CBG in the News
Beware of smartphones and cameras around wallets storing your digital coin. Researchers have defeated a key protection against cryptocurrency theft with a series of attacks that transmit private keys out of digital wallets that are physically separated from the Internet and other networks. Like most of the other attacks developed by Ben-Gurion University professor Mordechai Guri and his colleagues, the currency wallet exploits start with the already significant assumption that a device has already been thoroughly compromised by malware. Still, the research is significant because it shows that even when devices are airgapped—meaning they are...Read More ...
Israeli and American researchers develop generic method to detect fake accounts on most types of social networks, including Facebo...Read More ...
The team of security researchers—who last month demonstrated how attackers could steal data from air-gapped computers protecte...Read More ...
Boffins shows that sound output devices secretly capture audio Computer speakers and headphones make passable microphones and can ...Read More ...
‘Assume every camera on a network can be hacked,’ cautioned the police cybercrimes unit. Aviral Peeping Tom who hacked into th...Read More ...
Prof. Elovici is Head of the Cyber Security Research Center at Ben Gurion University Think of your typical day: you wake up, do yo...Read More ...
If you ever find a lost charger, don’t use it. If you need power and are tempted to plug into a public USB port, don’t do it. It’s long been known that you should never insert an unknown USB drive to your computer because it could be loaded with malware. However, new research from Ben-Gurion University has exposed 29 types of USB attacks, and extends to your smartphone. It shows that you should never use a USB charger you find lying around or plug into a public USB port. Both can be compromised by attackers, as we talked about with one of the researchers on the project, Ran Yahalom. Yahalom is the co-author of a journal art...Read More ...
A team of Israeli researchers have discovered that the average IoT devices you buy on store shelves can be compromised within 30 minutes and added to a botnet. As Internet of Things devices multiply exponentially, it looks like security still isn’t improving. A team of Ben-Gurion University researchers recently went out and bought a bunch of off-the-shelf devices to see how easily they could compromise them—and then use that information to attack other devices like them over the internet. In an interview with TechRepublic, BGU senior lecturer Yossi Oren explained what they found. You can watch the video interview above or read the tra...Read More ...
Israel is among those countries everyone would want to watch her steps in matters security. No debate, the country has it all when it comes to criminology and everything weaponry related. But, in its current move to use artificial intelligence as a tool to fight crime, that’s a serious move that requires deep thinking especially with the current fears associated with the technology. Since the release of the report that revealed how AI is vulnerable for use against human security, to date, experts have been arguing fiercely over whether this technology should be declared illegal or wiped from the earth, but that seems too late now. AI is G...Read More ...
“Today, we are on the threshold of the next big breakthrough: analyzing big data to discover hidden patterns to predict and prev...Read More ...
Enhancing offensive capacity by creating attack toolboxes | Yuval Elovici AI helps to defend against cyber attacks – but can a...Read More ...
Beware of smartphones and cameras around wallets storing your digital coin.
Researchers have defeated a key protection against cryptocurrency theft with a series of attacks that transmit private keys out of digital wallets that are physically separated from the Internet and other networks.
Like most of the other attacks developed by Ben-Gurion University professor Mordechai Guri and his colleagues, the currency wallet exploits start with the already significant assumption that a device has already been thoroughly compromised by malware. Still, the research is significant because it shows that even when devices are airgapped—meaning they aren’t connected to any other devices to prevent the leaking of highly sensitive data—attackers may still successfully exfiltrate the information. Past papers have defeated airgaps using a wide array of techniques, including electromagnetic emissions from USB devices, radio signals from a computer’s video card, infrared capabilities in surveillance cameras, and sounds produced by hard drives.
On Monday, Guri published a new paper that applies the same exfiltration techniques to “cold wallets,” which are not stored on devices connected to the Internet. The most effective techniques take only seconds to siphon a 256-bit Bitcoin key from a wallet running on an infected computer, even though the computer isn’t connected to any network. Guri said the possibility of stealing keys that protect millions or billions of dollars is likely to take the covert exfiltration techniques out of the nation-state hacking realm they currently inhabit and possibly bring them into the mainstream.
“I think that the interesting issue is that the airgap attacks that were thought to be exotic issues for high-end attacks may become more widespread,” he wrote in an email. “While airgap covert channels might be considered somewhat slow for other types of information, they are very relevant for such brief amounts of information. I want to show the security of ‘cold wallet’ is not hermetic given the existing airgap covert channels.”
One technique can siphon private keys stored in a cold wallet running on a Raspberry Pi, which many security professionals say is one of the best ways to store private cryptocurrency keys. Even if the device became infected, the thinking goes, there’s no way for attackers to obtain the private keys because it remains physically isolated from the Internet or other devices. In such cases, users authorize a digital payment in the cold wallet and then use a USB stick or other external media to transfer a file to an online wallet. As the following video demonstrates, it takes only a few seconds for a nearby smartphone under the attacker’s control to covertly receive the secret key.
The technique works by using the Raspberry Pi’s general-purpose input/output pins to generate radio signals that transmit the key information. The headphones on the receiving smartphone act as an antenna to improve the radio-frequency signal quality, but in many cases they’re not necessary.
A second video defeats a cold wallet running on a computer. It transmits the key by using inaudible, ultrasonic signals. Such inaudible sounds are already being used to covertly track smartphone users as they move about cities. It wouldn’t be a stretch to see similar capabilities built into malware that’s designed to steal digital coins.
As already mentioned, the exfiltration techniques described in this post assume the device running the cold wallet is already infected by malware. Still, the widely repeated advice to use cold wallets is designed to protect people against this very scenario.
“We show that, despite the high degree of isolation of cold wallets, motivated attackers can steal the private keys out of the air-gapped wallets,” Guri wrote in the new paper. “With the private keys in hand, an attacker virtually owns all of the currency in the wallet.”
To protect keys, people should continue to store them in cold wallets whenever possible, but they should consider additional safeguards, including keeping cold wallets away from smartphones, cameras, and other receivers. They should also shield cold-wallet devices with metallic materials that prevent electromagnetic radiation from leaking. Of course, people should also prevent devices from becoming infected in the first place.
Source: Ars Technica
Israeli and American researchers develop generic method to detect fake accounts on most types of social networks, including Facebook and Twitter.
Fraudulent user profiles – bots – are a serious and growing concern on social media. By some estimates, as many as 48 million Twitter accounts and 270 million Facebook accounts are phony, designed for nefarious purposes from ruining reputations to influencing shoppers and voters.
Now, researchers from Israel’s Ben-Gurion University (BGU) of the Negev and from the University of Washington in Seattle say they have developed a generic method to detect fake accounts on most types of social networks, including Facebook and Twitter.
According to their study published in the journal Social Network Analysis and Mining, the new method is based on the assumption that fake accounts tend to establish improbable links to other users in the networks.
“With recent disturbing news about failures to safeguard user privacy, and targeted use of social media by Russia to influence elections, rooting out fake users has never been of greater importance,” said Dima Kagan, lead researcher and a PhD student in BGU’s department of software and information systems engineering.
The algorithm consists of two main iterations based on machine-learning algorithms. The first constructs a link prediction classifier that can estimate, with high accuracy, the probability of a link existing between two users. The second iteration generates a new set of meta-features based on the features created by the link prediction classifier.
These meta-features are used to construct a generic classifier that can detect fake profiles in a variety of online social networks.
“We tested our algorithm on simulated and real-world data sets on 10 different social networks and it performed well on both,” Kagan reported.
“Overall, the results demonstrated that in a real-life friendship scenario we can detect people who have the strongest friendship ties as well as malicious users, even on Twitter. Our method outperforms other anomaly detection methods and we believe that it has considerable potential for a wide range of applications particularly in the cybersecurity arena,” the study authors said.
The algorithm can also be used to reveal the influential people in social networks.
The Israeli researchers involved in this project previously developed the Social Privacy Protector (SPP) to help users evaluate their friends list in seconds to identify which have few or no mutual links and might therefore be phony profiles.
Other researchers who contributed to the present study are former BGU doctoral student) Michael Fire of the University of Washington and Prof. Yuval Elovici, director of the Telekom Innovation Labs@BGU, director of Cyber@BGU and a faculty member of BGU’s department of software and information systems engineering.
The study was supported by the Washington Research Foundation Fund for Innovation in Data-Intensive Discovery and the Moore/Sloan Data Science Environment Project at the University of Washington.
As with people, nations are best judged by what they do, not what they say. Based on the quality and quantity of its achievements, Israel clearly is a doer.
For the third year in a row, in honor of Israel’s birthday, I’ve prepared a list of notable things the country has done over the past 12 months. As extensive as this compilation may seem, it is really only a small sampling of what the country has accomplished since the previous Independence Day last spring.
For reasons of brevity and space, each discovery, invention, breakthrough, initiative and success featured below is represented simply with a headline and two sentences, based on previously published media reports. Together, these items reflect the essence of Israel and its inclination to forge ahead in all spheres and to help make the world a better place. Together, they testify to the magnitude of what Israel manages to achieve despite all the adversity and challenges it faces.
As Israelis and their friends abroad celebrate the Jewish state’s 70th birthday, here are 70 examples from just the past year that show why Israel deserves far more affinity than it usually receives. This selection from May 2017 to April 2018 is presented chronologically according to when each item was reported in the media.
1. Israeli chefs win prestigious awards in US for culinary work
The James Beard Foundation honored Michael Solomonov for his work putting Israeli-inspired dishes and Israeli-produced ingredients on American plates. At a ceremony in Chicago, Solomonov, chef at Philadelphia’s Zehav restaurant, received the Outstanding Chef award, while another Israeli, Zachary Engel, received the Rising Star Chef award for his work at Shaya restaurant in New Orleans, established by Israeli-American chef Alon Shaya.
2. Doctors use robots to perform revolutionary spinal surgery
Hadassah Hospital in Jerusalem performed the world’s first-of-its-kind dual robotic surgery on a man who had broken his leg in two places and broke six spinal vertebrae in a work accident. The new procedure was successful and the patient was expected to be able to walk soon.
3. El Al wins world innovation award for wearable jacket
Travel Plus, a major UK-based travel and consulting organization, saluted Israel’s national airline for its wearable blanket it offers passengers on its flights. The El Al blanket/jacket, which has holes for the head and arms so it won’t fall off like standard blankets, won first place in the innovation category at the Travel Plus third annual Airline Amenity Awards event in Hamburg, Germany.
4. Goggles give cyclists pilot’s-eye view of surroundings
Elbit, Israel’s defense technology giant, announced its first consumer product: augmented reality goggles for cyclists, based on technology used for fighter-pilot helmets. The goggles, called Everysight, give riders information about the terrain they’re navigating and their performance and include a map projection overlay giving riders a full view of their surroundings, similar to accident avoidance technology used in cars developed by another Israeli company, Mobileye.
5. Tel Aviv ranked one of the world’s most vegan-friendly cities
A report by the British newspaper, The Independent, cited Tel Aviv as among the 10 most vegan-friendly cities in the world, saying it is home to more than 400 vegan and vegan-friendly places to eat. The paper added that with nearly five percent of Israelis eschewing meat, dairy and eggs, Israel is now, per capita, the world’s biggest vegan nation.
6. Food safety test wins UN prize for innovation
Yarok Technology Transfer, a developer of fast, accurate tests for the food industry, received the 2017 United Nations International Award for “Innovative Ideas and Technology on Agribusiness.” One of five winners, selected from 330 entries from 80 countries, the Jerusalem-based company was honored for its fast testing system that detects the presence of dangerous bacteria in food in just 45 minutes.
7. Cannabis ingredient used to reverse aging process in mice
Researchers have long sought ways to slow down or even reverse how aging human brains lose their cognitive abilities. Scientists at Jerusalem’s Hebrew University and the University of Bonn in Germany report in Nature Medicine that they’ve now achieved this goal in mice by administering a small quantity of THC, the active ingredient in the hemp plant (cannabis). The results open the possibility of new treatments for dementia.
8. Israel rushes aid to Sri Lanka as floods displace thousands
Following widespread flooding in Sri Lanka, Israel delivered emergency supplies to authorities as they struggle to cope with the impact of floods and mudslides that killed 200 people and displaced 80,000 others from their homes. Israel’s humanitarian assistance included power generators that were taken to afflicted areas.
9. Scientist eradicates cells linked to age-related diseases
A molecular cell biologist at the Weizmann Institute of Science in Rehovot has found the first feasible therapeutic approach to eradicating cells that contribute to Type 2 diabetes, Alzheimer’s, cataracts, osteoporosis and other diseases. Valery Krizhanovsky identified two ways to “knock down” proteins that can cause senescent cells to accumulate and lead to various age-related diseases.
10. New treatment for ALS hailed as breakthrough
Scientists at Beersheba’s Ben-Gurion University of the Negev (BGU) in Bersheeva have developed a drug for amyotrophic lateral sclerosis (ALS), also known as Lou Gehrig’s disease, that improves brain function of ALS sufferers. BGU said researchers found a way to slow the progress of ALS, stopping the increased activity of glial cells which attack and kill healthy brain cells, thereby restoring the central nervous system’s immune system and increasing life expectancy.
11. Scientists find vital key to fixing damaged heart tissue
Israeli scientists have isolated a molecule that promotes heart cell regeneration, according to results of a new study published in Naturemagazine, a discovery that could offer hope to millions of sufferers of cardiovascular diseases around the world. The study, led by Rehovot’s Weizmann Institute of Science in cooperation with other schools in Israel and in the US, examined the effect of an embryonic protein on adult heart regeneration.
12. Device simplifies hernia surgery and recovery
Thanks to the FasTouch cartridge system, patients who undergo hernia repair should experience less complications, less postoperative pain and faster recovery. Developed by Via Surgical in Amirim and recently made available in the US, the device gives surgeons a less invasive tool for attaching prosthetic material to soft tissue to treat a hernia, a protrusion of an organ or tissue through a weak spot in the abdomen or groin.
13. New app tests fruit and vegetables for freshness
ClariFruit, a startup in Ness Ziona formerly known as AclarTech, has introduced a portable molecular sensor for measuring the quality of fruits and vegetables that may have a major impact on the global food market by helping prevent wasted products. Marketed only to farmers, wholesalers and supermarket chains for now, the application allows a smartphone to monitor and analyze the ripeness, freshness and durability and taste by sending infrared rays to the produce.
14. Researchers develop new therapy to treat heart disease
Ben-Gurion University’s department of clinical biochemistry and pharmacology has found a way to reduce arterial plaque and inflammation in the cardiovascular system that addresses hardening and narrowing of the arteries and prevents heart failure. BGU researchers said the polymer-based therapy may also help people with diabetes, hypertension and other age-related conditions.
15. Cyber security specialists fight against international hackers
In the ongoing battle to defend people from cyber attackers, researchers at Ben Gurion University’s Cyber Security Research Center have identified a new way by which hackers can steal your data: the LED lights on your router. A study by BGU’s Mordechai Gur, head of CSRC’s research and development found hackers can “infect” your router and, via a remote or local camera or a light sensor in the room, can record the LED’s activity and decode the signals.
16. David Grossman wins prestigious Man Booker Prize
Author David Grossman’s novel, A Horse Walks into a Bar, won the UK-based Man Booker International Prize for the year’s best fiction in translation. It was selected from 126 titles, whittled down to a six-book shortlist which included fellow Israeli literary heavyweight Amos Oz.
17. Startup developing wearable device that monitors vitals
Israeli startup, BiPS Health, which beat 49 other medical technology companies for top prize in the 2017 Trendlines Medtech Open, has designed a device that measures a patient’s blood pressure, blood oxygen saturation, respiration rate and heart rate. It is worn on a person’s wrist and fingers and replaces the need for hospital nurses taking patients’ vitals every eight hours, improving the ability to detect deterioration in a patient’s condition hours before it actually occurs.
18. Intel enlists Israeli cyber-experts to foil hacking attacks
The world’s largest chip-maker, Intel, is joining forces with cybersecurity incubator Team8 to find technology to thwart increasingly sophisticated threats from persistent hackers. The US-based Intel will also open a new cybersecurity center in Jerusalem and Haifa and plans to work with two cybersecurity companies launched with help from Team8.
19. Volcani Center Wins UNESCO Prize for Agricultural Innovation
The Agricultural Research Organization, Volcani Center in Israel, known for its groundbreaking discoveries, is among three winners of the 21017 UNESCO International Prize for Research in the Life Sciences. UNESCO said the Volcani Center “has successfully developed cutting-edge innovations and methodologies in agricultural research with practical applications as well as capacity-building programs to promote food security in arid, semi-arid and desert environments, advancing human well-being.”
20. Students create stretcher for difficult rescue operations
Engineering students at the Technion have produced a unicycle stretcher to help emergency medical services and search-and-rescue teams evacuate victims from off-road areas inaccessible to vehicles and helicopters. The 15-kilogram, foldable Adventure Stretcher, built in collaboration with Israel’s Segal Bikes and the United Hatzalah EMS network, allows two people to transport a patient over long distances by centering most of the weight on a large bicycle wheel.
21. Student develops tool for early detection of Parkinson’s
A PhD student at Jerusalem’s Hebrew University’s Faculty of Medicine has created a highly sensitive, groundbreaking test to identify Parkinson’s earlier, and better track the neurological disease’s progression and a patient’s response to therapy. Suaad Abd-Elhadi won the 2017 Kaye Innovation Award for her work which bodes well for improving diagnosis of Parkinson’s, which is particularly difficult to catch in early states and mild cases.
22. Israeli company helps increase Indian dairy yields
As India’s massive dairy industry grapples with comparatively low milk yields, Israeli company Maxximilk announced it’s providing assistance by impregnating surrogate heifers with “genetically superior” embryos. Scientists at Maxximilk produce what they say is the “highest quality in-vitro, ready-for-transfer pedigree embryos” that are genetically predisposed to withstand hot weather conditions and produce greater quantities of top-quality milk.
23. Students win three medals at Chemistry Olympiad in Thailand
The Israeli delegation to the 49th annual contest returned home with one silver and two bronze medals. The event attracted teams of four high school students from 76 countries who demonstrate their chemistry knowledge and skills in a five-hour laboratory practical and a five-hour theoretical examination.
24. Israeli firefighters help extinguish blazes in Montenegro
A delegation of elite Israeli firefighters, aided by the Air Force’s Fire Squadron, completed a five-day relief mission in Montenegro to put out wildfires ravaging its southern region and along the Adriatic Sea coastline. Israeli firefighters dropped 78,000 liters of fire retardant in 36 sorties as part of an international effort to help the Balkan country.
25. Multi-faith kids produce art project to break world record
Some 5,000 Jewish, Christian and Muslim preschoolers created paintings for the Children Dreaming Jerusalem project that were placed on the ceilings of the city’s light-rail cars. Organizers, who believe the inclusive project, involving secular, religious, Jewish West Jerusalem, Arab East Jerusalem and special-education students, is unprecedented in scale, were hoping to have it accepted for inclusion in the Guinness Book of World Records.
26. Israel arranges medical delegation for sick kids in Fiji
At the instigation of Israel’s Foreign Ministry’s Agency for International Development Cooperation and the Israeli Embassy in Canberra, Australia, a team of Australian ear-nose-throat specialists treated scores of children at a hospital in Suva, Fiji. The humanitarian initiative, which included surgical operations, also involved the Australasian Jewish Medical Federation in conjunction with Fijian doctors through the South Pacific country’s Health Ministry.
27. Israeli drip irrigation and solar power bring relief to Africa
The head of an Israeli charity says her organization is working on the ground in 147 villages in Africa, helping to fight starvation and a lack of water. Following her latest trip to Africa, Sivan Yaari told the Jerusalem Post that Innovation: Africa has a team on the ground in eight countries and a team in Israel, all working on water surveys, drilling, construction and solar power to help lift people out of extreme poverty.
28. Doctors implant device for congestive heart failure
A new Israeli patent, implemented for the first time in the world at Haifa’s Rambam Medical Center, was used as part of surgery to treat a patient for cardiac insufficiency. Dr. Yair Peled, who invented the procedure that involves inserting a special spring-like device into a person’s heart, said it could become a “therapeutic breakthrough.”
29. Israeli donors give $32 million in aid to Syrian civilians in 2017
Israel and private donors in Israel and abroad will spend at least $32 million sending goods to Syrian civilians in 2017 affected by the country’s devastating civil war — $26 million from donations and $6 million from the IDF budget, according to information obtained by Haaretz. These numbers do not include the cost of providing medical treatment for wounded and sick Syrian civilians inside Israel.
30. Company helps MS and stroke patients regain mobility
ReWalk, the Israeli firm that makes a robotic exoskeleton to get people with spinal-cord injuries back on their feet, unveiled the prototype for the Restore “exosuit” to assist stroke survivors and those afflicted with multiple sclerosis. Based in Yokneam, ReWalk is working with Harvard University on the design of the Restore soft suit which provides an immediate improvement in the walking capability of patients following a stroke.
31. Emergency team flies to Sierra Leone after disaster
Disaster relief workers from IsraAID, an Israeli non-governmental humanitarian aid organization, helped survivors in the wake of heavy flooding and a massive mudslide which killed 300 people and left thousands homeless. Days later, IsraAID sent a first-response team of 16 volunteers to southern Nepal to bring emergency assistance following severe flooding and landslides.
32. Israel sends special crisis units to flood-battered Texas
Two Israeli humanitarian aid organizations sent emergency personnel to Houston to help victims of Hurricane Harvey with relief and psychological support. The Israel Rescue Coalition and IsrAID both dispatched special teams to assist especially those left homeless by the disaster.
33. Israel has answer to India’s oriental fruit fly menace
Biofeed, an Israeli ag-tech company, says it has developed a revolutionary, no-spray, eco-friendly solution to protect farmers in India from the deadly oriental fruit fly, the most destructive and widespread of all fruit flies in 66 countries in Asia, Africa and the Americas. Biofeed “lures” hung on trees contain an organic, customized mix of food and control agents that kill the fly after it sips from the lure.
34. Israeli tech to prevent pipe-clogging at Hoover Dam
Water purification technology developed by the Israeli firm Atlantiumhas been chosen for use at Hoover Dam in Arizona to prevent an invasive species of mussels from clogging the water cooling system and interfering with the dam’s electricity production. Atlantium’s non-chemical UV water purification technology will kill off the organisms.
35. Tel Aviv hosts world’s biggest-ever animal-rights demo
Holding signs calling for compassion and veganism, up to 30,000 people took part in a Tel Aviv march to protest animal cruelty connected to food, entertainment, research and apparel. The large turnout was expected as Israel has many popular vegan-friendly restaurants and markets, and Tel Aviv is home to the world’s largest vegan festival.
36. Chicago seeks to gain from Israeli expertise in various fields
Leading a large delegation of businessmen, investors, healthcare professionals, academics and water experts to Israel, Chicago Mayor Rahm Emanuel said his city wanted to partner with Israeli institutions because of their level of knowledge. He was especially interested in Israeli expertise in water reclamation, recycling, desalination and purification, and also signed a cooperation agreement with Tel Aviv focusing on general innovation and technology.
37. Israel sends aid and special teams to Mexico after earthquake
The Israel Defense Forces and two Israeli humanitarian organizations dispatched emergency response teams to Mexico following a 7.1 magnitude quake 140 km southeast of the capital. Fifty members from the IDF’s Search and Rescue Unit arrived from Israel with a planeload of equipment while the nonprofit IsraAID sent a contingent of psychosocial, water, sanitation and hygiene specialists.
38. Israeli designs first special 3D-book for Hebrew University
Israeli artist and architect Ron Arad designed the world’s first entirely 3D-book printed and bound in one piece, unveiled at a gala event in Montreal. Titled Genius: 100 Visions of the Future, the book features Albert Einstein’s face on the spine and was part of initiatives marking the 100th anniversary of his Theory of Relativity, conceived by Toronto-based Israeli Rami Kleinmann, president/CEO of Canadian Friends of Hebrew University, assisted by CFHU VP and fellow Toronto-based Israeli Elan Divon, in honor of Einstein, one of the founders of Hebrew U.
39. Israeli eatery named London’s best restaurant
Israeli cuisine figures prominently in a new list of London’s top 100 restaurants, as compiled by the city’s respected Time Out magazine, which crowned Barbary, from the Jerusalem-based Machneyuda restaurant group, as London’s best place to eat. Four other Israeli restaurants appear on the list, reflecting the growing popularity of Israeli fare in England.
40. Company develops germ-killing cotton for use in hospitals
A Jerusalem firm has invented unique germ-vanquishing textiles to help in the battle against viruses and antibiotic-resistant “superbugs” that are rife in hospitals. Argaman Technologies has devised CottonX, described as the world’s first bio-inhibitive all-cotton fabric that kills 99.9% of microbes in seconds. It’s being used to make uniforms, towels, bedding, reusable face masks and other medical, military and consumer products.
41. IKEA selects Israeli food-tech firm for new accelerator
Tel Aviv-based Flying SpArk was one of 10 companies (out of more than 1,200 applicants from around the globe) that IKEA chose to come to Sweden to take part in a collaborative boot camp to encourage start-ups working on ways to solve some of the world’s most pressing problems. Flying SpArk is developing an all-natural protein ingredient, packed with essential minerals, extracted from the Mediterranean fruit fly, for human consumption.
42. Israel helps Puerto Rico with post-hurricane water scarcity
Equipment that captures humidity to supply potable water out of the air arrived in Puerto Rico at the initiative of the Israeli government following Hurricane Maria. The special machine, which produces up to 5,000 gallons of water a day, proved helpful as the hurricane left many of the island’s residents without access to safe drinking water.
43. Company unveils artificial cornea implant to help the blind
CorNeat Vision, an Israeli ophthalmic medical devices startup in Ra’anana, announced it has developed a revolutionary artificial cornea implant, offering hope to millions of blind and visually impaired people suffering from diseases of the cornea. The nanotech-based solution is a synthetic cornea that uses advanced cell technology to integrate artificial optics within ocular tissue.
44. Israeli software gives NY power plants protection
The Israeli company, mPrest Systems, that developed the software for Israel’s Iron Dome anti-missile system, is working with the New York Power Authority to prevent unexpected shutdowns in the state. Robert Moses Niagara Power Plant, Blenheim-Gilboa Pumped-Storage Power Plant, and a 500 MW plant in Queens now have software based on the software that runs Iron Dome.
45. Proportion of women judges in Israel reaches new heights
Seven new judges, five of whom are women, were sworn in at the Supreme Court while Esther Hayut was named the next president of the Supreme Court. Justice Minister Ayelet Shaked said after the appointments, 54% of Israel’s judges are women, adding there have been three women presidents of the Supreme Court in Israel, compared to none in the United States.
46. Researchers develop compound that can kill cancer cells
An enzyme normally found only in sperm cells is the same one that enables cancer cells to metastasize throughout the body, according to researchers at Bar-Ilan University in Ramat Gan who have devised a synthetic compound to disable the enzyme and kill proliferating cells in mice.
47. First-ever inhaler changes marijuana into prescribed doses
A Tel Aviv company is bringing the world’s first metered-dose cannabis inhaler to market, allowing doctors to give patients exact doses of medical marijuana in a controlled setting in a way that takes full effect much faster than if consumed via oils or edibles. Syqe Medicalannounced it has entered into a partnership with Teva Pharmaceuticals to bring their new 3D printed cannabis technology to the global market.
48. Advanced stem cell therapy leads way in fight against ALS
Brainstorm Cell Therapeutics, a Petah Tikva company, has showed in clinical trials a first-ever reversal in expected decline for patients of amyotrophic lateral sclerosis (ALS), a debilitating neuro-degenerative disease. While not a cure, the treatment, first developed at Tel Aviv University, reverses the damage (such as motor movement) ALS causes, even if it doesn’t slow the progress of the disease itself.
49. Hebrew University scientists develop printable food
Two members of Hebrew University’s Agriculture Faculty in Rehovot have devised a technology to print food from a natural, edible, calorie-free fiber. Professors Oded Shoseyov and Ido Braslavsky say the process of 3D printing of “personalized food” based on nan-cellulose allows for creating fare according to pre-defined criteria to serve to specific groups, such as those wanting to eat gluten-free, vegetarian, vegan, low-calorie or diabetically-suitable food.
50. Israeli creates world’s first home robot
Entrepreneur Yossi Wolf has designed a robotic butler of sorts which he plans to launch commercially in 2018. Having worked previously on robots for the military, Wolf’s robot for consumers, called Temi, is about three feet tall, has a 10-inch tablet computer for a head, moves around on wheels and uses advanced voice and face recognition software.
51. Satellite to help global agriculture flourish
Israel will head efforts to assist agriculture worldwide through the analysis of satellite images derived from its Venus vegetation and environment monitoring microsatellite, launched into space in July 2017. Venus, Israel’s first climate monitoring satellite which it showed at the United Nations in New York, has high-resolution cameras that allow researchers to detect even the slightest changes in the environment, along with information on the state of vegetation, afforestation, farmland and water in about 110 areas around the globe.
52. Israeli-developed paint cools buildings with sunlight
Three entrepreneurs revealed a way to turn energy from the sun, a source of heat, into a cooling agent that could save billions on electricity and have significant environmental, and even security, benefits. The co-founders of SolCold, along with a Hebrew University professor, invented a high-tech, light-filtering two-layer paint that can be applied to buildings which is then activated by the sun, using its strong rays to cool down structures.
53. Haifa team wins UK award for antibiotic resistance research
A collaboration between the Technion and the Bnai Zion Medical Center received the Discovery Award for its promising developments in rapid diagnostics for antibiotic resistance. The winning work was carried out in Haifa by Prof. Ester Segal’s research group in the Technion’s department of biotechnology and food engineering along with clinicians at Bnai Zion.
54. Israeli Arabs live longer than those in the Arab-Muslim world
A newly released study shows that the life expectancy of Arab Israelis at birth in 2015 was 79, higher than in all 21 Muslim and Arab countries. The research, conducted by the Taub Center for Social Policy Studies in Israel, also indicated that infant mortality among Israeli Arabs was lower than in most of the same Islamic and Arab countries surveyed.
55. Technion ranked as top university for the digital revolution
According to the latest Times Higher Education survey of global companies, the Technion is the world’s top academic institution for preparing students for leading positions in the digital realm. Survey respondents, from a range of firms and industries, were asked about the skills they believe graduates need to adapt to the digital revolution and which institutions are best preparing students for it.
56. Hospital opens innovative rapid cancer diagnosis unit
The Sheba Medical Center in Ramat Gan initiated a new approach that reduces the protracted anxiety of waiting for a diagnosis to less than two weeks instead of three months. Dr. Damien Urban, Sheba’s director of oncology, said the Rapid Cancer Diagnostic Unit is the first in Israel and possibly in the world as other such units he’s heard about in other countries focus on specific cancers whereas Sheba’s offers across-the-board cancer testing.
57. Survey: Israel in top tier of world’s most innovative countries
According to the 2018 Bloomberg Innovation Index, which scores countries using seven criteria including research and development and the number of science and engineering graduates, Israel is the 10th most innovative country. The annual ranking is based on data from diverse sources including the World Bank, the International Monetary Fund and the OECD (Organization for Economic Cooperation and Development).
58. Hospital sends medical personnel to cholera-stricken Zambia
Medical professionals from Israel helped treat cholera victims in Zambia, as it battled an outbreak of the disease. The Sheba Medical Center in Ramat Gan sent four doctors, two nurses, a lab technician and a water engineer to the southern African country, in what constituted the first foreign team to arrive in Zambia to fight the deadly flare-up of cholera.
59. New sensor technology cuts hotel energy costs substantially
Software developed by Vortex Energy, a Kadima-based startup, that helps better manage heating and cooling systems, reduces operational costs and climate-changing CO2 emissions. In a four-month pilot project at one hotel in Ramat Gan, Vortex’s automation system and data insights, based on special sensors and monitors that collect information on temperature fluctuations, saw a 12 per cent reduction in the building’s energy consumption and a 50 per cent reduction in CO2 emissions.
60. App for diagnosing brain diseases wins US prize
An Israeli startup specializing in neurological disorders won the Henry Ford Health System’s first artificial intelligence (AI) challenge. The Haifa-based Montfort Brain Monitor, chosen from more than 50 applicants, offers a “master app” that uses a smartphone’s sensors to track a patient’s motor, cognitive and affective activities in real time and can be special-tailored to patients according to their specific neurological disorder.
61. Company achieves breakthrough growing bones in lab
The Haifa-based Bonus BioGroup says that for the first time a patient was able to heal his own fractured shinbone after being injected with a bone graft, made from his own cells, and grown outside his body in a laboratory. The company has entered the second trial of a clinical study seeking to regrow bones in a lab, after its first trial, involving 32 patients, proved successful.
62. Researchers develop non-invasive test for prostate cancer
Scientists at Kaplan Medical Center in Rehovot reported a breakthrough, successfully detecting prostate cancer cells with high sensitivity using a non-invasive diagnostic test, Cell Detect. Developed at Kaplan, Cell Detect detected or ruled out prostate cancer in urine samples more accurately than the current PSA blood test, and previously proved effective in diagnosing cervical and bladder cancer in multiple clinical studies.
63. Start-up offers freedom from dirty work in the bathroom
It’s long been a dirty, thankless job that someone’s had to do, or else. Now, thanks to a Haifa-based startup that’s created a robot that cleans a toilet, humans may no longer need to touch a toilet brush or bowl again. Toibot has produced a battery-powered robot that attaches to any toilet and automatically brushes its entire surface while dispensing capsules that clean, disinfect and polish, and keep the toilet 99.9% bacteria free.
64. Doctors develop eye drops that may replace glasses
Ophthalmologists at Jerusalem’s Shaare Zedek Medical Center and Ramat-Gan’s Bar-Ilan University’s Institute of Nanotechnology and Advanced Materials announced they’ve successfully developed eye-drops that repair the cornea, improving near-sighted and far-sighted vision. According to the researchers, these “nanodrops” were successfully treated on pigs’ corneas and if proven effective on humans in clinical trials later this year, the discovery could eliminate the need for eyeglasses.
65. Israeli technology and expertise help grow crops in India
As it inaugurated its 23rd agricultural center in India, Israel is increasing its sharing of knowledge on growing fruit and vegetables using less water and other techniques in the largest such initiative by MASHAV (Israel’s Agency for International Development Cooperation). The assistance includes helping farmers in arid areas with drip irrigation technology and ways to increase pollination techniques and the use of recycled water, and extend the shelf life of agricultural products.
66. Study: Israel one of top nations for longevity and happiness
In a United Nations study of 156 countries, Israel came in fifth place worldwide for healthy longevity, which National Geographic Travelmagazine attributed mostly to a combination of a Mediterranean-style diet, low alcohol consumption, strong family and cultural values and an excellent healthcare system. In the overall happiness ranking of the survey, Israel came in 11th place, based in part on data from Israel’s Central Bureau of Statistics showing that 93 per cent of Israelis saying they are happy or very happy with their lives.
67. Israelis build first dairy farm in Papua New Guinea
Civil engineer Ronen Feigenbaum, an expert on cows and their production of milk, oversaw the creation of the first dairy farm in the remote southwestern Pacific island country of Papua New Guinea, after doing similar projects in China, England, Mexico and other countries. Working on behalf of Tel Aviv-based Alefbet Planners, he and his team used Israeli technology for various aspects of the operation, including ensuring the cowsheds are comfortable in Papua’s tropical climate and in the irrigation of the farm’s fields that grow grass and corn for silage.
68. Hadassah doctors perform lifesaving work in Ethiopia
Eight doctors, two nurses and one physical therapist from Jerusalem’s Hadassah Medical Center traveled to Ethiopia to fix spinal deformities in young patients that were so severe they were causing potentially lethal complications. In addition to the complex surgeries, the Israelis also provided medical training to local staff
69. Researchers claim breakthrough to make faster computers
Hebrew University researchers have created technology to enable computers and other optic communication devices to operate 100 times faster through terahertz microchips. Physicist Uriel Levy and his team have devised a new integrated circuit that uses flash memory technology in microchips which could create new, more powerful wireless devices that could transmit data at a much higher speed than currently possible.
70. UN honors Israeli NGO with prestigious award
Save a Child’s Heart (SACH) received the 2018 United Nations Population Award for outstanding achievements in health due to its life-saving work with children regardless of their nationality, religion, color, gender or financial situation. To date, SACH has provided cardiac surgery for 4,500 children from 55 developing countries, free of charge at the Wolfson Medical Center in Holon and in some hospitals abroad while also training more than 150 medical personnel from around the world.
Sources: Israel 21c, NoCamels, Times of Israel, Jerusalem Post, Haaretz, Ynet News, Israel Hayom, Globes, Bloomberg, Algemeiner, JTA, Tablet, The Independent, Business News Americas.
The team of security researchers—who last month demonstrated how attackers could steal data from air-gapped computers protected inside a Faraday cage—are back with its new research showing how two (or more) air-gapped PCs placed in the same room can covertly exchange data via ultrasonic waves.
Air-gapped computers are believed to be the most secure setup wherein the systems remain isolated from the Internet and local networks, requiring physical access to access data via a USB flash drive or other removable media.
Dubbed MOSQUITO, the new technique, discovered by a team of researchers at Israel’s Ben Gurion University, works by reversing connected speakers (passive speakers, headphones, or earphones) into microphones by exploiting a specific audio chip feature.
Two years ago, the same team of researchers demonstrated how attackers could covertly listen to private conversations in your room just by reversing your headphones (connected to the infected computer) into a microphone, like a bug listening device, using malware.Now, with its latest research [PDF], the team has taken their work to the next level and found a way to convert some speakers/headphones/earphones that are not originally designed to perform as microphones into a listening device—when the standard microphone is not present, muted, taped, or turned off.
Since some speakers/headphones/earphones respond well to the near-ultrasonic range (18kHz to 24kHz), researchers found that such hardware can be reversed to perform as microphones.
Moreover, when it comes to a secret communication, it’s obvious that two computers can’t exchange data via audible sounds using speakers and headphones. So, inaudible ultrasonic waves offer the best acoustic covert channel for speaker-to-speaker communication.
Video Demonstrations of MOSQUITO Attack
Ben Gurion’s Cybersecurity Research Center, directed by 38-year-old Mordechai Guri, used ultrasonic transmissions to make two air-gapped computers talk to each other despite the high degree of isolation.
The attack scenarios demonstrated by researchers in the proof-of-concept videos involve two air-gap computers in the same room, which are somehow (using removable media) infected with malware but can not exchange data between them to accomplish attacker’s mission.
The attack scenarios include speaker-to-speaker communication, speaker-to-headphones communication, and headphones-to-headphones communication.
“Our results show that the speaker-to-speaker communication can be used to covertly transmit data between two air-gapped computers positioned a maximum of nine meters away from one another,” the researchers say.
“Moreover, we show that two (microphone-less) headphones can exchange data from a distance of three meters apart.”
However, by using loudspeakers, researchers found that data can be exchanged over an air-gap computer from a distance of eight meters away with an effective bit rate of 10 to 166 bit per second.
It’s not the first time when Ben-Gurion researchers have come up with a covert technique to target air-gapped computers. Their previous research of hacking air-gap computers include:
- aIR-Jumper attack steals sensitive data from air-gapped PCs with the help of infrared-equipped CCTV cameras that are used for night vision.
- USBee can be used to steal data from air-gapped computers using radio frequency transmissions from USB connectors.
- DiskFiltration can steal data using sound signals emitted from the hard disk drive (HDD) of air-gapped computers.
- BitWhisper relies on heat exchange between two computers to stealthily siphon passwords and security keys.
- AirHopper turns a computer’s video card into an FM transmitter to capture keystrokes.
- Fansmitter technique uses noise emitted by a computer fan to transmit data.
- GSMem attack relies on cellular frequencies.
Source: The Hacker News
Boffins shows that sound output devices secretly capture audio
Computer speakers and headphones make passable microphones and can be used to receive data via ultrasound and send signals back, making the practice of air gapping sensitive computer systems less secure.
In an academic paper published on Friday through preprint service ArXiv, researchers from Israel’s Ben-Gurion University of the Negev describe a novel data exfiltration technique that allows the transmission and reception of data – in the form of inaudible ultrasonic sound waves – between two computers in the same room without microphones.
The paper, titled, “MOSQUITO: Covert Ultrasonic Transmissions between Two Air-Gapped Computers using Speaker-to-Speaker Communication,” was written by Mordechai Guri, Yosef Solwicz, Andrey Daidakulov and Yuval Elovici, who have developed a number other notable side-channel attack techniques.
These include: ODINI, a way to pass data between Faraday-caged computers using electrical fields; MAGNETO, a technique for passing data between air-gapped computers and smartphones via electrical fields; and FANSMITTER, a way to send acoustic data between air-gapped computers using fans.
Secret data transmissions of this sort expand on prior work done by National Security Agency on TEMPEST attacks, which utilize electromagnetic, magnetic, acoustic, optical and thermal emanations from electronic devices to collect and transmit data.
MOSQUITO, the researchers explain, demonstrates that speakers can covertly transmit data between unconnected machines at a distance of up to nine meters. What’s more, the technique works between mic-less headphones – the researchers say their work is the first to explore headphone-to-headphone covert communication.
Speakers, the paper explains, can be thought of as microphones working in reverse: Speakers turn electrical signals into acoustic signals while microphones turn acoustic signals into electrical ones. And each includes a diaphragm to assist with the conversion, which can help reverse the process.
Modern audio chipsets, such as those from Realtek, include an option to alter the function of the audio port via software, the paper explains. This capability is referred to as “jack retasking.”
“The fact that loudspeakers, headphones, earphones, and earbuds are physically built like microphones, coupled with the fact that an audio port’s role in the PC can be altered programmatically, changing it from output to input, creates a vulnerability which can be abused by attackers,” the paper explains.
Malware, thus, may be able to reconfigure a speaker or headphone to act as a microphone, provided the device is passive and unpowered.
That’s a significant caveat since most modern PCs have active, powered speakers; headphones and earbuds generally have passive speakers, as do some older PCs.
In an email to The Register, Mordechai Guri, one of the paper’s authors, head of R&D at Ben-Gurion University of the Negev’s Cyber-Security Research Center, and chief scientific officer at Morphisec, said, “The main problem involves headphones, earphones and earbuds since they are reversible and can become good pair of microphones (even when they don’t have an integrated mic at all).”
Using frequencies ranging from 18kHz to 24kHz, the researchers were able to achieve a data transmission rate of 166 bit/sec with a 1 per cent error rate when transmitting a 1Kb binary file over a distance of three meters. At distances ranging from 4 to 9 meters, that same error rate could only be achieved with a 10 bit/sec transmission rate, largely as a consequence of interference from environmental noise.
The paper discusses several mitigation techniques, all of which have limitations, including designing headphones and speakers with on-board amplifiers (which prevents use as a mic), using an ultrasonic jammer, scanning for ultrasonic transmissions, preventing jack retasking via software, and completely disabling audio hardware via the UEFI/BIOS.
Disconnecting speakers, headphones and the like represents the most practical solution, Guri said, “but this is not always feasible.”
Monitoring the ultrasonic band is a good theoretical and academic solution, he added, but has potential problems. “In practice, it will raise many false alarms,” he said.
Guri said ultrasonic malware does not appear to be very common. “A few years ago, a security researcher claimed that he found ultrasonic malware in the wild. It was dubbed BadBios. But in any case, it was claimed to be able to communicate between two laptops with both speakers and microphones.”
Inaudible audio is more likely to be used for marketing, and has prompted the development of defensive code called Silverdog. It’s an ultrasonic firewall in the Google Chrome browser that’s designed to block ultrasonic beacons (uBeacons), employed for cross-device tracking. ®
‘Assume every camera on a network can be hacked,’ cautioned the police cybercrimes unit.
Aviral Peeping Tom who hacked into the closed-circuit TV surveillance camera at a women’s bathing suit shop has led to a warning from the Israel Police Cybercrimes Unit that similar systems may be compromised and violate the privacy of unsuspecting persons.
According to police, an unidentified 41-year-old man was arrested on Wednesday after he allegedly used his computer to hack into the CCTV system at a high-end boutique in northern Tel Aviv and recorded customers as they undressed and tried on bathing suits.
While details of the incident remain unclear due to a gag order, police said the suspect subsequently posted the videos to a social media page.
“When the footage became public earlier this week, the national Cybercrimes Unit opened an investigation and arrested the suspect on Wednesday,” said police spokesman Micky Rosenfeld, adding that a Tel Aviv Magistrate’s Court judge ordered the suspect be remanded through Sunday.
Following the hacking, the Cybercrimes Unit recommended a number of preventive measures that should be taken by the public and by store owners to protect their privacy in similar situations.
“Take into account and assume that every camera that is on a network system can be hacked,” the unit warned in a statement. “Therefore, clothing store owners should ensure no cameras are placed in changing rooms or other sensitive locations.”
Additionally, the unit recommended that those who implement CCTV systems use complex passwords for accessing surveillance footage to make it difficult to hack into such video, and not connect the network systems used by the cameras to a public computer.
According to cyber-researchers at Ben-Gurion University of the Negev in Beersheba, security cameras infected with malicious software can use infrared light to receive covert signals and leak sensitive information.
The technique, called “aIR-Jumper,” also enables the creation of bidirectional covert optical communication between air-gapped internal networks that are isolated and disconnected from the Internet without remote access to the organization.
Source: The Jerusalem Post
Prof. Elovici is Head of the Cyber Security Research Center at Ben Gurion University Think of your typical day: you wake up, do your morning routine, open the fridge, maybe turn on the heat, boiler for the shower? Get in the car and drive to work. We hear the term Internet of Things get thrown around a lot and it seems as a society we are developing some sort of phobia from ‘smart’ devices.
On the TEDxBGU stage Prof. Elovici will take us through a typical day just a few years from now and make us realize the power of connectivity, for good or – for bad. This talk was given at a TEDx event using the TED conference format but independently organized by a local community.
Source: TEDx Talks YouTube
If you ever find a lost charger, don’t use it. If you need power and are tempted to plug into a public USB port, don’t do it.
It’s long been known that you should never insert an unknown USB drive to your computer because it could be loaded with malware. However, new research from Ben-Gurion University has exposed 29 types of USB attacks, and extends to your smartphone. It shows that you should never use a USB charger you find lying around or plug into a public USB port. Both can be compromised by attackers, as we talked about with one of the researchers on the project, Ran Yahalom.
Yahalom is the co-author of a journal article on the research with Dr. Nir Nissim, head of the Malware Lab of the Cyber Security Research Center at Ben-Gurion University, and Yuval Elovici, head of BGU’s Cyber Security Research Center (CSRC).
Yahalom said, “There are many non-trivial USB-based attacks. Some are carried out by the host, the computer connecting the USB peripheral. The most common ones are infected, or malicious. Once connected, they have access and take control of your computer.
“Microcontrollers are another attacks category. Microcontrollers can impersonate a USB peripheral. For example, you can program a teensy microcontroller or an Arduino [board] to act like a keyboard or a mouse. Once you program a keyboard and connect, it actually starts injecting key presses. It’s actually like having someone working on your computer.”
Yahalom added, “A more complicated category to implement doesn’t require any implantation. Someone can use an off-the-shelf product to find a way to reprogram firmware, update firmware, a legitimate process, supported by our protocol. It does bidding.
“A client bought the product benign but once reprogrammed by firmware update, it’s malicious and it’s owned and operated by someone else who has control.
“We surveyed 29 attacks, updated last year. New methods of likely developed and published attacks increase that number. The microcontroller, a reprogrammable microcontroller used to impersonate peripherals as well as an actually the firmware update. Academic circles call this ‘bad USB.’ It’s a family of attacks based on reprogramming the firmware.”
He continued, “The other are electrical attacks. In 2015, showed how to generate or build an electrical component enclosed in a flash drive casing. It looks like a flash drive, but it’s not a flash drive, it conducts a power surge attack once connected, and, fry the entire computer. New developments in this area of attack are also likely.
“If you go into a coffee shop and use charger there, or an airport or a train station, any charger that is not your own, you don’t know what that piece of hardware really does,” Yahalom stresses. “It may not be a charger, but a microcontroller hidden inside a charger casing. It could be something else. You don’t know. Once put into your phone, anything could happen.
I demonstrated how to connect a keyboard to a phone. But it doesn’t look like a keyboard, it looks like a charger, but it’s actually a microcontroller I reprogrammed. I programmed it to act as a keyboard, so it impersonates a keyboard and it looks like a charger. It’s connected to the socket, but without an electrical part of that charger, it’s just a microcontroller. I showed how to connect it to and lock the phone, a sort of ‘ransomware.'”
And Yahalom means “ransom” as in, “‘If you want the pin number, then to pay me,’ which can really happen. There are other types of attacks, where someone reprograms your phone and you wouldn’t even know. You’re carrying spyware, without knowledge of it, just because you injected something you weren’t aware of.
“The general rule of thumb is: treat technology as something you don’t naturally trust. As users, we have a tendency to trust technology, to trust peripherals, i.e., you trust your flash drive, you trust your keyboard, but you trust it because you’re not aware. Treat it as a syringe: You wouldn’t find a syringe in the parking lot, pick it up, and inject it to yourself. Because you’re aware you could be infected. You have no knowledge of what could happen, but are afraid because it could be dangerous. This is exactly the same thing.”
“Now that we’re moving from the cyber world to the physical world, it becomes increasingly clearer and we must get the word out,” he said.
“Bring your own charger.
“Use your own hardware.
“Don’t trust Wi-Fi networks.
“Educate yourself about different levels of security. For example, 3G is commonly believed to be more secure than Wi-Fi, since Wi-Fi’s easier to hack.”
In conclusion, Yahalom said, “These are important rules that will keep you safe. Anything like that, that you can do. Again, you don’t stop using technology because, obviously, that’s not the idea. Until manufacturers secure hardware and regulators enforce laws to keep us safe, we need to be extra aware and follow the simple rules.
Just be careful. Don’t trust anything.”
A team of Israeli researchers have discovered that the average IoT devices you buy on store shelves can be compromised within 30 minutes and added to a botnet.
As Internet of Things devices multiply exponentially, it looks like security still isn’t improving. A team of Ben-Gurion University researchers recently went out and bought a bunch of off-the-shelf devices to see how easily they could compromise them—and then use that information to attack other devices like them over the internet. In an interview with TechRepublic, BGU senior lecturer Yossi Oren explained what they found.
You can watch the video interview above or read the transcript below.
Oren said, “So together with my team, we tried to find out how difficult it is to buy an IoT camera and get into its secrets—find out passwords, connections, all sorts of information. What we discovered is that you need about 30 minutes after you unbox the camera, until you can find its default password, and also the services it’s running. And then use this information to add this camera and all the cameras of the same make and model into a botnet, which you control. And it’s very, very concerning.”
“We investigated 16 different devices—baby monitors, doorbells, cameras, temperature sensors, [etc.] And out of these 16 devices, we were able to find the password for 14 of them. So, that’s a good percentage. What we did is we took these cameras apart in our lab and we looked for what is called a debug port. This is a connector, which developers and engineers use when they are building this camera to make sure it’s built properly. And because it’s very expensive to print out a new circuit board once you’re finished developing, all of these cameras actually had these debug ports still in the hardware. Once you connect to there, you have backstage access to the camera. Sometimes, there is a password you need to crack, so we had to do that.”
Oren said, “One device is the later generation version of a very popular thermostat, [It] actually didn’t have this diagnostic port because it’s a very well-selling device. They actually had the engineering time to create a new version without this port and another two devices had a port, but [were] protected by passwords which were unable to crack in one hour. It could be that if we would spend a week on it, we would be able to crack it.
“Right now, devices you are buying today are very, very easy to attack and the problem is that once you attack it once, all of these devices can be attacked remotely. So you only need to do this one time—this process of taking them apart. And one problem, a big problem, with IoT devices when you compare them to computers and phones is that these devices are mostly going to be installed in some corner, in some alley, in some doorway, and not touched for 10 or 20 years. Think of street lights or traffic lights. And this means that you might be still using these devices after their manufacturer has gone out of business and nobody will ever issue firmware updates. You compare this to phones, where you find a vulnerability and the next week later, your phone restarts and voila, it’s patched. So, these devices are going to be here to stay and this means that probably consumers or network providers or something are going to be responsible for keeping these devices secure. This is very concerning based on what consumers have been able to demonstrate so far.”
Oren concluded, “You only need physical access once. Once you buy one copy of a make and model of a camera and you attack it in your lab, you get information which will allow you to attack this make and model anywhere remotely. So out of the devices we surveyed, nine of them were able to be accessed over the network. The access was protected by a password, this password we discovered using our methods. So once you get this password, anywhere in the world, you can access [the device].”
Israel is among those countries everyone would want to watch her steps in matters security. No debate, the country has it all when it comes to criminology and everything weaponry related. But, in its current move to use artificial intelligence as a tool to fight crime, that’s a serious move that requires deep thinking especially with the current fears associated with the technology.
Since the release of the report that revealed how AI is vulnerable for use against human security, to date, experts have been arguing fiercely over whether this technology should be declared illegal or wiped from the earth, but that seems too late now.
AI is Getting into the Fabrics of Governments
Like a month ago, the government of Spain made it official that they’ll be employing AI to help stop corruption by predicting where it likely occurs most. Now, Israel is going deeper as it thinks artificial intelligence can effectively help fight crime.
Israel Police has engaged the Ben-Gurion University of Negev and the two are building cutting-edge cyber, big-data AI-powered tools that will be able to prevent crime through foretelling when and where it may happen.
The concept led to the launch of a new Center for Computational Criminology at the Advanced Technology Park of BGU. And the event was officiated by BGU’s president professor Rivka, together with the Police Commissioner General Roni Alsheikh.
The System Might Snoop On People Online
Based on its recent researches, the university stated that cybercrime has been on the rise because of the policies that promote anonymity of cyberspace. And that is often exposed by the information shared online.
The researchers are set to coordinate with Police’s cyber investigators in developing the new machine-learning and AI tools for law enforcement. Obviously, this might trigger public concern and it is possible that some folks will go to court to have it interpret whether it’s okay for the authorities to monitor people’s online trails.
For the peace-seeking Johns and Jacks, this might help reduce online insecurity significantly, because the truth is both cybercrime and normal crime are planned online these days. “But, this can help turn threats into opportunities,” said Alsheikh.
Training AI-Powered Security Systems
Ideally, this is the trickiest part according to the recent war of words between experts. Elon Musk, the titan billionaire and founder of Telsa is on record saying that he has access to the most advanced potential of AI, and warns that if these systems are wrongly trained they can cause havoc.
Musk gave an example where an AI concluded that everybody who stood near a stove was a woman, which rose concerns about the credibility of the data that created that system. In other words, if these platforms consume wrong data, the whole thing can become more of a threat than good.
To ensure accuracy in investigations, those involved in training these systems must take responsibility for any cases that might victimize citizens who didn’t have anything to do with the crime. Maybe that would ensure data credibility as it’s the major factor in developing unquestionable AI.
Testing the System Before Implementation
No matter how many times artificial intelligence beats humans at doing complex tasks; still there is great need to test these models. Here we are talking about controlling crime using machine learning and nothing should go to chance.
That is, in all aspects the system must itself be in tack. We don’t want a case where hackers can break into a police investigative tool and use it to send the officers to a certain location where they can be ambushed.
In other words, there will be need to ensure that it is actually the authorities who are in full control of the investigations online. Fortunately, companies like Accenture and others have taken the job of testing AI platforms, to ensure they stick to their foundational promise.
Ideally, if this application of AI turns successful and Israel Police comes forward to confirm that artificial intelligence is a reliable tool to handle crime, we will see more governments turn to the technology for help.
“Today, we are on the threshold of the next big breakthrough: analyzing big data to discover hidden patterns to predict and prevent crime.”
Ben-Gurion University of the Negev and the Israel Police aim to develop advanced cyber, big-data and artificial intelligence tools that may eventually be able to predict and prevent crime.
In a joint initiative with the police, the university launched the Center for Computational Criminology this week at BGU’s Advanced Technologies Park in the presence of Police Commissioner Insp.-Gen. Roni Alsheikh and BGU president Prof. Rivka Carmi.
“The last, most significant scientific breakthrough to change law enforcement was DNA testing,” said Prof. Lior Rokach, head of the new center, chairman of the Department of Software and Information Systems Engineering, and a leading expert on artificial intelligence.
“Today, we are on the threshold of the next big breakthrough: analyzing big data to discover hidden patterns to predict and prevent crime,” he said. “The AI revolution of the past few years will prove to be even more significant than DNA testing for law enforcement, providing them with unprecedented investigative tools and new sources of evidence.”
According to the university, cybercrime has risen precipitously in recent years as criminals and even rogue governments have capitalized on the anonymity of cyberspace to cloak their activities while reaping sizable profits.
Additionally, the use of social media-based evidence has also been on the uptick in recent years as more and more information is shared online.
As part of the initiative, BGU researchers will work side by side with the Israel Police’s cyber investigators to develop new artificial-intelligence and machine-learning tools for law enforcement.
Alsheikh said that the police’s Cyber Unit, which was created to lead the national effort to combat cybercrime, would collaborate with the university’s cybersecurity experts to improve police enforcement and prevention capabilities.
“The cooperation will enable the police to bring technology to bear more effectively in enforcing the law and fighting crime – whether [committed by] cybercriminals or traditional criminals – by turning a threat into an opportunity,” Alsheikh said.
Ben-Gurion has in recent years become a recognized international leader in cybersecurity and big data research with a national initiative to promote Beersheba as the “Cyber Capital of Israel.”
The Center joins Cyber@BGU (CBG), a shared research platform for the most innovative and technologically challenging cyber-related projects run in collaboration with multi-national companies and government organizations.
Among others, the CBG includes the Cyber Security Research Center, a joint initiative with the Israel National Cyber Bureau and Telekom Innovation Laboratories, in partnership with Deutsche Telekom.
Carmi said that “putting that expertise to work for the State of Israel is a privilege,” which comes on the heels of the government’s decision to place the national Computer Emergency Response Team at the Advanced Technologies Park.
Source: The Jerusalem Post
Enhancing offensive capacity by creating attack toolboxes | Yuval Elovici
Reinforcing defences against intelligent aggression | Bracha Shapira
Designing adaptive attacks to identify and target defensive vulnerabilities | Lior Rokach
Source: World Economic Forum YouTube