and decode these signals to leak sensitive information.

The researchers shot two videos to highlight their technique. The first video shows an attacker hundreds of yards away sending infrared signals to a camera. The second video shows the camera infected with malware respond to covert signals by exfiltration data including passwords and an entire copy of The Adventures of Tom Sawyer in just a few seconds.

According to Dr. Guri, “Security cameras are unique in that they have ‘one leg’ inside the organization, connected to the internal networks for security purposes, and ‘the other leg’ outside the organization, aimed specifically at nearby public space, providing very convenient optical access from various directions and angles.”

Attackers can also use this novel covert channel to communicate with a malware inside the organization.  An attacker can infiltrate data, transmitting hidden signals via the camera’s IR LEDs. Binary data such as command and control (C&C) messages can be hidden in the video stream, recorded by the surveillance cameras, and intercepted and decoded by the malware residing in the network.

“Theoretically, you can send an infrared command to tell a high security system to simply unlock the gate or front door to your house,” Guri says.

The research team also includes Dr. Dima Biekowski, Shamoon College of Engineering  and Prof. Yuval Elovici, director of the BGU Cyber Security Research Center a member of BGU’s Department of Information Systems Engineering and director of the Deutsche Telekom Innovation Labs @ BGU​





Ben-Gurion University Cyber Researchers Discover How any Network Router Can Covertly Leak Data

Researchers at BGU’s Cyber Security Research Center (CSRC) have demonstrated for the first time that it is possible to covertly siphon sensitive files, passwords or other critical data from any common router.

In the new p​aper, the researchers demonstrated how LEDs functionality can be silently overridden by malware they developed (code named “xLED”), which infects firmware in the device. Once the xLED malware infects the network device, it gains full control of the LEDs that flash to indicate status.

Network devices such as routers and local area network switches typically include activity and status LEDs used to monitor traffic activity, alerts and provide status.

According to Dr. Mordechai Guri, head of research and development at the BGU CSRC, who led this study, “Sensitive data can be encoded and sent via the LED light pulses in various ways. An attacker with access to a remote or local camera, or with a light sensor hidden in the room, can record the LED’s activity and decode the signals.”

“Unlike network traffic that is heavily monitored and controlled by firewalls, this covert channel is currently not monitored. As a result, it enables attackers to leak data while evading firewalls, air-gaps (computers not hooked up to the internet) and other data-leakage prevention methods,” Dr. Guri says.

The xLED malware can program the LEDs to flash at very fast speeds – more than 1,000 flickers per second for each LED. Since a typical router or network switch includes six or more status LEDs, the transmission rate can be multiplied significantly to as much as thousands of bits per second. As a result, a significant amount of highly sensitive information can be encoded and leaked over the fast LED signals, which can be received and recorded by a remote camera or light sensor.

The CSRC has a dedicated research program to uncover and demonstrate vulnerabilities of electronic devices. Over the past two years, they have successfully demonstrated how malware can siphon data from computer speakers, headphone jacks, hard drives, and computer fans, as well as 3D printers, smartphones, LED bulbs, and other IoT devices.

In addition to Dr. Guri, the other BGU researchers include Boris Zadov, who received his M.Sc. degree from the BGU Department of Ele​ctrical and Computer Engineering; Andrey Daidakulov, CSRC security researcher, and Prof. Yuval Elovici, director of the BGU Cyber Security Research Center. Prof. Elovici is also a member of BGU’s Dep​artment of Software and Information Systems Engineering​ and director of Deut​sche Telekom Innovation Laboratories at BGU.



Desktop Scanners Can Be Hijacked to Perpetrate Cyberattacks, According to BGU and Weizmann Institute Researchers

A typical office scanner can be infiltrated and a company’s network compromised using different light sources, according to a new paper by researchers from BGU and the Weizmann Institute of Science.

“In this research, we demonstrated how to use a laser or smart bulb to establish a covert channel between an outside attacker and malware installed on a networked computer,” says Ben Nassi, a graduate student in BGU’s Department of Software and Information Systems Engineering as well as a researcher at BGU’s Cyber Security Research Center (CSRC).  “A scanner with the lid left open is sensitive to changes in the surrounding light and might be used as a back door into a company’s network.”

The researchers conducted several demonstrations to transmit a message into computers connected to a flatbed scanner. Using direct laser light sources up to a half-mile (900 meters) away, as well as on a drone outside their office building, the researchers successfully sent a message to trigger malware through the scanner.

In another demonstration, the researchers used a Galaxy 4 Smartphone to hijack a smart lightbulb (using radio signals) in the same room as the scanner. Using a program they wrote, they manipulated the smart bulb to emit pulsating light that delivered the triggering message in only seconds.

To mitigate this vulnerability, the researchers recommend organizations connect a scanner to the network through a proxy server — a computer that acts as an intermediary — which would prevent establishing a covert channel. This might be considered an extreme solution, however, since it also limits printing and faxing remotely on all-in-one devices.

“We believe this study will increase the awareness to this threat and result in secured protocols for scanning that will prevent an attacker from establishing such a covert channel through an external light source, smart bulb, TV, or other IoT (Internet of Things) device,” Nassi says.

Prof. Adi Shamir of the Department of Applied Mathematics at the Weizmann Institute conceived of the project to identify new network vulnerabilities by establishing a clandestine channel in a computer network.

Ben Nassi’s Ph.D. research advisor is Prof. Yuval Elovici​, a member of the BGU Department of Software and Information Systems Engineering and director of the Deutsche Telekom Innovation ​Laboratories at BGU. Elovici is also director of the CSRC.​​


Cameras can Steal Data from Computer Hard Drive LED Lights

Researchers at BGU’s Cyber Security Research Center have demonstrated that data can be stolen from an isolated “air-gapped” computer’s hard drive reading the pulses of light on the LED drive using various types of cameras and light sensors.
In the new paper, the researchers demonstrated how data can be received by a Quadcopter drone flight, even outside a window with line-of-sight of the transmitting computer.



Air-gapped computers are isolated — separated both logically and physically from public networks — ostensibly so that they cannot be hacked over the Internet or within company networks. These computers typically contain an organization’s most sensitive and confidential information.
Led by Dr. Mordechai Guri (pictured above), Head of R&D at the Cyber Security Research Center, the research team utilized the hard-drive (HDD) activity LED lights that are found on most desktop PCs and laptops. The researchers found that once malware is on a computer, it can indirectly control the HDD LED, turning it on and off rapidly (thousands of flickers per second) — a rate that exceeds the human visual perception capabilities. As a result, highly sensitive information can be encoded and leaked over the fast LED signals, which are received and recorded by remote cameras or light sensors.
“Our method compared to other LED exfiltration is unique, because it is also covert,” Dr. Guri says. “The hard drive LED flickers frequently, and therefore the user won’t be suspicious about changes in its activity.”
Dr. Guri and the Cyber Security Research Center have conducted a number of studies to demonstrate how malware can infiltrate air-gapped computers and transmit data. Previously, they determined that computer speakers and fans, FM waves and heat are all methods that can be used to obtain data.
In addition to Dr. Guri, the other BGU researchers include Boris Zadov, who received his M.Sc. degree from the Department of Electrical and Computer Engineering and Prof. Yuval Elovici, director of the Cyber Security Research Center. Prof. Elovici is also a member of the University’s Department of Software and Information Systems Engineering and Director of Deutsche Telekom Laboratories at BGU.



NTU Singapore and Ben-Gurion University Ink Partnership to Combat Advanced Cyber Threats


Nanyang Technological University (NTU Singapore) and Ben-Gurion University of the Negev (BGU) are collaborating to find innovative ways to counter cyber threats.

The aim of the joint research project, called the Bio-Inspired Agile Cyber Security Assurance Framework (BICSAF), is to develop innovative technologies for tackling Advanced Persistent Threats. These are stealthy and continuous computer hacking processes run by individuals who target specific entities, such as private organisations and state agencies. Their long periods of covertness make it difficult to detect such threats with current technology.

NTU Chief of Staff and Vice-President of Research Prof Lam Khin Yong and BGU Vice-President and Dean of Research & Development Prof Dan Blumberg signed the joint research agreement at the CyberTech Conference in Tel Aviv yesterday (pictured above – photo Credit: Gilad Kavalerchik). Israeli Prime Minister Benjamin Netanyahu was the conference’s guest-of-honor earlier in the day.  

The project will have S$3 million in joint funding from NTU, BGU and the National Research Foundation (NRF), Prime Minister’s Office, Singapore. The collaboration is supported by NRF through its National Cybersecurity R&D Programme.  In collaboration with the Cyber Security Research Centre at NTU, the new initiative will be led on the BGU side by Cyber Security Research Center director Prof. Yuval Elovici, and Dr. Rami Puzis of the Department of Software and Information Systems Engineering. In developing new technologies to counter cyber threats, the two partners are inspired by the ability of the human body’s immune system to adapt to and fight ever-evolving bacteria and viruses.  

Prof Lam Khin Yong said, “Through this partnership, NTU and BGU will be able to develop innovative methods for combating one of the most complicated problems in cyber security – Advanced Persistent Threats (APTs). This project will leverage NTU’s strong hardware-based research expertise and BGU’s software-based core competencies to combat this intractable problem.”  

NTU has invested heavily in its cyber security expertise in recent years, including a S$2.5 million partnership last year with BAE Systems to jointly develop next-generation cybersecurity solutions.  

BGU has deep expertise in cyber security research and is at the heart of efforts to turn Beer-Sheva into a national and international cyber hub. Prof Dan Blumberg said, “BGU and NTU recognise the grave necessity of stopping Advanced Persistent Threats (APTs), which are some of the hardest cyber-attacks to detect, and have allocated significant funding over two years to develop early detection methods.  Cyber security is a global threat which has become a research topic of increasing interest at BGU and we are pleased to be collaborating with our partners in Singapore to stem the tide.”

Mr George Loh, Director (Programmes) of NRF and Co-Chair of the National Cybersecurity R&D Programme Committee , said, “Singapore has established a holistic national cybersecurity strategy that will support our Smart Nation vision and enhance Singapore’s standing as a trusted digital hub. It is critical for Singapore to develop strong cybersecurity capabilities to protect our critical infrastructures such as our public transport systems, public safety systems, and energy systems, which are interconnected elements contributing to the quality of life for Singaporeans.  

“The collaboration between NTU and BGU will explore novel ideas to develop cyber-immune technologies to fight external adversaries that launch cyber-attacks on our critical systems, much like how our biological immune system works.”    

The Department of Software and Information Systems Engineering at BGU is the largest in Israel, with significant resources devoted to cyber security research.  BGU also set up the Cyber Security Research Center with the Israel National Cyber Bureau to identify risks while protecting critical national infrastructure.

A research-intensive public university, Nanyang Technological University, Singapore (NTU Singapore) has 33,500 undergraduate and postgraduate students in the colleges of Engineering, Business, Science, Humanities, Arts, & Social Sciences, and its Interdisciplinary Graduate School. It also has a medical school, the Lee Kong Chian School of Medicine, set up jointly with Imperial College London.

NTU is also home to world-class autonomous institutes – the National Institute of Education, S Rajaratnam School of International Studies, Earth Observatory of Singapore, and Singapore Centre for Environmental Life Sciences Engineering – and various leading research centres such as the Nanyang Environment & Water Research Institute (NEWRI), Energy Research Institute @ NTU (ERI@N) and the Institute on Asian Consumer Insight (ACI).  

Ranked 13th in the world, NTU has also been ranked the world’s top young university for the last three years running. The University’s main campus has been named one of the Top 15 Most Beautiful in the World. NTU also has a campus in Novena, Singapore’s medical district.

Singapore’s National Research Foundation (NRF) is a department within the Prime Minister’s Office. The NRF sets the national direction for research, innovation and enterprise (RIE) in Singapore. It seeks to invest in science, technology and engineering, build up the technological capacity of our companies, encourage innovation by industry to exploit new opportunities that drive economic growth, and facilitate public-private partnerships to address national challenges.

Under RIE2020, the NRF is committed to create greater value in Singapore from our investment in research, innovation and enterprise through 1) closer integration of research thrusts, 2) stronger dynamic towards the best teams and ideas, 3) sharper focus on value creation, and 4) better optimised RIE manpower.


New Smartwatch Application for Accurate Signature Verification Developed by Ben-Gurion University of the Negev and Tel Aviv University Researchers

An innovative, new system that uses smartwatch devices and software to verify handwritten signatures and detect even the most skilled forgeries has been developed by BGU and TAU researchers. 

While most online signature verification technologies rely on dedicated digital devices — such as tablets or smart pens — to capture, analyze and verify signatures, this new method utilizes motion sensors found in readily available hand-worn devices.  Recent market research shows that one out of six people already wear a smartwatch and the market is expected to reach 373 million devices by 2020. 

Signature verification technology addresses both random and skilled forgeries. A random forger does not have any information about the other person and uses his or her own signature style. Skilled forgers often practice copying a person’s name as accurately as possible, which makes their forgeries harder to detect. 

The research team developed software that uses motion data gathered from the movements of a person’s wrist to identify the writer during the signing process. This information, compiled from accelerometer and gyroscope sensors, senses changes in rotational motion and orientation, and trains a machine learning algorithm to distinguish between genuine or forged signatures.  

“We based our hypothesis on the assumption that people adopt a specific signing pattern that is unique and very difficult for others to imitate, and that this uniqueness can be captured adequately using the motion sensors of a hand-worn device,” says Ben Nassi, who is a graduate student in the Department of Software and Information Systems Engineering. 

The research team also included: Prof. Yuval Elovici, director of BGU’s Cyber Security Research CenterDr. Erez Shmueli of TAU’s Department of Industrial Engineering, and Alona Levy, a graduate student in the same department.

In the research study, 66 TAU students used a digital pen to record 15 samples of their genuine signature on a tablet while wearing a smartwatch on their writing hand. Then, each student studied trace recordings of other people’s genuine signatures and was asked to forge five of them.  

“The results for both random and skilled forgery tests were encouraging, and confirmed our system is able to successfully distinguish between genuine and forged signatures with a high degree of accuracy,” says Nassi.  

While several recent studies have examined the use of motion data to identify people within various scenarios, the approach in this research is the first of its kind. “Using a wrist-worn device or fitness tracker provides more comprehensive data than other wearable devices, since it measures the gestures of a user’s arm, hand and all fingers rather than just a single finger or the forearm,” Nassi says. 

“We’ve combined the benefits of both offline and online verification methods,” says Dr. Shmueli. “Like offline methods, our approach doesn’t require a designated ad-hoc device to capture a signature. You can use virtually any hand-worn device to write and collect the signature itself on a paper document, such as a contract, receipt or other non-digitized document. Then, our system operates like an online verification system to comprehensively capture the dynamics of the signing process and confirm authenticity.”  

The researchers have filed for a patent for the initial system, which enables a generic smartwatch to become a signature verifier.  

They plan to expand their research to include larger-scale experimentation and will investigate the benefits of collecting data from both a smartwatch device and a writing digitizer, such as a tablet, to see if combining information from both sources improves accuracy. They will also study the impact of data extracted from additional sensors, such as the ones used in lie detector machines to measure heart-rate variability.

Handwritten Signature Verification Using Hand-Worn Devices.pdfHandwritten Signature Verification Using Hand-Worn Devices.pdf


Virtual Breathalyzer Detects Legal Intoxication with 100% Accuracy Using Any Programmable Smartphone and Smartwatch

A new “virtual breathalyzer” developed by a BGU researcher uses sensors in smartphones, smartwatches, fitness bands and virtual glasses to measure changes in gait that indicate intoxication levels with identical accuracy as police breathalyzer tests.  

According to the U.S. Center for Disease Control, in 2013, one person died every 51 minutes in a motor vehicle accident caused by an alcohol-impaired driver.  

“Alcohol distinctly affects movement, gait and balance in ways that can be detected by the built-in motion sensors on devices people carry around with them all the time,” says Ben Nassi, a Master of Science student  at BGU’s Department of Software and Information Systems Engineering,  who developed the device. “Our system simply takes a baseline reading while walking from the car to the bar and another one on the way back to compare and identify movements that indicate drunkenness.” 

Applications based on Nassi’s trained machine learning model for measuring intoxication could be used to alert people, or even a connected car, and prevent users from driving under the influence. 

In the study, Nassi and his team collected test data from patrons at different bars on five nights. They asked 30 participants (60 percent men, 40 percent women) to measure their gait before drinking and then 15 minutes after their last drink, which is the same standard used for police breathalyzers. Most of the study participants were in their early twenties, which is the group considered by the U.S. National Highway Traffic Safety Administration to have the highest risk of causing fatal accidents due to alcohol consumption.   

Participants wore Google Glass augmented reality glasses, an LG G-watch on their left hand, a Microsoft Band on their right hand, and carried a Samsung Galaxy S4 cell phone in their right rear pocket. Each person walked for 16 seconds until they heard a beep through their headphones. Test results validated with a police breathalyzer detected intoxication levels with 100 percent accuracy. 

“While the experiment used all four devices to measure movements in different parts of the body, a combination of watch and smartphone readings taken from at least two parts of the body yields similar results,” Nassi says.  

Smart wearable devices are a burgeoning market, with 275 million sold in 2016, and another 322 million units forecast in 2017. The researchers are optimistic that within a few years, the application will be useful for people who routinely use a smartwatch along with their smartphone.  

“A system based on our approach could prevent a person from driving under the influence after an alert unobtrusively detects intoxication while they are walking to their car,” says Nassi. “As the Internet of Things (IoT) progresses, the system could even trigger a connected car not to start when a driver tests above the legal limit.”  

Nassi worked with his advisors, Professors Yuval Elovici and Lior Rokach of BGU’s Department of Software and Information Systems Engineering on his Virtual Breathalyzer project, which has been uploaded to Arxiv.


Ben-Gurion University of the Negev Cyber Researchers Demonstrate Malware That Covertly Turns PCs into Eavesdropping Devices

Researchers at BGU have demonstrated malware that can turn computers into perpetual eavesdropping devices, even without a microphone. 

In the new paper, SPEAKE(a)R: Turn Speakers to Microphones for Fun and Profit, the researchers explain and demonstrate how most PCs and laptops today are susceptible to this type of attack. Using SPEAKE(a)R, malware that can covertly transform headphones into a pair of microphones, they show how commonly used technology can be exploited.  

“The fact that headphones, earphones and speakers are physically built like microphones and that an audio port’s role in the PC can be reprogrammed from output to input creates a vulnerability that can be abused by hackers,” says Prof. Yuval Elovici, director of the BGU Cyber Security Research Center (CSRC) and member of BGU’s Department of Software and Information Systems Engineering 

“This is the reason people like Facebook Chairman and Chief Executive Officer Mark Zuckerberg tape up their mic and webcam,” says Mordechai Guri, lead researcher and head of Research and Development at the CSRC.  “You might tape the mic, but would be unlikely to tape the headphones or speakers.” 

A typical computer chassis contains a number of audio jacks, either in the front panel, rear panel or both. Each jack is used either for input (line-in), or for output (line-out). The audio chipsets in modern motherboards and sound cards include an option for changing the function of an audio port with software –a type of audio port programming referred to as jack retasking or jack remapping.  

Malware can stealthily reconfigure the headphone jack from a line-out jack to a microphone jack, making the connected headphones function as a pair of recording microphones and turning the computer into an eavesdropping device. This works even when the computer doesn’t have a connected microphone, as demonstrated in the SPEAKE(a)R video (below). 

The BGU researchers studied several attack scenarios to evaluate the signal quality of simple off-the-shelf headphones. “We demonstrated it is possible to acquire intelligible audio through earphones up to several meters away,” said Dr. Yosef Solewicz, an acoustic researcher at the BGU CSRC.

Potential software countermeasures include completely disabling audio hardware, using an HD audio driver to alert users when microphones are being accessed, and developing and enforcing a strict rejacking policy within the industry. Anti-malware and intrusion detection systems could also be developed to monitor and detect unauthorized speaker-to-mic retasking operations and block them. 


Dangerous and Costly New Cyber Threat: Hacking 3D Manufacturing Systems Demonstrated by BGU Researchers

Researchers from three universities combined their expertise to demonstrate the first complete sabotage attack on a 3D additive manufacturing (AM) system, illustrating how a cyber attack and malicious manipulation of blueprints can fatally damage production of a device or machine.  

In their paper titled “Dr0wned,” researchers from BGU, the University of South Alabama and Singapore University of Technology and Design detail how to sabotage the quality of a 3D-printed functional part, which leads to the destruction of a device.  

proof-of-concept video shows how the researchers destroyed a $1,000 quadcopter UAV drone by hacking into the computer used to control the 3D printing of replacement propellers. Once they penetrated the computer, the researchers identified the propeller blueprint file and inserted defects undetectable by visual inspection. During flight tests, the sabotaged propeller broke apart during ascent, causing the drone to smash into the ground. 


More than 100 industries, including aerospace, automotive and defense, employ additive printing processes. According to the Wohlers Report, the AM industry accounted for $5.165 billion of revenue in 2015. Furthermore, 32.5 percent of all AM-generated objects are used as functional parts.  

“Imagine that an adversary can sabotage functional parts employed in an airplane’s jet engines. Such an attack could cost lives, cause economic loss, disrupt industry, and threaten a country’s national security,” says Prof. Yuval Elovici. Elovici is a member of BGU’s Department of Software and Information Systems Engineering, director of the Deutsche Telekom Innovation Labs @ BGU and the BGU Cyber Security Research Center (CSRC). The CSRC is a collaboration between the University and Israel’s National Cyber Bureau, focused on advanced cyber security topics.  

“With the growth of additive manufacturing worldwide, we believe the ability to conduct malicious sabotage of these systems will attract the attention of many adversaries, ranging from criminal gangs to state actors, who will aim either for profit or for geopolitical power,” says Elovici. 

“‘Dr0wned’ is not the first article that raises this issue. However, all prior research has focused on a single aspect of a possible attack, assuming that all other attack elements are feasible,” the researchers say. “This is the first experimental proof of a complete attack chain initiated by sabotaging the 3D-printed propeller.” 

The collaborative study addresses the dangerous consequences of cyber attacks, and proposes a systematic approach for identifying opportunities and a methodology for assessing the level of difficulty of an attack involving AM. 


Maryland Governor Visits BGU to Talk Cyber Security Collaborations


Maryland Governor Larry Hogan led a large delegation to BGU last week with the intent to generate “real collaboration” in the field of cyber security research as well as other fields.

Hogan headed a week-long trade delegation comprised of some of his officials, representatives of four Maryland universities and members of the Jewish community.

“This is an incredible opportunity for real collaboration,” Hogan said, “Maryland is the heart of the Mid-Atlantic region and Beer-Sheva is right in the geographic center of Israel. Maryland is the cyber capital of the US and Beer-Sheva is the cyber capital of Israel.” He said 24 Israeli companies had headquarters in Maryland and he hoped to bring in many more.

Mike Gill, Secretary of Commerce, noted that Maryland had great assets to support cyber security research such as Fort Mead and the NSA, which has 60,000 employees. He praised the Israeli mentality of not waiting for permission but just going out and getting it done.

Christy Wyskiel, Senior Advisor to Johns Hopkins University President, mentioned two potential institutes that were good candidates for collaboration with BGU’s Cyber Security Research CenterThe Applied Physics Lab has 30,000 employees, 400 of whom research cyber security. She also mentioned the Information Security Institute, which made the news last year by hacking one of the San Bernardino terrorists’ mobile phones. “We are excited to work together toward common goals,” she said.

University of Maryland Vice Provost for Academic Affairs Antonio Moreira said 60% of their students study computer science or engineering. “Partnerships are the secret to our success,” he added.

University of Maryland Cyber Initiative Executive Director Daniel Ennis said the triad of academia, government, and industry was crucial for promoting cyber security research. He opined that the government could help set funding priorities.

A longtime US intelligence official, Ennis said he had collaborated with Israeli security agencies for years. As part of his new role to generate more global partnerships, he said he had already met with Israel National Cyber Bureau head Dr. Evyatar Matania.

BGU was represented by VP and Dean for R&D Prof. Dan Blumberg who warmly welcomed the delegation and gave a brief overview of the university.

Deutsche Telekom Innovation Labs@BGU Director and Cyber Security Research Center Director Prof. Yuval Elovici highlighted the threats inherent in the Internet of Things. He gave a seemingly simple example of a smart fridge being hacked and locked and the hacker demanding a ransom to let you back into your own fridge. Elovici is a member of the Department of Information and Software Systems Engineering.

Dell-EMC Site Manager Maya Hofman-Levy gave a brief overview of their work in Beer-Sheva and Barrel Kfir, Business Development Manager at JVP Cyber Labs outlined the venture capital fund’s activities.

The mood at the meeting was upbeat and optimistic with much emphasis put on generating real partnerships rather than just partnerships on paper.


BGU Researchers Demonstrate How Data Can Be Stolen From Isolated “Air-Gapped” Computers Through a Typical USB Flash Drive

Above: Illustration of USBee, in which an ordinary, unmodified USB drive (A) transmits information to a nearby receiver (B) through electromagnetic waves emitted from the drive data bus.

Researchers at BGU’s Cyber Security Research Center (CSRC) have demonstrated that an unmodified USB connected to a computer with malicious code can be used to steal data from infected and even “air-gapped” computers.

Air-gapped computers are isolated — separated both logically and physically from public networks — ostensibly to prevent their being hacked over the internet or within company networks.

The research team developed software it calls “USBee” to generate controlled radio frequency (RF) electromagnetic emissions from the data bus of a USB connector. They also reported in a paper that the emitted RF signals can be controlled and modulated with arbitrary binary data.

“Our evaluation shows that USBee can be used for transmitting binary data to a nearby receiver at a bandwidth of 80 bytes-per-second,” the researchers explain. “An RF antenna will capture electromagnetic waves from a USB to receive and exfiltrate small bits of data, such as security keys and passwords, up to 30 feet (10 meters) away from the air-gapped computer.”

“Unlike previous covert channels based on USB, our method doesn’t require firmware or modification of the USB’s hardware that creates an opportunity for attackers,” says Mordechai Guri, head of research and development at the CSRC and chief science officer at Morphisec Endpoint Security Solutions.

The researchers recommend that countermeasures to mitigate the issue use the “zone” approach: defining areas or zones around these computers where RF receivers are prohibited. Insulation of partition walls may help to lower signal reception distance if a dedicated hardware receiver is used.

This is the latest threat the BGU cyber team has uncovered related to what are supposed to be secure, air-gapped computers. Earlier this year, the researchers successfully collected data transmitted via noise from a computer fan as well as from acoustic signals emitted from a computer hard drive.

In addition to Mordechai Guri, other BGU researchers involved in this research include Matan Monitz, a BSc student in computer science and philosophy; and Prof. Yuval Elovici, director of the CSRC, member of BGU’s Department of Software and Information Systems Engineering and director of the Deutsche Telekom Innovation Laboratories at BGU.


BGU Cyber Security Researchers Present DiskFiltration: Data Exfiltration from Speakerless Air-Gapped Computers via Covert Hard Drive Noise

Air-gapped computers are disconnected from the Internet physically and logically. This measure is taken in order to prevent the leakage of sensitive data from secured networks. In the past, it has been shown that malware can exfiltrate data from air-gapped computers by transmitting ultrasonic signals via the computer’s speakers. However, such acoustic communication relies on the availability of speakers on a computer.

In a new paper, security researcher Mordechai Guri along with Yosef Solewicz (acoustic researcher), Andrey Daidakulov and Prof. Yuval Elovici of the Cyber Security Research Center and the Department of Software and Information Systems Engineering present ‘DiskFiltration,’ a covert channel which facilitates the leakage of data from an air-gapped computer via acoustic signals emitted from its hard disk drive (HDD). The method, which was introduced by Guri and the team, is unique in that, unlike other acoustic covert channels, it doesn’t require the presence of speakers or audio hardware in the air-gapped computer.

A malware installed on a compromised machine can generate acoustic emissions at specific audio frequencies by controlling the movements of the HDD’s actuator arm. Digital Information can be modulated over the acoustic signals and then be picked up by a nearby receiver (e.g., smartphone, smartwatch, laptop, etc.).

The researchers examined the HDD anatomy and analyzed its acoustical characteristics determining that they could present signal generation and detection, and data modulation and demodulation algorithms. Based on their proposed method, they developed a transmitter on a personal computer and a receiver on a smartphone, and provided the design and implementation details. They also evaluated the covert channel on various types of internal and external HDDs in different computer chassis and at various distances. With DiskFiltration, they were able to covertly transmit data (e.g., passwords, encryption keys, and keylogging data) between air-gapped computers to a smartphone at an effective bit rate of 180 bits/minute (10,800 bits/hour) and a distance of up to two meters (six feet).

“Air-gap isolation is considered to be a hermetic security measure which can prevent data leakage,” Guri told Ars Technica. “Confidential data, personal information, financial records and other types of sensitive information are stored within isolated networks. We show that despite the degree of isolation, the data can be exfiltrated (for example, to a nearby smart phone).”


New International Cyber Security and Machine Learning Academic and Professional Program (ICSML) opens at BGU

The first International Summer program in Data Mining and Business Intelligence with a focus in Cyber Security Applications recently opened at BGU. 

The International Cyber Security and Machine Learning Academic and Professional Program (ICSML) is a collaboration of BGU’s Office of International Academic Affairs and Malware Lab and the Cyber Security Research Center. 

ICSML is led by Dr. Nir Nissim, researcher and Head of the Malware Lab at the Cyber Security Research Center. 

The international students will partake in theoretical lectures and practical sessions in cyber security and machine learning topics, meet with successful companies, and sit through interesting lectures given by top tier experts including new cutting edge technologies that are not available in market yet. Some of the experts presenting in the course are academic members of the Department of Information Systems Engineering at BGU. 

The ICSML program includes two keynote experts: Prof. Yuval Elovici (Cyber Security) and Prof. Lior Rokach (Machine Learning and Big Data).

Elovici, the Director of the Telekom Innovation Laboratories at BGU, head of the Cyber Security Research Center (CSRC), Research Director of iTrust at SUTD, and a Professor in the Department of Information Systems Engineering, gave the opening lecture for the selected excellent Chinese and Indian students from top universities who were accepted to the program. 

Rokach, one of the leading researchers and experts in machine learning and big data and the head of the Big-data research center, will provide an interesting Lecture on the fundamentals of ensemble learning.