CBG in the News
AS FLYING, CAMERA-WIELDING machines get ever cheaper and more ubiquitous, inventors of anti-drone technologies are marketing every possible idea for protection from hovering eyes in the sky: Drone-spotting radar. Drone-snagging shotgun shells. Anti-drone lasers, falcons, even drone-downing drones. Now one group of Israeli researchers has developed a new technique for that drone-control arsenal—one that can not only detect that a drone is nearby, but determine with surprising precision if it’s spying on you, your home, or your high-security facility. Researchers at Ben Gurion University in Beer Sheva, Israel have built a proof-of-c...Read More ...
If you crack your phone screen and take it to a high-street phone repair shop, there’s a chance that hackers may be able to acce...Read More ...
Desktop Scanners Can Be Hijacked to Perpetrate Cyberattacks, According to BGU and Weizmann Institute Researchers
A typical office scanner can be infiltrated and a company’s network compromised using different light sources, according to a n...Read More ...
Researchers in Israel have shown off a novel technique that would allow attackers to wirelessly command devices using a laser ligh...Read More ...
BGU Researchers Have Developed a Platform to Protect Users from Cyber-Attacks Launched Through Videos or Pictures
As WikiLeaks allegedly revealed thousands of pages about US Intelligence agencies’ cyber-espionage capabilities, and as hackers ...Read More ...
Researchers at BGU’s Cyber Security Research Center have demonstrated that data can be stolen from an isolated “air-...Read More ...
A FEW HOURS after dark one evening earlier this month, a small quadcopter drone lifted off from the parking lot of Ben-Gurion Uni...Read More ...
At Tel Aviv confab, prime minister announces new National Center for Cyber Education to keep Israel’s young generations at t...Read More ...
Nanyang Technological University (NTU Singapore) and Ben-Gurion University of the Negev (BGU) are collaborating to find innovativ...Read More ...
AS FLYING, CAMERA-WIELDING machines get ever cheaper and more ubiquitous, inventors of anti-drone technologies are marketing every possible idea for protection from hovering eyes in the sky: Drone-spotting radar. Drone-snagging shotgun shells. Anti-drone lasers, falcons, even drone-downing drones. Now one group of Israeli researchers has developed a new technique for that drone-control arsenal—one that can not only detect that a drone is nearby, but determine with surprising precision if it’s spying on you, your home, or your high-security facility.
Researchers at Ben Gurion University in Beer Sheva, Israel have built a proof-of-concept system for counter-surveillance against spy drones that demonstrates a clever, if not exactly simple, way to determine whether a certain person or object is under aerial surveillance. They first generate a recognizable pattern on whatever subject—a window, say—someone might want to guard from potential surveillance. Then they remotely intercept a drone’s radio signals to look for that pattern in the streaming video the drone sends back to its operator. If they spot it, they can determine that the drone is looking at their subject.
In other words, they can see what the drone sees, pulling out their recognizable pattern from the radio signal, even without breaking the drone’s encrypted video.
“This is the first method to tell what is being captured in a drone’s [first-person-view] channel” despite that encryption, says Ben Nassi, one of the Ben Gurion researchers who wrote a paper on the technique, along with a group that includes legendary cryptographer and co-inventor of the RSA encryption algorithm Adi Shamir. “You can observe without any doubt that someone is watching. If you can control the stimulus and intercept the traffic as well, you can fully understand whether a specific object is being streamed.”
The researchers’ technique takes advantage of an efficiency feature streaming video has used for years, known as “delta frames.” Instead of encoding video as a series of raw images, it’s compressed into a series of changes from the previous image in the video. That means when a streaming video shows a still object, it transmits fewer bytes of data than when it shows one that moves or changes color.
That compression feature can reveal key information about the content of the video to someone who’s intercepting the streaming data, security researchers have shown in recent research, even when the data is encrypted. Researchers at West Point, Cornell Tech, and Tel Aviv University, for instance, used that feature as part of a technique to figure out what movie someone was watching on Netflix, despite Netflix’s use of HTTPS encryption.
The encrypted video streamed by a drone back to its operator is vulnerable to the same kind of analysis, the Ben Gurion researchers say. In their tests, they used a “smart film” to toggle the opacity of several panes of a house’s windows while a DJI Mavic quadcopter watched it from the sky, changing the panes from opaque to transparent and back again in an on-off pattern. Then they showed that with just a parabolic antenna and a laptop, they could intercept the drone’s radio signals to its operator and find that same pattern in the drone’s encrypted data stream to show that the drone must have been looking at the house.
In another test, they put blinking LED lights on a test subject’s shirt, and then were able to pull out the binary code for “SOS” from an encrypted video focused on the person, showing that they could even potentially “watermark” a drone’s video feed to prove that it spied on a specific person or building.
‘You can observe without any doubt that someone is watching.’ Ben Nassi, Ben Gurion University
All of that may seem like an elaborate setup to catch a spy drone in the act, when it could far more easily be spotted with a decent pair of binoculars. But Nassi argues that the technique works at ranges where it’s difficult to spot a drone in the sky at all, not to mention determine precisely where its camera is pointed. They tested their method from a range of about 150 feet, but he says with a more expensive antenna, a range of more than a mile is possible. And while radar or other radio techniques can identify a drone’s presence at that range, he says only the Ben Gurion researchers’ trick actually know where it’s looking. “To really understand what’s being captured, you have to use our method,” Nassi says.
Rigging your house—or body—with blinking LEDs or smart film panels would ask a lot of the average drone-wary civilian, notes Peter Singer, an author and fellow at the New America Foundation who focuses on military and security technology. But Singer suggests the technique could benefit high-security facilities trying to hide themselves from flying snoops. “It might have less implications for personal privacy than for corporate or government security,” Singer says.
DJI didn’t respond to WIRED’s request for comment. Nor did Parrot, whose drones Nassi says would also be susceptible to their technique.
If the Ben Gurion researchers’ technique were widely adopted, determined drone spies would no doubt find ways to circumvent the trick. The researchers note themselves that drone-piloting spies could potentially defeat their technique by, for instance, using two cameras: one for navigation with first-person streaming, and one for surveillance that stores its video locally. But Nassi argues that countermeasure, or others that “pad” video stream data to better disguise it, would come at a cost of real-time visibility or resolution for the drone operator.
The spy-versus spy game of aerial drone surveillance is no doubt just getting started. But for the moment, at least, the Israeli researchers’ work could give spying targets an unexpected new way to watch the watchers—through their own airborne eyes.
If you crack your phone screen and take it to a high-street phone repair shop, there’s a chance that hackers may be able to access your information.
Researchers from Ben-Gurion University of the Negev found cyber criminals are able to connect malicious chips to new screens on a Huawei Nexus 6P smartphone and an LG G Pad tablet, allowing them to steal passcodes, install snooping apps, perform unauthorised downloads, and take photos of the user.
The malicious chips cost as little as £8 ($10).
Most worrying of all is that the screens used by hackers look identical to the real thing, so there’s no way of telling whether it is compromising your data or not.
The researchers added that other devices, including iPhones, are also vulnerable — anyone with temporary access to your handset can install spyware.
Omer Shwartz, the lead researcher in the paper entitled Shattered Trust: When Replacement Smartphone Components Attack, wrote:
The threat should not be taken lightly. Attacks by malicious peripherals are feasible, scalable, and invisible to most detection techniques. A well-motivated adversary may be fully capable of mounting such attacks in a large scale or against specific targets.
Half of smartphone users worldwide have experienced a cracked screen at least once, according to research carried out by Motorola in 2015.
Last week, the telecommunications company applied for a patent on a phone screen that can repair itself if it gets damaged.
Data is converted into a binary format and transmitted by flashing the LED activity lights while a nearby camera records their output.
Malware comes in many forms, but the xLED malware is one of the most bizarre (and novel) forms of malicious software I’ve ever heard about. It is capable of infecting a router or switch and then stealing data by flashing the LEDs such devices always have.
According to Bleeping Computer, the xLED malware was created by a team at the Cyber Security Research Center at the Ben-Gurion University of the Negev in Israel. They’ve had previous success using the LED on a hard drive and a drone to capture the data. But targeting switches and routers allows for much greater data capture because there’s many more LEDs over which to transmit.
The data stealing works by firstly infecting the target switch or router with the malware. Once installed, the data theft can be carried out by converting data into a binary format of zeros and ones. Then each LED on the device can transmit a binary digit: turned on for one and off for zero.
In order to record the data a camera is required. This could be mounted on a drone looking through a window, a bribed security guard setting one up, or a hacked security camera. Much is dependant on the setting and situation.
Recording can also be done using optical sensors, and this apparently gives the best results because it can record the LED light changes at a much higher sampling rate. Combine that with multiple LED lights from which to record on an individual switch/router and the researchers managed to achieve a data stealing rate of 1,000 bits/second per LED.
The most difficult part of allowing this malware to work is installing it on the router or switch in the first place. However, we can’t forget this is just a piece of research and not a real attack vector. But it could be in the future, and by identifying it as a potential weakness in a network, manufacturers can think about ways to counter it in case someone does try to deploy this type of malware. Duct tape, perhaps?
A typical office scanner can be infiltrated and a company’s network compromised using different light sources, according to a new paper by researchers from BGU and the Weizmann Institute of Science.
“In this research, we demonstrated how to use a laser or smart bulb to establish a covert channel between an outside attacker and malware installed on a networked computer,” says Ben Nassi, a graduate student in BGU’s Department of Software and Information Systems Engineering as well as a researcher at BGU’s Cyber Security Research Center (CSRC). “A scanner with the lid left open is sensitive to changes in the surrounding light and might be used as a back door into a company’s network.”
The researchers conducted several demonstrations to transmit a message into computers connected to a flatbed scanner. Using direct laser light sources up to a half-mile (900 meters) away, as well as on a drone outside their office building, the researchers successfully sent a message to trigger malware through the scanner.
In another demonstration, the researchers used a Galaxy 4 Smartphone to hijack a smart lightbulb (using radio signals) in the same room as the scanner. Using a program they wrote, they manipulated the smart bulb to emit pulsating light that delivered the triggering message in only seconds.
To mitigate this vulnerability, the researchers recommend organizations connect a scanner to the network through a proxy server — a computer that acts as an intermediary — which would prevent establishing a covert channel. This might be considered an extreme solution, however, since it also limits printing and faxing remotely on all-in-one devices.
“We believe this study will increase the awareness to this threat and result in secured protocols for scanning that will prevent an attacker from establishing such a covert channel through an external light source, smart bulb, TV, or other IoT (Internet of Things) device,” Nassi says.
Prof. Adi Shamir of the Department of Applied Mathematics at the Weizmann Institute conceived of the project to identify new network vulnerabilities by establishing a clandestine channel in a computer network.
Ben Nassi’s Ph.D. research advisor is Prof. Yuval Elovici, a member of the BGU Department of Software and Information Systems Engineering and director of the Deutsche Telekom Innovation Laboratories at BGU. Elovici is also director of the CSRC.
Researchers in Israel have shown off a novel technique that would allow attackers to wirelessly command devices using a laser light, bypassing so-called air gaps.
When hackers infect computers with malware, they generally communicate with their code over the internet via a command-and-control server. But firewalls and intrusion detection systems can block communication going to and from suspicious domains and IP addresses.
To bypass these normal detection methods, researchers in Israel have devised a novel way to communicate covertly with malware. The technique uses a flatbed scanner as the gateway through which an attacker can send commands to their malware on a victim’s network.
The attack works by using a light source in the vicinity of the scanner to signal commands through the scanner to malware. The technique can be used to erase important files on a computer or network before an important meeting, trigger ransomware to encrypt files and systems, or launch a logic bomb already planted on a network to shut down computers or do something else. The attack could even conceivably be used against industrial control systems to shut down processes on so-called “air-gapped” networks, which aren’t directly connected to the internet.
The attack would also work by hijacking an existing light source installed near the scanner, such as a smart bulb.
The researchers tested their attack using the command “erase file xxx.doc” sent from a laser positioned on a stand outside a glass-walled building from 900 meters away as well as via a laser attached to a drone outside an office window. But the attack would also work by hijacking an existing light source installed near the scanner, such as a smart bulb. The researchers performed a successful attack by hijacking a smart bulb from a car in a parking lot adjacent to a building.
The work was conducted by Ben Nassi, a graduate student at the Cyber Security Research Center at Ben-Gurion University, and his advisor Yuval Elovici, based on an idea suggested by Adi Shamir, the famed cryptographer whose name is the S in RSA Security.
The lab in Israel specializes in security research on air-gapped systems. Most of their previous work has focused on various ways to extract data, such as passwords, from air-gapped systems—using using radio signals, electromagnetic waves, heat emissions, or the fan inside a computer. But this is the first successful test they’ve conducted to send data to a victim’s network, though the method could be used in reverse to extract data as well.
How It Works
Scanners work by detecting reflected light on their glass pane. The light creates a charge that the scanner translates into binary, which gets converted into an image. But scanners are sensitive to any changes of light in a room—even when paper is on the glass pane or when the light source is infrared–which changes the charges that get converted to binary. This means signals can be sent through the scanner by flashing light at its glass pane using either a visible light source or an infrared laser that is invisible to human eyes.
There are a couple of caveats to the attack—the malware to decode the signals has to already be installed on a system on the network, and the lid on the scanner has to be at least partially open to receive the light. It’s not unusual for workers to leave scanner lids open after using them, however, and an attacker could also pay a cleaning crew or other worker to leave the lid open at night.
“Because most offices do have curtain walls, it makes it possible for a visible laser to [penetrate].”
Once the malware is installed on a computer in the target organization, it scans the internal network for the presence of a scanner. The malware initiates a scan at a scheduled time, for example at night when no one is in the office, or at periodic intervals, and the attacker’s laser or the hijacked lightbulb initiates signaling at the same time. The commands are sent in binary by turning the laser on and off—to signal a “1” or “0” respectively. A prefix and suffix binary—1001—inserted before and after each command tells the malware when a command is being sent. The malware decodes the command from the binary and can even send back a response to acknowledge receipt.
The researchers first conducted an attack using a laser mounted on a stand 900 meters outside a glass-walled office building, known in the construction trade as a curtain wall. Even lthough the scanner was on the building’s third floor, the stand on the ground outside had line-of-sight with it. The researchers used a visible green-light laser, since glass-walled buildings use filtered glass that blocks ultraviolet rays and infrared. The second experiment used a commercial drone flown outside the windows from 20 meters away.
“Because most offices do have curtain walls, it makes it possible for a visible laser to [penetrate],” Nassi told Motherboard.
It took 50 milliseconds to transmit each bit of the command. The entire 64-bit message took about three seconds. In both tests, the malware read the signal in real-time and acknowledged receipt by triggering a second scan once the command sequence ended. A video recorder mounted on the drone and a telescopic camera on the stand recorded the receipt response.
Chris Sistrunk, an industrial control system expert with Mandiant, says the scanner attack could conceivably work to shut down systems and processes in a manufacturing plant if the process network has a scanner installed on it, or if the business IT network and processing networks aren’t segmented from each other.
“If the scanner is on the IT network and there is no segmentation [between it and the process network] so that it could talk to a scanner, or there’s little segmentation [between them] due to misconfiguration of a firewall—which we’ve all seen—then it’s plausible,” he told Motherboard.
Both laser attacks relied on line-of-sight to the scanners. But in cases where a scanner is out of sight, the researchers devised an attack that works by hijacking a smart bulb in the scanner’s vicinity. Previous research by other groups have shown smart lights and bulbs to be vulnerable to attack.
“[D]espite the fact that [a] smart bulb does not contain any important information […] the bulb can cause big damage when used as a mediator in attacks,” the researchers note in they’ve published about their tests. “The attacker can either attack an IoT device whose purpose is to illuminate (e.g., a smart bulb) or attack an IoT device in which illumination is a side effect, (e.g., a smart TV).”
The Israeli researchers used a ransomware attack for this test, sending the command to encrypt data from a car in the parking lot. The driver of the car controlled the fluctuating lightbulb via Bluetooth from a Samsung Galaxy S4. The scanners they tested were able to detect even slight changes in brightness from the smart bulb—a 5 percent reduction of light—and in sequences that lasted less than 25 milliseconds, which would not be noticeable.
To guard against all of these attacks, the researchers say companies and organizations could disconnect their scanners from internal networks; but this would prevent workers from printing or faxing documents remotely to a multi-functioning printer/scanner. The better solution they say would be to set up a proxy system whereby the scanner is connected by wire to a computer on the organization’s network that processes data from the scanner, rather than connecting the scanner directly to the network.
As WikiLeaks allegedly revealed thousands of pages about US Intelligence agencies’ cyber-espionage capabilities, and as hackers continue to broaden their avenues of attack, one of the vulnerabilities revealed was smart TVs. However, Prof. Ofer Hadar (pictured left), Chair of BGU’s Department of Communication Systems Engineering warns that the threat is actually much greater.
“Any video or picture downloaded or streamed by a user is a potential vehicle for a cyber-attack. What’s more, hackers like videos and pictures because they bypass the regular data transfer systems of even secure systems and there is a lot of space to implant malicious code,” says Hadar.
He has dubbed it The Coucou Project and received significant funding from the Cyber Security Research Center at BGU, a joint initiative of BGU and the Israeli National Cyber Bureau, to develop his protective solution. In addition, the BaseCamp Innovation Center at the Advanced Technologies Park adjacent to BGU is interested in developing the platform into a commercial company.
Hadar’s Coucou Project assumes two potential attack scenarios, both of which assume that basic malware has been planted on the victim’s servers/hosts by means of social engineering or other types of vulnerability exploitation; from there, the malware gathers classified information from the victim’s data center. In the first case, once the user uploads an image or a video to a social network, the malware embeds the classified information into the uploaded content (making it accessible to the attacker), and then the attacker can download the infected content and extract the classified information. In the second scenario, the attacker uploads infected content to a social network or any other server and the malware extracts the shell code and executes it.
“When considering future applications of the Coucou product, we envision covert channel and protection applications and anticipate that the technique will be used by Firewall and antivirus companies,” adds Hadar.
Researchers at BGU’s Cyber Security Research Center have demonstrated that data can be stolen from an isolated “air-gapped” computer’s hard drive reading the pulses of light on the LED drive using various types of cameras and light sensors.
In the new paper, the researchers demonstrated how data can be received by a Quadcopter drone flight, even outside a window with line-of-sight of the transmitting computer. Click here to watch a video of the demonstration.
Air-gapped computers are isolated — separated both logically and physically from public networks — ostensibly so that they cannot be hacked over the Internet or within company networks. These computers typically contain an organization’s most sensitive and confidential information.
Led by Dr. Mordechai Guri (pictured above), Head of R&D at the Cyber Security Research Center, the research team utilized the hard-drive (HDD) activity LED lights that are found on most desktop PCs and laptops. The researchers found that once malware is on a computer, it can indirectly control the HDD LED, turning it on and off rapidly (thousands of flickers per second) — a rate that exceeds the human visual perception capabilities. As a result, highly sensitive information can be encoded and leaked over the fast LED signals, which are received and recorded by remote cameras or light sensors.
“Our method compared to other LED exfiltration is unique, because it is also covert,” Dr. Guri says. “The hard drive LED flickers frequently, and therefore the user won’t be suspicious about changes in its activity.”
Dr. Guri and the Cyber Security Research Center have conducted a number of studies to demonstrate how malware can infiltrate air-gapped computers and transmit data. Previously, they determined that computer speakers and fans, FM waves and heat are all methods that can be used to obtain data.
In addition to Dr. Guri, the other BGU researchers include Boris Zadov, who received his M.Sc. degree from the Department of Electrical and Computer Engineering and Prof. Yuval Elovici, director of the Cyber Security Research Center. Prof. Elovici is also a member of the University’s Department of Software and Information Systems Engineering and Director of Deutsche Telekom Laboratories at BGU.
A FEW HOURS after dark one evening earlier this month, a small quadcopter drone lifted off from the parking lot of Ben-Gurion University in Beersheba, Israel. It soon trained its built-in camera on its target, a desktop computer’s tiny blinking light inside a third-floor office nearby. The pinpoint flickers, emitting from the LED hard drive indicator that lights up intermittently on practically every modern Windows machine, would hardly arouse the suspicions of anyone working in the office after hours. But in fact, that LED was silently winking out an optical stream of the computer’s secrets to the camera floating outside.
That data-stealing drone, shown in the video below, works as a Mr. Robot-style demonstration of a very real espionage technique. A group of researchers at Ben-Gurion’s cybersecurity lab has devised a method to defeat the security protection known as an “air gap,” the safeguard of separating highly sensitive computer systems from the internet to quarantine them from hackers. If an attacker can plant malware on one of those systems—say, by paying an insider to infect it via USB or SD card—this approach offers a new way to rapidly pull secrets out of that isolated machine. Every blink of its hard drive LED indicator can spill sensitive information to any spy with a line of sight to the target computer, whether from a drone outside the window or a telescopic lens from the next roof over.
“If an attacker has a foothold in your air-gapped system, the malware still can send the data out to the attacker,” says Ben-Gurion researcher Mordechai Guri, who has spent years focusing on finding techniques for ferreting data out of isolated computer systems. “We found that the small hard drive indicator LED can be controlled at up to 6,000 blinks per second. We can transmit data in a very fast way at a very long distance.”
An air gap, in computer security, is sometimes seen as an impenetrable defense. Hackers can’t compromise a computer that’s not connected to the internet or other internet-connected machines, the logic goes. But malware like Stuxnet and the Agent.btz worm that infected American military systems a decade ago have proven that air gaps can’t entirely keep motivated hackers out of ultra-secret systems—even isolated systems need code updates and new data, opening them to attackers with physical access. And once an air-gapped system is infected, researchers have demonstrated a grab bag of methods for extracting information from them despite their lack of an internet connection, from electromagnetic emanations to acousticand heat signaling techniques—many developed by the same Ben-Gurion researchers who generated the new LED-spying trick.
But exploiting the computer’s hard drive indicator LED has the potential to be a stealthier, higher-bandwidth, and longer-distance form of air-gap-hopping communications. By transmitting data from a computer’s hard drive LED with a kind of morse-code-like patterns of on and off signals, the researchers found they could move data as fast as 4,000 bits a second, or close to a megabyte every half hour. That may not sound like much, but it’s fast enough to steal an encryption key in seconds. And the recipient could record those optical messages to decode them later; the malware could even replay its blinks on a loop, Guri says, to ensure that no part of the transmission goes unseen.
The technique also isn’t as limited in range as other clever systems that transmit electromagnetic signals or ultrasonic noises from speakers or a computer’s fans. And compared to other optical techniques that use the computer’s screen or keyboard light to secretly transmit information, the hard-drive LED indicator—which blinks anytime a program accesses the hard drive—routinely flashes even when a computer is asleep. Any malware that merely gains the ability of a normal user, rather than deeper administrative privileges, can manipulate it. The team used a Linux computer for their testing, but the effects should be the same on a Windows device.
“The LED is always blinking as it’s doing searching and indexing, so no one suspects, even in the night,” says Guri. “It’s very covert, actually.”
Slow and Steady
The researchers found that when their program read less than 4 kilobytes from the computer’s storage at a time, they could cause the hard drive’s LED indicator to blink for less than a fifth of a millisecond. They then tried using those rapid fire blinks to send messages to a variety of cameras and light sensors from an “infected” computer using a binary system of data encoding known as “on-off-keying,” or OOK. They found that a typical smartphone camera can at most receive around 60 bits per second due to its lower frame rate, while a GoPro camera captured as much as 120 bits per second. A Siemens photodiode sensor was far better suited to their high-frequency light sensing needs, though, and allowed them to hit their 4,000 bits per second maximum transmission rate.
The malware could also make the hard drive LED blink so briefly, in fact, that it would be undetectable to human eyes, yet still registered by the light sensor. That means an attacker could even send invisible light signals to a faraway spy, albeit at a slower rate to avoid its covert blinks blurring into a visible signal. “It’s possible for the attacker to do such fast blinking that a human never sees it,” says Guri.
The good news, however, for anyone security-sensitive enough to worry about the researchers’ attack—and anyone who air gaps their computers may be just that sensitive—is that the Ben Gurion researchers point to clear countermeasures to block their hard drive LED exfiltration method. They suggest keeping air-gapped machines in secure rooms away from windows, or placing film over a building’s glass designed to mask light flashes. They also note that protective software on a target machine could randomly access the hard drive to create noise and jam any attempt to send a message from the computer’s LED.
But the simplest countermeasure by far is simply to cover the computer’s LED itself. Once, a piece of tape over a laptop’s webcam was a sign of paranoia. Soon, a piece of tape obscuring a computer’s hard drive LED may be the real hallmark of someone who imagines a spy drone at every window.
At Tel Aviv confab, prime minister announces new National Center for Cyber Education to keep Israel’s young generations at the top of the cyber game.
As computer devices and Internet of Things (IoT) connectivity continue to break new boundaries and create changes to our lifestyle, new cybersecurity technologies to defend our tech-savvy lives are crucial.
“Not many years ago, computers were far away. Then they came to our desktops, then to our laptops, and then to our pockets; now they’re in our clothes and, for some, in our body — medical devices. All this needs to be defended,” Erez Kreiner, CEO of Cyber-Rider and former director of Israel’s National Cyber Security Authority, told a press gathering at this week’s Cybertech 2017 conference in Tel Aviv.
He noted that Israel is the place to find many of the best cybersecurity products.
Last year saw 65 startups created in Israel’s cyber space, according to Start-Up Nation Central, a nonprofit organization. Altogether, the country boasts about 450 companies specializing in cyber, according to a Reuters report.
Israel’s venture-capital funding in the cyber sector, according to Start-Up Nation Central, is a record $581 million, second only to the United States.
YL Ventures’ report showing the hottest types of cybersecurity solutions to attract investment in 2016 included mobile security, vulnerability and risk management, network security, SCADA security and incident response.
“We’re still at the beginning for the cyber arena. We still need the security solution for smart homes, we still don’t have security solutions for autonomous cars, or for connected medical devices or MRI machines, or for connected kitchen appliances. Every technology that will be introduced to our lives in the coming years will need a cyber solution,” says Kreiner.
Indeed, our digital society makes us vulnerable to external threats of cyber terror, cybercrime and identity theft.
Control systems, online banking, networks, databases and electronic devices are all susceptible to attack.
“In the cyber arena, I’d say we’re in the September 10th zone,” says Kreiner. “We know very bad things can happen. So we invest in cybersecurity but still we’re very much on the edge.”
In search of Israeli innovation
Cybertech 2017, held for its fourth year at the Israel Trade Fairs & Convention Center, attracted over 10,000 visitors, investors, entrepreneurs and cyber companies. Cybertech is the second largest conference and exhibition of cyber technologies in the world.
Visitors come seeking the latest in cybersecurity. After all, Israelis came up with the concept of firewall security before hackers even started attacking personal computers.
“There are a lot of global innovators in cybersecurity. But if I were to put a bet on it, I would bet on Israel,” Esti Peshin, director of Cyber Programs at Israel Aerospace Industries, tells ISRAEL21c about where the best new technologies will come from.
Calls for collaboration echoed around the Trade Fairs hall.
Former Mossad senior officer Haim Tomer says “every country has felt the effects of cyber attacks.”
“What you see today is going to get a lot worse in the future if we don’t band together,” Prime Minister Benjamin Netanyahu told conference attendees.
“Terrorist organizations use the same tools we use – against us,” said Netanyahu. “The Internet of Things can be used by these terrorist organizations for dangerous purposes. Unless we work together and cooperate, the future can be very menacing. In this context, Israel, the US and other countries should cooperate at the government level as well as among the industries.”
Nanyang Technological University (NTU) of Singapore and Ben-Gurion University of the Negev (BGU) announced a new collaboration to develop technologies for tackling advanced persistent threats (APTs).
“BGU and NTU recognize the grave necessity of stopping APTs, which are some of the hardest cyber attacks to detect, and have allocated significant funding over two years to develop early detection methods,” said BGU Prof. Dan Blumberg. “Cyber security is a global threat which has become a research topic of increasing interest at BGU and we are pleased to be collaborating with our partners in Singapore to stem the tide.”
Yuval Elovici, head of BGU Cyber Security Research Center, told journalists that the research and patented technology developed at the university are used to create new prevention and detection tools.
Elovici gave an example of how smartwatches can be hacked, and when worn into a secure environment, end up compromising the organization.
“The vulnerabilities are great,” says Elovici, noting his research team is now creating a solution to alert organizations to new devices that enter their secure space. “We’re developing mechanisms so that we can continue to live with IoT and still keep safe.”
At the BGU exhibit area, two prominent examples of research-to-startup success include Morphisec, which is now opening a US office, and Double Octopus, which recently announced a $6 million investment round. Both companies developed cyber security prevention and detection tools based on patented technology originating out of Ben-Gurion University of the Negev.
Israel’s vision some 20 years ago to put cyber on top of the agenda was crucial to the country’s place as a world cybersecurity expert today. To further that vision and to keep Israel’s new generation at the top of the cyber game, Netanyahu announced the creation of a National Center for Cyber Education.
The new center will have a $6 million budget over the next five years, to “increase the number and raise the level of young Israelis for their future integration into the Israeli security services, industry and the academic world.”
Nanyang Technological University (NTU Singapore) and Ben-Gurion University of the Negev (BGU) are collaborating to find innovative ways to counter cyber threats.
The aim of the joint research project, called the Bio-Inspired Agile Cyber Security Assurance Framework (BICSAF), is to develop innovative technologies for tackling Advanced Persistent Threats. These are stealthy and continuous computer hacking processes run by individuals who target specific entities, such as private organisations and state agencies. Their long periods of covertness make it difficult to detect such threats with current technology.
NTU Chief of Staff and Vice-President of Research Prof Lam Khin Yong and BGU Vice-President and Dean of Research & Development Prof Dan Blumberg signed the joint research agreement at the CyberTech Conference in Tel Aviv yesterday (pictured above – photo Credit: Gilad Kavalerchik). Israeli Prime Minister Benjamin Netanyahu was the conference’s guest-of-honor earlier in the day.
The project will have S$3 million in joint funding from NTU, BGU and the National Research Foundation (NRF), Prime Minister’s Office, Singapore. The collaboration is supported by NRF through its National Cybersecurity R&D Programme. In collaboration with the Cyber Security Research Centre at NTU, the new initiative will be led on the BGU side by Cyber Security Research Center director Prof. Yuval Elovici, and Dr. Rami Puzis of the Department of Software and Information Systems Engineering. In developing new technologies to counter cyber threats, the two partners are inspired by the ability of the human body’s immune system to adapt to and fight ever-evolving bacteria and viruses.
Prof Lam Khin Yong said, “Through this partnership, NTU and BGU will be able to develop innovative methods for combating one of the most complicated problems in cyber security – Advanced Persistent Threats (APTs). This project will leverage NTU’s strong hardware-based research expertise and BGU’s software-based core competencies to combat this intractable problem.”
NTU has invested heavily in its cyber security expertise in recent years, including a S$2.5 million partnership last year with BAE Systems to jointly develop next-generation cybersecurity solutions.
BGU has deep expertise in cyber security research and is at the heart of efforts to turn Beer-Sheva into a national and international cyber hub. Prof Dan Blumberg said, “BGU and NTU recognise the grave necessity of stopping Advanced Persistent Threats (APTs), which are some of the hardest cyber-attacks to detect, and have allocated significant funding over two years to develop early detection methods. Cyber security is a global threat which has become a research topic of increasing interest at BGU and we are pleased to be collaborating with our partners in Singapore to stem the tide.”
Mr George Loh, Director (Programmes) of NRF and Co-Chair of the National Cybersecurity R&D Programme Committee , said, “Singapore has established a holistic national cybersecurity strategy that will support our Smart Nation vision and enhance Singapore’s standing as a trusted digital hub. It is critical for Singapore to develop strong cybersecurity capabilities to protect our critical infrastructures such as our public transport systems, public safety systems, and energy systems, which are interconnected elements contributing to the quality of life for Singaporeans.
“The collaboration between NTU and BGU will explore novel ideas to develop cyber-immune technologies to fight external adversaries that launch cyber-attacks on our critical systems, much like how our biological immune system works.”
The Department of Software and Information Systems Engineering at BGU is the largest in Israel, with significant resources devoted to cyber security research. BGU also set up the Cyber Security Research Center with the Israel National Cyber Bureau to identify risks while protecting critical national infrastructure.
A research-intensive public university, Nanyang Technological University, Singapore (NTU Singapore) has 33,500 undergraduate and postgraduate students in the colleges of Engineering, Business, Science, Humanities, Arts, & Social Sciences, and its Interdisciplinary Graduate School. It also has a medical school, the Lee Kong Chian School of Medicine, set up jointly with Imperial College London.
NTU is also home to world-class autonomous institutes – the National Institute of Education, S Rajaratnam School of International Studies, Earth Observatory of Singapore, and Singapore Centre for Environmental Life Sciences Engineering – and various leading research centres such as the Nanyang Environment & Water Research Institute (NEWRI), Energy Research Institute @ NTU (ERI@N) and the Institute on Asian Consumer Insight (ACI).
Ranked 13th in the world, NTU has also been ranked the world’s top young university for the last three years running. The University’s main campus has been named one of the Top 15 Most Beautiful in the World. NTU also has a campus in Novena, Singapore’s medical district.
Singapore’s National Research Foundation (NRF) is a department within the Prime Minister’s Office. The NRF sets the national direction for research, innovation and enterprise (RIE) in Singapore. It seeks to invest in science, technology and engineering, build up the technological capacity of our companies, encourage innovation by industry to exploit new opportunities that drive economic growth, and facilitate public-private partnerships to address national challenges.
Under RIE2020, the NRF is committed to create greater value in Singapore from our investment in research, innovation and enterprise through 1) closer integration of research thrusts, 2) stronger dynamic towards the best teams and ideas, 3) sharper focus on value creation, and 4) better optimised RIE manpower.