CBG in the News
Chinese giant Lenovo announced on Monday that it is establishing the Lenovo Cybersecurity Innovation Center (LCIC) in cooperation with Ben-Gurion University of the Negev. Lenovo’s investment in the center wasn’t disclosed, but is believed to be in the millions of dollars. According to the company, the center will focus on zero-trust architecture innovation in hardware and below-OS security, as well as serve as a hub for the development of next-generation security solutions. The LCIC will be staffed and managed in coordination by cybersecurity experts from Lenovo and Ben-Gurion University. “Cybersecurity is one of the top priorit...Read More ...
The growing popularity of personal and commercial drone use in populated areas poses significant risks both for society and dro...Read More ...
The new Center for Computational Criminology was launched on Wednesday at BGU. The Center, a joint initiative of the Israel Police...Read More ...
Faraday rooms or “cages” designed to prevent electromagnetic signals from escaping can nevertheless be compromised and lea...Read More ...
New Cyber Security Approaches for Medical Imaging Devices Are Required, According to BGU’s Malware Lab Researchers
Malware Lab researchers at Ben-Gurion University of the Negev (BGU) are warning medical imaging device (MID) manufacturers an...Read More ...
Prof. Lior Rokach head of the department, Prof. Bracha Shapira deputy dean for research, Prof. Yuval Elovici director of de...Read More ...
BGU’s top cybersecurity researchers will address the impact of artificial intelligence (AI) – the good, bad and t...Read More ...
In this week’s IoT cyber security and cyber hygiene podcast, we had the pleasure of interviewing Omer Shwartz, a Ph.D stude...Read More ...
First Technique to Detect Illicit Drone Video Filming Demonstrated by Ben-Gurion University and Weizmann Institute Researchers
The first technique to detect a drone camera illicitly capturing video is revealed in a new study published by Ben-Gurion Universi...Read More ...
Such cyberattacks in limelight as WikiLeaks shows how US spies use TVs, callphones and computers to get data A researcher at Ben-G...Read More ...
Chinese giant Lenovo announced on Monday that it is establishing the Lenovo Cybersecurity Innovation Center (LCIC) in cooperation with Ben-Gurion University of the Negev. Lenovo’s investment in the center wasn’t disclosed, but is believed to be in the millions of dollars.
According to the company, the center will focus on zero-trust architecture innovation in hardware and below-OS security, as well as serve as a hub for the development of next-generation security solutions. The LCIC will be staffed and managed in coordination by cybersecurity experts from Lenovo and Ben-Gurion University.
“Cybersecurity is one of the top priorities of CIOs today,” said Nima Baiati, Executive Director and GM, Commercial Cybersecurity Solutions at Lenovo. “Lenovo opening the new security innovation center with Ben-Gurion University gives us access to a global nexus of security innovation, our customers’ access to world-leading experts, and will help us create even stronger products across our portfolio.”
Solutions developed at LCIC will be incorporated into ThinkShield, Lenovo’s portfolio of hardware, software, and services with enhanced security features.
“Ben-Gurion University is committed to maintaining its cybersecurity research leadership not just in Israel, but also globally, and to apply the most recent academic knowledge and research to real-world issues,” said Prof. Yuval Elovici, Head of Ben-Gurion University Cyber Security Research Center. “As part of this vision, we are eager to team-up with industry leaders who share our values and aspire to serve as a model for the industry by actively pursuing cybersecurity excellence and innovation. Therefore, we would like to welcome Lenovo as our new partner in this digital battle against cyber threats. We are excited to work together in our jointly established center for new cybersecurity technologies with a particular emphasis on zero trust architecture and next-generation security innovation. The center’s work will become part of Lenovo’s cybersecurity portfolio and help further drive security innovation for Lenovo’s customers.”
The growing popularity of personal and commercial drone use in populated areas poses significant risks both for society and drones as a result of lack in additional technology that is required to secure both parties from one another. The lack of supporting technology could be exploited by malicious entities for cyberattacks, terrorism, crime and threats to privacy and also to attack drones while flying for a legitimate purpose, according to a new research report by Ben-Gurion University of the Negev (BGU) researchers and Fujitsu System Integration Laboratories Ltd.
The first comprehensive study on “Security and Privacy Challenges in the Age of Drones” evaluates 200 academic and industry techniques designed to detect and disable drones flying in both unrestricted and restricted areas. Its findings coincide with the U.S. government proposal to allow civilian drone flights with new security rules that permit deliveries and other commercial uses in populated areas.
“The cutting-edge technology and decreasing drone prices made them accessible to individuals and organizations, but has created new threats and recently caused an increase in drone-related incidents,” says Ben Nassi, a Ph.D. student in BGU’s Department of Software and Information Systems Engineering (SISE) and a researcher at the BGU Cyber Security Research Center. “There are many difficulties that militaries, police departments, and governments are seeking to overcome, as it is a recognized threat to critical infrastructure, operations, and individuals.”
The researchers examined different ways to detect drones in drone-restricted areas including radar, RF Scanners, thermal cameras, sound and hybrids of these methods. However, they believe the biggest challenge is determining the drone’s purpose in non-restricted areas. For example, whether a detected drone is being used by its operator to deliver a pizza, spy on someone in a shower, launch a cyber-attack, or smuggle goods.
“An open-skies policy that allow drones to fly over populated areas pose a significant challenge in terms of security and privacy within society” says Prof. Yuval Elovici, Ben Nassi’s Ph.D. advisor, who is director of the Deutsche Telekom Innovation Labs@BGU; director of the BGU Cyber Security Research Center, SISE faculty member and the Davide and Irene Sala Chair in Homeland Security Research.
“Attackers can disguise a cyber-attack as legitimate drone pizza delivery by hiding the hardware they use inside the pizza box. To illustrate, the BGU and Fujitsu researchers demonstrate an attack exploiting a pizza delivery to launch cyber-warfare against smart cities by triggering watering via cellular smart irrigation system.
The researchers also demonstrate a new physical method to disable drone’s active tracking functionality, a new technology that was recently introduced by drone manufacturers that is based on computer vision algorithms.
“In an unrestricted area, we believe that there is a major scientific gap and definite risks that can be exploited by terrorists to launch a cyber-attack,” Nassi says. “It is inevitable that drones will become more widespread, but we need to recognize that open-skies policy pose multiple risks and that current solutions are unable to solve as a result of a major scientific gap in this area.”
The researchers propose methods that enable flying drone identification as well as registration, which is now a U.S. regulation. This includes dedicated techniques for authenticating drones and their operators. While in their previous study, the researchers demonstrated a new technique to detect a spying drone, new methods to determine the purpose of a nearby drone must be developed.
The research team also included Dr. Asaf Shabtai from BGU SISE, as well as Dr. Ryusuke Masuoka and Kohki Ohhira from Fujitsu System Integration Laboratories Ltd.
The new Center for Computational Criminology was launched on Wednesday at BGU. The Center, a joint initiative of the Israel Police and BGU, will develop advanced cyber, big data and artificial intelligence tools to fight crime.
The ceremony was held at BGU’s Advanced Technologies Park in the presence of Israel Police Commissioner Roni Alsheikh and BGU President Prof. Rivka Carmi.
Cybercrime has risen precipitously in recent years as criminals and even rogue governments have capitalized on the anonymity of cyberspace to cloak their activities while reaping sizeable profits. Use of social media-based evidence has also been on the uptick in recent years as more and more information is shared online.
BGU researchers will work side by side with the Israel Police’s cyber investigators to develop new artificial intelligence and machine learning tools for law enforcement.
“The last, most significant scientific breakthrough to change law enforcement was DNA testing,” says Prof. Lior Rokach, head of the new Center, Chair of the Department of Software and Information Systems Engineering, and a leading expert on artificial intelligence, “Today, we are on the threshold of the next big breakthrough: analyzing big data to discover hidden patterns to predict and prevent crime. The AI revolution of the past few years will prove to be even more significant than DNA testing for law enforcement, providing them with unprecedented investigative tools and new sources of evidence.”
Israel Police Commissioner Roni Alsheikh: “The Israel Police’s Cyber Unit, which was created to lead the national effort to combat cybercrime, will be collaborating with BGU’s cybersecurity experts to constantly improve the police’s enforcement and prevention capabilities, by staying at the cutting edge of technological developments in the field. This cooperation will enable the police to bring technology to bear more effectively in enforcing the law and fighting crime, whether cybercriminals or traditional criminals, by turning a threat into an opportunity.”
BGU President Prof. Rivka Carmi said at the event, “BGU is a recognized international leader in cybersecurity, IoT and Big Data research. Putting that expertise to work for the State of Israel is a privilege and comes on the heels of the government’s decision to place the national CERT here at the ATP in Beer-Sheva. The Center will bring together academic research expertise and the world of law enforcement to prevent crime in cyberspace and in general.”
Cyber@BGU Director Prof. Yuval Elovici: “We have no doubt that the Israel Police will benefit from our cybersecurity experience and knowledge by applying it to their operations.”
Cyber@BGU (CBG) serves as a shared research platform for the most innovative and technologically challenging cyber-related projects, in partnership with various multi-national companies and governmental organizations.
Situated in BGU’s Advanced Technologies Park in Beer-Sheva (Israel’s Cyber Capital), CBG encompasses, among others, the Cyber Security Research Center, a joint initiative with the Israel National Cyber Bureau, and the Telekom Innovation Laboratories in partnership with Deutsche Telekom.
Core research under the Cyber@BGU umbrella includes IoT security; cyber for intelligent transportation; cyber for aviation; malware; AI-based cyber defense; blockchain; network security; adversarial AI; machine learning; deep learning; fraud detection; and Big Data analysis for cyber security.
Faraday rooms or “cages” designed to prevent electromagnetic signals from escaping can nevertheless be compromised and leak highly sensitive data, according to new studies by BGU’s Cyber@BGU.
Research led by Dr. Mordechai Guri (pictured right), the head of research and development of Cyber@BGU showed for the first time that a Faraday room and an air-gapped computer that is disconnected from the internet will not deter sophisticated cyber attackers.
Air-gapped computers used for an organization’s most highly sensitive data might also be secluded in a hermetically-sealed Faraday room or enclosure, which prevents electromagnetic signals from leaking out and being picked up remotely by eavesdropping adversaries.
In two newly-released reports, the team demonstrated how attackers can bypass Faraday enclosures and air gaps to leak data from the most highly secured computers. The Odini method, named after the escape artist Harry Houdini, exploits the magnetic field generated by a computer’s central processing unit (CPU), to circumvent even the most securely- equipped room.
“While Faraday rooms may successfully block electromagnetic signals which emanate from computers, low-frequency magnetic radiation disseminates through the air, penetrating metal shields within the rooms,” explains Dr. Guri. “That’s why a compass still works inside of a Faraday room. Attackers can use this covert magnetic channel to intercept sensitive data from virtually any desktop PCs, servers, laptops, embedded systems and other devices.”
In another documented cyberattack, researchers utilized malware keystrokes and passwords on an air-gapped computer to transfer data to a nearby smartphone via its magnetic sensor. Attackers can intercept this leaked data even when a smartphone is sealed in a Faraday bag or set on “airplane mode” to prevent incoming and outgoing communications. Click here to watch the demonstration.
Dr. Guri’s research team includes BGU Department of Electrical and Computer Engineering Ph.D. student Boris Zadov, Andrei Daydakulov, and Prof. Yuval Elovici, who is director of the Cyber@BGU, director of Deutsche Telekom Innovation Labs@BGU and a member of the BGU Department of Software and Information Systems Engineering.
Above: A smartphone in a Faraday bag.
BGU and Amdocs launched the joint Amdocs Ben-Gurion University Research Laboratory recently to cultivate cooperation in the areas of Artificial intelligence and Machine Learning. The Department of Software and Information Systems Engineering will partner with Amdocs to further research on these critical issues.
“We are excited about the launch of a new Amdocs-BGU research lab. The joint lab team will join forces to push the frontiers in these fields,” said Yaron Sverdlov, CIO of Amdocs, and Mr. Oleg Brodt, Head of Research and Development at BGU’s Cyber Security Research Center.
The joint lab will be led by Prof. Bracha Shapira, deputy dean for research of the Faculty of Engineering Sciences and the incumbent of the Carole Weinstein Chair in Information Systems Engineering.
In addition to Prof. Shapira and Brodt, Netta Cohen, CEO of BGN Technologies, represented BGU at the ribbon-cutting ceremony. Amdocs was represented by Sverdlov, Hanoch Sapoznikov, Lead of Worldwide Academic Relations, Daphne Gottschalk, Head of Innovation, and Dr. Tomer Simon, IT Futurist and Director of Innovation & Academic Collaboration.
BGU’s W.A. Minkoff Senate Hall became a TEDx venue last week as President Prof. Rivka Carmi and five other speakers took to the stage to discuss issues at the heart of modern civilization.
The event was sponsored by the CyberSpark Industry Initiative.
Video clips of each talk will be available in the near future.
Rivka Carmi, BGU President
Prof. Carmi has studied & worked hard on her way up to the very top. Few have the perseverance and stubborn determination required to be a military commander, straight-A student, pediatrician, geneticist, University president & chair of Israel’s University presidents committee. All this despite and thanks to the fact she is a woman; and, like many other women, Prof. Carmi faced gender discrimination and bias on her way to the top. But now, from the height of her accomplishments, she’s able and ready to make a change.
Yuval Elovici, Head of Cyber Security Research Center
We hear the term ‘Internet of Things’ thrown around a lot and it seems that as a society we are developing some sort of phobia of ‘smart’ devices. Think of your typical day: you wake up, do your morning routine, open the fridge, maybe turn on the heating, and the boiler for the shower. You get into your car and drive to work. On the TEDxBGU stage, Prof. Elovici takes us through a typical day just a few years from now, when all those items will be connected to the cloud and make us realize the power of connectivity, for good or ill.
Ran Balicer, Director at Clalit Research Institute
Prof. Balicer is at the forefront of medical research. In fact, he’s so far ahead of us all that he sees the idea of going to the doctor when you are sick as absurd. Predictive technologies are making their way to medicine and, on the TEDx stage, Prof. Balicer proves to us that in just a few years, if we end up sick in the doctor’s office, then medicine failed us.
Yaniv Harel, Cyber Solutions Group CEO, Dell EMC
Yaniv’s group at Dell gets up close and personal day after day with the world’s scariest cyber threats. He faces groups of hackers who learn from each other all the time and try to develop collaborative mechanisms that can outsmart our own defense tactics. Yaniv dives deep into the future of cyber threats, telling us what we’re up against – and if we are ready.
Mark Gazit, ThetaRay, CEO
When’s the last time someone stole from you? Mark’s here to tell us it was yesterday, or maybe just five minutes ago. The point is – we don’t even know. Mark is an entrepreneur building solutions for complex problems. In his latest role, Mark is working on preventing online theft and fraud, and, in doing so, he encounters much bigger questions. Do we even know we are being robbed?
Doron Stern, TS Law, Founding Partner
In our modern world, it seems there is a precedent for everything we do, for every crime that occurs. Sometimes it feels like everything is regulated, maybe even over-regulated, and there are clearly defined authorities in charge of enforcing the law. However, when it comes to Cyber Law, Doron is constantly bombarded with unprecedented, new types of crime that we need to know about. Is our justice system ready?
Source: Ben-Gurion University of the Negev
Malware Lab researchers at Ben-Gurion University of the Negev (BGU) are warning medical imaging device (MID) manufacturers and healthcare providers to become more diligent in protecting medical imaging equipment from cyber threats.
In their new paper, “Know Your Enemy: Characteristics of Cyber-Attacks on Medical Imaging Devices,” Malware Lab researchers demonstrate the relative ease of exploiting unpatched medical devices, such as computed tomography (CT) and magnetic resonance imaging (MRI) machines, many of which do not receive ongoing security updates. Consequently, an attacker can easily compromise the computer that controls the CT device causing the CT to emit high rates of radiation, which can harm the patient and cause severe damage. Attackers can also block access to MIDs or disable them altogether as part of a ransom attack, which has already occurred worldwide.
This study is a new frontier in cyber security research. It is part of a larger-scale research project called Cyber-Med, initiated by Dr. Nir Nissim, the head of the Malware Lab at BGU’s Cyber Security Research Center (CSRC). Cyber-Med aims to develop security mechanisms for the entirety of medical devices’ eco-systems including implanted pace-makers, robotic surgeon systems (e.g. Da-Vinci), medical information systems and protocols, ICU medical devices and MIDs. In recent years, MIDs are becoming more connected to hospital networks, which make them vulnerable to sophisticated cyber-attacks that can target a device’s infrastructure and components and fatally jeopardize a patient’s health and the hospital systems operations.
The research was released ahead of the Cybertech Conference which begins this afternoon (Monday) and runs through Wednesday at the Tel Aviv Fairgrounds. BGU is the conference’s academic partner. Cybertech is one of the biggest and most important cyber events in the world. Every year, Cybertech draws thousands of guests and groups from abroad, including delegations from 80 countries.
Malware Lab experts predict attacks on MIDs will increase. They foresee attackers developing more sophisticated skills directed at these types of devices, the mechanics and software of which are often installed on outdated Microsoft PCs.
“CTs and MRI systems are not well-designed to thwart attacks,” says lead author Dr. Nir Nissim, who simulates MID cyberattacks together with his MSc student Tom Mahler. Tom is part of the Malware Lab’s research team which includes 17 outstanding research students, and conducted the research under the supervision of Dr. Nir Nissim, Prof. Yuval Elovici, director of Cyber@BGU and Prof. Yuval Shahar, director of BGU’s Medical Informatics Research Center. “The MID development process, from concept to market, takes three to seven years. Cyber threats can change significantly over that period, which leaves medical imaging devices highly vulnerable.”
The study, conducted in collaboration with Clalit Health Services, Israel’s largest health maintenance organization, included a comprehensive risk analysis survey based on the “Confidentiality, Integrity and Availability” risk model, which addresses information security within an organization.
Researchers targeted a range of vulnerabilities and potential attacks aimed at MIDs, medical and imaging information systems and medical protocols and standards. While they discovered vulnerabilities in many of the systems, they found that CT devices face the greatest risk of cyberattack due to their pivotal role in acute care imaging. Simulated cyberattacks revealed four dangerous outcomes:
- Disruption of scan configuration files − By manipulating these files, an attacker can install malware that controls the entire CT operation and puts a patient at great risk.
- Mechanical MID motor disruption – Medical imaging devices have several components with mechanical motors, including the bed, scanner and rotation motors, which receive instructions from a control unit, such as the host computer (PC). If malware infects the host computer, an attack on the motors can damage the device and injure a patient.
- Image results disruption − Because a CT sends scanned results connected to a patient’s medical record via a host computer, an attack on that computer could disrupt the results, requiring a second exam. A more sophisticated attack may alter results or mix up a transmission and connect images to the wrong patient.
- Ransomware − This malware encrypts a victim’s files and demands a ransom to decrypt them. The WannaCry attack, which affected more than 200,000 devices in more than 150 nations in May 2017, directly infected tens of thousands of U.K. and U.S. hospital devices, including MRIs.
“In cases where even a small delay can be fatal, or where a dangerous tumor is removed or erroneously added to an image, a cyberattack can be fatal,” says Mahler. “However, strict regulations make it difficult to conduct basic updates on medical PCs, and merely installing anti-virus protection is insufficient for preventing cyber-attacks.”
BGU Malware Lab researchers are working on new techniques to secure CT devices based on machine learning methods. The machine-learning algorithm analyzes the profile of the patient being scanned as well as many additional operational parameters of the CT itself, and produces an anomaly detection model based on a clean CT machine. Once the machine is infected, the detection model can identify the change in its behavior and its operational parameters and alert the administrator accordingly.
In future research, Nissim and his team will conduct nearly two dozen attacks to further uncover vulnerabilities and propose solutions to address them. They are interested in collaborating with imaging manufacturers or hospital systems for in situ evaluation.
In addition to Dr. Nir Nissim, the head of the Malware-Lab and a researcher in the Telekom Innovation Labs@BGU, the research team includes Dr. Erez Shalom, research manager at BGU’s Center for Digital Innovation Digital Health Lab; Prof. Yuval Elovici, director of the Telekom Innovation Labs@BGU, director of Cyber@BGU and a member of the BGU Department of Software and Information Systems Engineering; and Prof. Yuval Shahar, who is head of BGU’s Medical Informatics Research Center and Tom Mahler. They collaborated with Dr. Arnon Makori, Itzik Kochav and Israel Goldenberg from Clalit Health Services.
“As the Israeli academic leader in cyber security research, we partnered with Israel Defense to help create the Cybertech Conferences four years ago,” says BGU President Prof. Rivka Carmi. “Cybertech is the preeminent forum in Israel to showcase our success in cyber research, innovation and commercialization and we will continue to play a leadership role in that arena.”
BGU will be represented both at the Cybertech conference and the exhibition. At the exhibition, BGU will be part of the CyberSpark Beer-Sheva pavilion. At the conference, Prof. Carmi will welcome the attendees on Tuesday morning at 8:50 a.m. and BGU researchers will take part in the panel sessions.
Prof. Lior Rokach head of the department, Prof. Bracha Shapira deputy dean for research, Prof. Yuval Elovici director of deutsche telekom laboratories and cyber labs in Israel and Mr. Oleg Brodt director of development at the cyber labs
participated in the World Economic Forum Davos 2018
They lectured on the subject of artificial intelligence and cyber security
BGU’s top cybersecurity researchers will address the impact of artificial intelligence (AI) – the good, bad and the future at the World Economic Forum Annual Meeting in Davos, Switzerland, Tuesday, January 23. They are one of only two Israeli delegations presenting at the high-profile Davos event.
The BGU researchers’ session entitled Cyber-Forensics with Ben-Gurion University of the Negev is part of the IdeasLab forum on Tuesday, January 23 from 4:15 – 5:30 p.m. in the Congress Centre. The IdeasLab connects big ideas with big thinkers in an engaging session format where discussion leaders pitch cutting-edge scientific innovations.
The BGU cyber research experts will discuss how both hackers and defenders are harnessing the power of AI and how AI-enabled attacks are no match for current defenses.
“Ben-Gurion University is honored that our world-renowned cybersecurity research expertise will be prominently featured at this major world event,” says BGU President Prof. Rivka Carmi. “This is a significant milestone for the University and further acknowledgment that BGU is the place to go for cutting-edge cybersecurity innovation.”
BGU speakers include:
Prof. Yuval Elovici – Prof. Elovici will explain how attackers utilize AI to render their attacks undetectable. He is director of the Deutsche Telekom Innovation Labs@BGU, the telecommunications company’s only research and development lab outside of Germany. Elovici is also director of the Cyber Security Research Center and a member of the BGU Department of Software and Information Systems Engineering.
Prof. Bracha Shapira – Prof. Shapira will address how defenders use AI to catch abnormalities and deviations. She is the vice dean for Research, Faculty of Engineering Sciences, BGU. Prof. Shapira is a former chair of the Department of Software and Information Systems Engineering, and a member of the Deutsche Telekom Innovation Labs@BGU and the Cyber Security Research Center.
Prof. Lior Rokach – Prof. Rokach will discuss adversarial AI, and how attackers have started an AI arms race as they seek to circumvent systems. He will also provide recommendations on how defenders can prevent such circumvention. Prof. Rokach is chair of the Department of Software and Information Systems Engineering as well as a member of the Deutsche Telekom Innovation Labs@BGU and the Cyber Security Research Center.
Cyber@BGU (CBG) serves as a shared research platform for some of the world’s most innovative and technologically challenging projects in partnership with multi-national companies and governmental organizations. Situated in the Ben-Gurion Advanced Technologies Park in Beer-Sheva, Israel’s Cyber Capital, CBG encompasses the Cyber Security Research Center, a joint initiative with the Israel National Cyber Bureau, and the Telekom Innovation Laboratories, in partnership with Deutsche Telekom.
Core research included under the Cyber@BGU umbrella includes IoT security; cyber for intelligent transportation; cyber for aviation; malware; AI-based cyber defense; fraud detection; and Big Data analysis for cybersecurity.
The World Economic Forum Annual Meeting will be held January 23-26, 2018, in Davos, Switzerland. The BGU sessions will be available on demand on the Forum YouTube channel and TopLink following the session.
In this week’s IoT cyber security and cyber hygiene podcast, we had the pleasure of interviewing Omer Shwartz, a Ph.D student at the prestigious Information Systems Engineering Department at Ben Gurion University of the Negev, and an active member of the Implementation Security and Side-Channel Lab under Dr. Yossi Oren.
His latest published paper is titled, Opening Pandora’s Box: Effective Techniques for Reverse Engineering IoT Devices, in which him and his team analyzed the practical security level of 16 popular IoT devices and discuss how to improve their security without significantly increasing their cost.
This interview is <20 minutes, feel free to listen to it below or go ahead and read the edit. Enjoy!
Could you explain a bit about the work being done at the Implementation Security and Side-Channel Lab at Ben-Gurion University?
We are a relatively new lab, but with very exciting work: investigating all kinds of side channel leakage models and implementing security. My field is mainly around hardware security, but we research and work on all kinds of metrics to get information in and out of devices that are not meant to broadcast information. Some research I’ve done under Dr. Yossi Oren include a phone case that can exfiltrate phone data (location and conversations) while the user is unaware, and a project on how replacement touch-screens could be malicious and used to harm or spy on users.
How did you first get involved in cyber security and hacking, were you always breaking things?
Yeah, actually (laughing) since I was little I liked looking into things and figuring out how they work. I’ve been in the hacking community for around 15 years and always had an interest in hacking and cyber security before it became a really big and known issue as it is today. Cyber security always interested me, it’s like a hidden thing that really affects our world, and nobody really talked about it until recently, and it has a long way to go. There are so many threats that we have not seen yet, and that’s why I’m a part of this lab and studying towards a PhD, because I think there is so much to discover.
If cyber security has a long way to go, it’s probably because of the exponential growth of IoT devices, right?
IoT devices are a really big part of it. Nobody cared about cyber security before, but now that we have all these phones and IoT devices, everybody suddenly realizes that these things were never designed to be secure -they use infrastructure that was not designed to be secure.
It’s a really good place to be, from an Academic point of view, because there is so much to invest and research everywhere.
Share with us some details behind the research you conducted with Asaf Shabtai, Opening Pandora’s Box: Effective Techniques for Reverse Engineering IoT Devices, what was the thought process that went into it?
A friend of mine had hundreds of IoT devices for some cyber security research he was conducting and, out of curiosity he asked me if I could find any vulnerabilities in them, we didn’t think of writing a paper about it.
We began taking devices apart and looking inside and noticed that all the devices were really insecure. Many, if not most, IoT devices sold today can be accessed remotely with a default password, which is usually really simple.
But we also looked into what happens when an attacker has one of your networked devices, using it as a gateway to get network information and access. So we wrote a really comprehensive analysis of the devices’ vulnerabilities and compiled a large array of techniques used, some of them already known, but gathered in such a way as to allow other people to try them and see if their devices are secure.
Other than easily and cheaply cracking the passwords stored in these devices’ hash and creating our own Mirai botnet with them, we found vulnerabilities such as devices holding private communication key in the file system. Anyone that gets that key can listen to the device’s communication. It’s really bad security practice, but it seems that in IoT the most important thing is getting a product to market and not securing it properly.
What would be your recommendations for IoT manufacturers?
I’d start with not having hard-coded easy passwords and completely disabling remote-access. Also, nobody considers attackers with access to your device, but devices should be built in a way that make it harder to reverse-engineer -this is a difficult problem, but at least it shouldn’t be so easy to reverse-engineer. All the devices we used were really easy to reverse-engineer, they have special ports in the board that allows us to connect and communicate with the console quite easily, and that’s something that shouldn’t be on a production board, just on a development board. We were actually able to get all of our information because most of the devices’ debug ports were open, which combined with weak passwords, gave us full access to install our own software. So my recommendation is to disable the debug and WRT ports, and strong passwords hashed with strong algorithms.
What would be your cyber hygiene recommendations for technology consumers?
You know, they always say that humans are the weakest link in the cyber security chain, and this is correct in a way. I would recommend strong passwords, because the current way people use them today is incorrect, they should be long and hard to crack – and one should never reuse passwords to avoid bigger problems.
When it comes to IoT devices, I would recommend staying away from unknown manufacturers. I hope some of my research will lead to consumers and researchers using our techniques to inspect their own devices and realize what is in there, and whether they are secure or not, giving power to the consumers to understand what is being sold.
Source: The Netonomy Blog
The first technique to detect a drone camera illicitly capturing video is revealed in a new study published by Ben-Gurion University of the Negev (BGU) and Weizmann Institute of Science cyber security researchers. The study addresses increasing concerns about the proliferation of drone use for personal and business applications and how it is impinging on privacy and safety.
In a new paper, “Game of Drones – Detecting Captured Target from an Encrypted Video Stream,” the researchers demonstrate techniques for detecting if a targeted subject or house is being recorded by a drone camera.
“The beauty of this research is that someone using only a laptop and an object that flickers can detect if someone is using a drone to spy on them,” says Ben Nassi, a Ph.D. student of Prof. Yuval Elovici’s in BGU’s Department of Software and Information Systems Engineering and a researcher at the BGU Cyber Security Research Center. Elovici is the Center’s director as well as the director of Telekom Innovation Labs at BGU. “While it has been possible to detect a drone, now someone can also tell if it is recording a video of your location or something else.”
In the first demo, researchers show how a privacy invasion against a house can be detected. They used smart film placed on a window and entered a few software commands on a laptop to access the encrypted video the drone operator sees, called the FPV channel. This enabled the researchers to demonstrate how they detect that a neighbor is using a DJI Mavic drone to capture images of his own home and then illicitly stream video of his neighbor’s house, as well.
Game of Drones
In a second outdoor test, researchers demonstrate how an LED strip attached to a person wearing a white shirt can be used to detect targeted drone activity. When researchers flickered the LED lights on the cyber-shirt, it caused the FPV channel to send an “SOS” by modulating changes in data sent by the flickering lights.
“This research shatters the commonly held belief that using encryption to secure the FPV channel prevents someone from knowing they are being tracked,” Nassi says. “The secret behind our method is to force controlled physical changes to the captured target that influence the bitrate (data) transmitted on the FPV channel.”
This method can be used on any laptop that runs Linux OS and does not require any sophisticated hacking or cryptographic skills.
“Our findings may help thwart privacy invasion attacks that are becoming more common with increasing drone use,” Nassi says. “This could have significant impact for the military and for consumers because a victim can now legally prove that a neighbor was invading their privacy.”
In previous research, Nassi showed how a laser mounted to a DJI Inspire 1 drone can use malware installed on an isolated (air-gapped) network scanner.
The research team also included Raz Ben-Netanel, a student in the BGU Department of Communication Systems Engineering. Prof. Adi Shamir from the Weizmann Institute of Science conceived the Game of Drones technique.
Source: Ben-Gurion University
Such cyberattacks in limelight as WikiLeaks shows how US spies use TVs, callphones and computers to get data
A researcher at Ben-Gurion University of the Negev (BGU) claims he has developed a series of algorithms that can “completely prevent” attackers from being able to utilize videos or pictures for spying purposes, warning that any video picture downloaded or streamed by users could be a potential vehicle for a cyberattack.
“Hackers like videos and pictures because they bypass the regular data transfer systems of even secure systems and there is a lot of space to implant malicious code,” said Prof. Ofer Hadar, chair of the Department of Communication Systems Engineering at Ben-Gurion University.
Video and picture downloads and video streaming account for 50 percent of internet traffic today and are expected to rise to 67% of web traffic by 2020, the university said in a statement.
Video vulnerability to hacking took front stage this week after WikiLeaks allegedly revealed thousands of pages about US Intelligence agencies’ cyber-espionage capabilities. These suggested that American spies can break into most things connected to the internet, including TVs, cellphones and computers.
Hadar said he has developed a multi-vector series of algorithms that has the ability to prevent attackers from being able to utilize videos or pictures for malicious purposes.
The method is based on steganography — the practice of concealing a file, message, image, or video within other files, messages, images, or videos in the compressed form in which most video is stored.
“We use steganography to manipulate the video so the malicious code will be affected without affecting the quality — such as the runtime or image — of the video,” said Hadar in a phone interview. “Preliminary experimental results show that a method based on a combination of our techniques results in 100% protection against cyberattacks.”
Hadar preferred not to go into further details about how the algorithms work on malicious codes, to preserve the secrecy of the software.
Called The Coucou Project, Hadar’s research has received funding from the Cyber Security Research Center at BGU, a joint initiative of BGU and the Israeli National Cyber Bureau, to develop the solution. In addition, the BaseCamp Innovation Center at the Advanced Technologies Park adjacent to BGU is interested in developing the platform into a commercial company, BGU said in a statement.
Hadar says the project does not try to identify the malware, but rather assumes it is there and automatically works against it.
The Coucou software — named after the cuckoo bird which lays its eggs in the nests of other species of birds — is in the middle of a real-time simulation and will have a demonstration of the system by summer, Hadar said.
Future customers of an eventual software product could be firewall and antivirus companies or spy agencies, he said.
Source: The Time Of Israel