This document discusses attacks on wearable-mobile communication over Bluetooth Low Energy (BLE). It notes that while BLE uses encryption, any app on a device can subscribe to the same BLE channels and characteristics as legitimate apps to access sensitive data or send commands. This poses a risk as malware could obtain private data like heart rate or put devices into recovery mode. The document proposes mitigations like app-to-device pairing to restrict access to only registered apps and using application-specific keys to protect command integrity and data confidentiality. Future enhancements to mobile platforms and BLE specifications are needed to better support authentication and encryption between apps and devices.
NFC: Naked Fried Chicken / Пентест NFC — вот что я люблюPositive Hack Days
Ведущий: Маттео Беккаро (Matteo Beccaro)
Доклад посвящен общим вопросам транспортной безопасности, мошенничества и технологических сбоев и будет интересен как профессиональным пентестерам, так и любителям. Докладчик рассмотрит несколько серьезных уязвимостей в реальных транспортных системах, в которых используется технология NFC, и продемонстрирует открытое приложение для тестирования таких систем со смартфона.
[CB16] ATMS how to break them to stop the fraud. by Olga Kochetova & Alexey O...CODE BLUE
The most common story that we hear: something happens with ATM that makes it empty, leaving no forensic evidence. No money and no logs.
We have collected huge number of cases on how ATMs could be hacked during our researches, incidents responses and security assessments. A lot of malware infects ATM through the network or locally. There are black boxes, which connect to communications port of devices directly. There are also network attacks, such as rogue processing center or MiTM.
How to stop the ATMs fraud? How to protect ATMs from attacks such as black box jackpotting? How to prevent network hijacking such as rogue processing center or MiTM? Some of these issues can be fixed by configuration means, some fixed by compensation measures, but many only by vendor. We will tell you about what bank can do now and what we as a community of security specialists should force to vendors. Before we spoke about vulnerabilities and fraud methods used by criminals. Now we would like to combine our expertise to help financial and security society with more direct advices how to implement security measures or approaches to make ATMs more secure.
--- Olga Kochetova
Olga is interested in how various devices interact with cash or plastic cards. She is a senior specialist for the penetration testing team at Kaspersky Lab. Olga has authored multiple articles and webinars about ATM security. She is also the author of advisories about various vulnerabilities for major ATM vendors and has been a speaker at international conferences, including Black Hat Europe, Hack in Paris, Positive Hack Days, Security Analyst Summit, Nuit Du Hack, Hack In The Box Singapore and others.
--- Alexey Osipov
Lead Expert on a Penetration Testing Team at Kaspersky Lab. An author of variety of techniques and utilities exploiting vulnerabilities in XML protocols and telecom equipment security. Author of advisories for various vulnerabilities for major ATM vendors. A speaker at international security conferences: Black Hat, Hack in Paris (presenting the paper on ATM vulnerabilities), NoSuchCon Paris, Nuit du Hack, Hack In The Box Singapore, Positive Hack Days, Chaos Communication Congress.
NFC: Naked Fried Chicken / Пентест NFC — вот что я люблюPositive Hack Days
Ведущий: Маттео Беккаро (Matteo Beccaro)
Доклад посвящен общим вопросам транспортной безопасности, мошенничества и технологических сбоев и будет интересен как профессиональным пентестерам, так и любителям. Докладчик рассмотрит несколько серьезных уязвимостей в реальных транспортных системах, в которых используется технология NFC, и продемонстрирует открытое приложение для тестирования таких систем со смартфона.
[CB16] ATMS how to break them to stop the fraud. by Olga Kochetova & Alexey O...CODE BLUE
The most common story that we hear: something happens with ATM that makes it empty, leaving no forensic evidence. No money and no logs.
We have collected huge number of cases on how ATMs could be hacked during our researches, incidents responses and security assessments. A lot of malware infects ATM through the network or locally. There are black boxes, which connect to communications port of devices directly. There are also network attacks, such as rogue processing center or MiTM.
How to stop the ATMs fraud? How to protect ATMs from attacks such as black box jackpotting? How to prevent network hijacking such as rogue processing center or MiTM? Some of these issues can be fixed by configuration means, some fixed by compensation measures, but many only by vendor. We will tell you about what bank can do now and what we as a community of security specialists should force to vendors. Before we spoke about vulnerabilities and fraud methods used by criminals. Now we would like to combine our expertise to help financial and security society with more direct advices how to implement security measures or approaches to make ATMs more secure.
--- Olga Kochetova
Olga is interested in how various devices interact with cash or plastic cards. She is a senior specialist for the penetration testing team at Kaspersky Lab. Olga has authored multiple articles and webinars about ATM security. She is also the author of advisories about various vulnerabilities for major ATM vendors and has been a speaker at international conferences, including Black Hat Europe, Hack in Paris, Positive Hack Days, Security Analyst Summit, Nuit Du Hack, Hack In The Box Singapore and others.
--- Alexey Osipov
Lead Expert on a Penetration Testing Team at Kaspersky Lab. An author of variety of techniques and utilities exploiting vulnerabilities in XML protocols and telecom equipment security. Author of advisories for various vulnerabilities for major ATM vendors. A speaker at international security conferences: Black Hat, Hack in Paris (presenting the paper on ATM vulnerabilities), NoSuchCon Paris, Nuit du Hack, Hack In The Box Singapore, Positive Hack Days, Chaos Communication Congress.
Practical Security Assessments of IoT Devices and Systems Ollie Whitehouse
This talk briefly discusses strategies and methodologies than can be employed when assessing IoT devices. We look at how to develop credible threat scenarios for different IoT device and systems, perform static and dynamic attack surface mapping, perform static firmware analysis, perform static hardware analysis, undertake a dynamic device security analysis, sources of supporting information, supporting capability requirements and establishment, Execution of dynamic device analysis and approaches around network protocol analysis.
Efficient Reverse Engineering of Automotive FirmwareRiscure
The firmware executed by components found in a car provide a starting point for adversaries to obtain confidential information and discover potential vulnerabilities. However, the process of reverse engineering a specific component is typically considered a complex and time-consuming task. In this paper we discuss several techniques which we used to significantly increase the efficiency of reverse engineering the firmware of an instrument cluster.
CODE BLUE 2014 : DeviceDisEnabler : A hypervisor which hides devices to prote...CODE BLUE
Current mobile gadgets includes of rich devices (high resolution video camera, microphone, GPS, etc) which enable high quantity communication (Video conference, current location data, etc). Unfortunately, the rich devices make easy to conduct cyber espionage. For example, a high resolution video is used to read the text on a display. A GPS device is used to track the user's location ("Cerberus" and "mSpy" are famous. Japanese application named "karelog" became social issues). These devices are not used in company's office or factory and computer administrators want to prohibit these devices. Unfortunately, the devices are embedded in a mobile gadget and most of them cannot be disenabled by BIOS or EFI.
In order to In order to solve this problem, we propose a thin hypervisor called "DeviceDisEnabler (DDE)", which hides some devices from OS. DDE is a lightweight hypervisor and can be inserted to a pre-installed OS. Although the OS uses "IN" instruction to get the device information on PCI and USB (Vendor ID, Device Class, etc), the "IN" instruction is hooked by DDE and the device information is hidden if the devices is prohibited in the company.
Unfortunately, not only attackers but also employees want to bypass the DDE because they want to use the devices. In order to protect bypassing the DDE, it encrypts the disk image of the OS. It means the OS cannot be used without the help of DDE. In order to hide the encryption key, the DDE has three types of key managements (A technique gets a key from the Internet with a secure communication. A technique hides the key into a TPM chip and obtains it at a certain state of boot time only. A technique obfuscates the key into the code using Whitebox Cryptography technique).
Current implementation is based on BitVisor 1.4 and the target is a mobile gadget which has Intel CPU. I will talk about the requirements for ARM CPU based implementation.
Master Serial Killer - DEF CON 22 - ICS VillageChris Sistrunk
Updated slides on Master Serial Killer from Adam Crain and Chris Sistrunk's research on ICS Protocol Vulnerabilities called Project Robus, the Aegis Fuzzer, and mitigations of these vulnerabilities.
Is your ICS breached? Are you sure? How do you know?
The current state of security in Industrial Control Systems is a widely publicized issue, but fixes to ICS security issues are long cycle, with some systems and devices that will unfortunately never have patches available. In this environment, visibility into security threats to ICS is critical, and almost all of ICS monitoring has been focused on compliance, rather than looking for indicators/evidence of compromise. The non-intrusive nature of Network Security Monitoring (NSM) is a perfect fit for ICS. This presentation will show how NSM should be part of ICS defense and response strategy, various options for implementing NSM, and some of the capabilities that NSM can bring to an ICS security program. Free tools such as Security Onion, Snort IDS, Bro IDS, NetworkMiner, and Wireshark will be used to look at the ICS environment for anomalies. It will be helpful if attendees have read these books (but they aren't required): The Cuckoo's Egg by Cliff Stoll, The Practice of Network Security Monitoring by Richard Bejtlich, and Applied Network Security Monitoring by Chris Sanders and Jason Smith.
Controlling PC on ARM using Fault InjectionRiscure
The slides from the presentation by Riscure's Niek Timmers, Albert Spruyt and Marc Whitteman. The paper describes an ARM specific fault injection attack strategy for exploiting embedded systems where externally controlled data is loaded in the program counter (PC) register of the processor.
Secure Boot Under Attack: Simulation to Enhance Fault Attacks & DefensesRiscure
Secure Boot is widely deployed in modern embedded systems and an essential part of the security model. Even when no (easy to exploit) logical vulnerabilities remain, attackers are surprisingly often still able to compromise it using Fault Injection or a so called glitch attack. Many of these vulnerabilities are difficult to spot in the source code and can only be found by manually inspecting the disassembled binary code instruction by instruction.
While the idea to use simulation to identify these vulnerabilities is not new, this talk presents a fault simulator created using existing open-source components and without requiring a detailed model of the underlying hardware. The challenges to simulate real-world targets will be discussed as well as how to overcome most of them.
Defcon through the_eyes_of_the_attacker_2018_slidesMarina Krotofil
Through the Eyes of the Attacker: Designing Embedded Systems Exploits for Industrial Control Systems
In 2017 a malware framework dubbed TRITON (also referred to as TRISIS or HatMan) was discovered targeting a petrochemical plant in Saudi Arabia. TRITON was designed to compromise the Schneider Electric Triconex line of Safety Instrumented Systems (SIS), potentially in order to cause physical damage. TRITON is the most complex publicly known ICS attack framework to date and the first publicly known one to target safety controllers. While the functionality of the malware is understood, little is known about the complexity of developing such an implant. The goal of this talk is to provide the audience with a “through the eyes of the attacker” experience in designing advanced embedded systems exploits & implants for Industrial Control Systems (ICS). Attendees will learn about the background of the TRITON incident, the process of reverse-engineering and exploiting ICS devices and developing implants and OT payloads as part of a cyber-physical attack and will be provided with details on real-world ICS vulnerabilities and implant strategies.
In the first part of the talk we will provide an introduction to ICS attacks in general and the TRITON incident in particular. We will outline the danger of TRITON being repurposed by copycats and estimate the complexity and development cost of such offensive ICS capabilities.
In the second and third parts of the talk we will discuss the process of exploiting ICS devices to achieve code execution and developing ICS implants and OT payloads. We will discuss real-world ICS vulnerabilities and present several implant scenarios such as arbitrary code execution backdoors (as used in TRITON), pin configuration attacks, protocol handler hooking to spoof monitored signal values, suppressing interrupts & alarm functionality, preventing implant removal and control logic restoration and achieving cross-boot persistence. We will discuss several possible OT payload scenarios and how these could be implemented on ICS devices such as the Triconex safety controllers.
In the final part of the talk we'll wrap up our assessment of the complexity & cost of developing offensive ICS capabilities such as the TRITON attack and offer recommendations to defenders and ICS vendors.
Riscure Assurance for Premium Content at a glanceRiscure
An overview of Riscure Assurance for Premium Content: a specialized security evaluation program by Riscure, tailored to the needs of the content protection industry.
Secure boot is under constant attack on embedded devices used across industries. Secure boot is essential for secure embedded devices as it prevents malicious actors from obtaining persistent runtime control. In this presentation, we present our vision on secure boot design and what it takes to make it secure.
This talk is about how to get into ICS security, whether you’re a control system engineer or an IT security analyst. It will cover the basic paths you can take to get involved, including some helpful resources and standards to help get you started. The ICS Security industry needs more people to help protect Critical Infrastructure!
Man in the NFC by Haoqi Shan and Qing YangCODE BLUE
NFC (Near Field Communication) technology is widely used in security, bank, payment and personal information exchange field now, which is highly well-developed. Corresponding, the attacking methods against NFC are also emerged in endlessly. What if we want to “steal” from someone’s EMV. QuickPass, VisaPay bank card without “get” his wallet? To solve this problem, we build a hardware tool which we called “UniProxy”. This tool contains two self-modified high frequency card readers and two radio transmitters, which is a master-salve way. The master part can help people easily and successfully read almost all ISO 14443A type cards no matter what kind of this card is, bank card, ID card, Passport, access card, or whatever, no matter what security protocol this card uses, as long as it meets the ISO 14443A standard, meanwhile replaying this card to corresponding legal card reader via slave part to achieve our “evil” goals. The master and slave communicates with radio transmitters and can be part between 50 – 200 meters.
Practical Security Assessments of IoT Devices and Systems Ollie Whitehouse
This talk briefly discusses strategies and methodologies than can be employed when assessing IoT devices. We look at how to develop credible threat scenarios for different IoT device and systems, perform static and dynamic attack surface mapping, perform static firmware analysis, perform static hardware analysis, undertake a dynamic device security analysis, sources of supporting information, supporting capability requirements and establishment, Execution of dynamic device analysis and approaches around network protocol analysis.
Efficient Reverse Engineering of Automotive FirmwareRiscure
The firmware executed by components found in a car provide a starting point for adversaries to obtain confidential information and discover potential vulnerabilities. However, the process of reverse engineering a specific component is typically considered a complex and time-consuming task. In this paper we discuss several techniques which we used to significantly increase the efficiency of reverse engineering the firmware of an instrument cluster.
CODE BLUE 2014 : DeviceDisEnabler : A hypervisor which hides devices to prote...CODE BLUE
Current mobile gadgets includes of rich devices (high resolution video camera, microphone, GPS, etc) which enable high quantity communication (Video conference, current location data, etc). Unfortunately, the rich devices make easy to conduct cyber espionage. For example, a high resolution video is used to read the text on a display. A GPS device is used to track the user's location ("Cerberus" and "mSpy" are famous. Japanese application named "karelog" became social issues). These devices are not used in company's office or factory and computer administrators want to prohibit these devices. Unfortunately, the devices are embedded in a mobile gadget and most of them cannot be disenabled by BIOS or EFI.
In order to In order to solve this problem, we propose a thin hypervisor called "DeviceDisEnabler (DDE)", which hides some devices from OS. DDE is a lightweight hypervisor and can be inserted to a pre-installed OS. Although the OS uses "IN" instruction to get the device information on PCI and USB (Vendor ID, Device Class, etc), the "IN" instruction is hooked by DDE and the device information is hidden if the devices is prohibited in the company.
Unfortunately, not only attackers but also employees want to bypass the DDE because they want to use the devices. In order to protect bypassing the DDE, it encrypts the disk image of the OS. It means the OS cannot be used without the help of DDE. In order to hide the encryption key, the DDE has three types of key managements (A technique gets a key from the Internet with a secure communication. A technique hides the key into a TPM chip and obtains it at a certain state of boot time only. A technique obfuscates the key into the code using Whitebox Cryptography technique).
Current implementation is based on BitVisor 1.4 and the target is a mobile gadget which has Intel CPU. I will talk about the requirements for ARM CPU based implementation.
Master Serial Killer - DEF CON 22 - ICS VillageChris Sistrunk
Updated slides on Master Serial Killer from Adam Crain and Chris Sistrunk's research on ICS Protocol Vulnerabilities called Project Robus, the Aegis Fuzzer, and mitigations of these vulnerabilities.
Is your ICS breached? Are you sure? How do you know?
The current state of security in Industrial Control Systems is a widely publicized issue, but fixes to ICS security issues are long cycle, with some systems and devices that will unfortunately never have patches available. In this environment, visibility into security threats to ICS is critical, and almost all of ICS monitoring has been focused on compliance, rather than looking for indicators/evidence of compromise. The non-intrusive nature of Network Security Monitoring (NSM) is a perfect fit for ICS. This presentation will show how NSM should be part of ICS defense and response strategy, various options for implementing NSM, and some of the capabilities that NSM can bring to an ICS security program. Free tools such as Security Onion, Snort IDS, Bro IDS, NetworkMiner, and Wireshark will be used to look at the ICS environment for anomalies. It will be helpful if attendees have read these books (but they aren't required): The Cuckoo's Egg by Cliff Stoll, The Practice of Network Security Monitoring by Richard Bejtlich, and Applied Network Security Monitoring by Chris Sanders and Jason Smith.
Controlling PC on ARM using Fault InjectionRiscure
The slides from the presentation by Riscure's Niek Timmers, Albert Spruyt and Marc Whitteman. The paper describes an ARM specific fault injection attack strategy for exploiting embedded systems where externally controlled data is loaded in the program counter (PC) register of the processor.
Secure Boot Under Attack: Simulation to Enhance Fault Attacks & DefensesRiscure
Secure Boot is widely deployed in modern embedded systems and an essential part of the security model. Even when no (easy to exploit) logical vulnerabilities remain, attackers are surprisingly often still able to compromise it using Fault Injection or a so called glitch attack. Many of these vulnerabilities are difficult to spot in the source code and can only be found by manually inspecting the disassembled binary code instruction by instruction.
While the idea to use simulation to identify these vulnerabilities is not new, this talk presents a fault simulator created using existing open-source components and without requiring a detailed model of the underlying hardware. The challenges to simulate real-world targets will be discussed as well as how to overcome most of them.
Defcon through the_eyes_of_the_attacker_2018_slidesMarina Krotofil
Through the Eyes of the Attacker: Designing Embedded Systems Exploits for Industrial Control Systems
In 2017 a malware framework dubbed TRITON (also referred to as TRISIS or HatMan) was discovered targeting a petrochemical plant in Saudi Arabia. TRITON was designed to compromise the Schneider Electric Triconex line of Safety Instrumented Systems (SIS), potentially in order to cause physical damage. TRITON is the most complex publicly known ICS attack framework to date and the first publicly known one to target safety controllers. While the functionality of the malware is understood, little is known about the complexity of developing such an implant. The goal of this talk is to provide the audience with a “through the eyes of the attacker” experience in designing advanced embedded systems exploits & implants for Industrial Control Systems (ICS). Attendees will learn about the background of the TRITON incident, the process of reverse-engineering and exploiting ICS devices and developing implants and OT payloads as part of a cyber-physical attack and will be provided with details on real-world ICS vulnerabilities and implant strategies.
In the first part of the talk we will provide an introduction to ICS attacks in general and the TRITON incident in particular. We will outline the danger of TRITON being repurposed by copycats and estimate the complexity and development cost of such offensive ICS capabilities.
In the second and third parts of the talk we will discuss the process of exploiting ICS devices to achieve code execution and developing ICS implants and OT payloads. We will discuss real-world ICS vulnerabilities and present several implant scenarios such as arbitrary code execution backdoors (as used in TRITON), pin configuration attacks, protocol handler hooking to spoof monitored signal values, suppressing interrupts & alarm functionality, preventing implant removal and control logic restoration and achieving cross-boot persistence. We will discuss several possible OT payload scenarios and how these could be implemented on ICS devices such as the Triconex safety controllers.
In the final part of the talk we'll wrap up our assessment of the complexity & cost of developing offensive ICS capabilities such as the TRITON attack and offer recommendations to defenders and ICS vendors.
Riscure Assurance for Premium Content at a glanceRiscure
An overview of Riscure Assurance for Premium Content: a specialized security evaluation program by Riscure, tailored to the needs of the content protection industry.
Secure boot is under constant attack on embedded devices used across industries. Secure boot is essential for secure embedded devices as it prevents malicious actors from obtaining persistent runtime control. In this presentation, we present our vision on secure boot design and what it takes to make it secure.
This talk is about how to get into ICS security, whether you’re a control system engineer or an IT security analyst. It will cover the basic paths you can take to get involved, including some helpful resources and standards to help get you started. The ICS Security industry needs more people to help protect Critical Infrastructure!
Man in the NFC by Haoqi Shan and Qing YangCODE BLUE
NFC (Near Field Communication) technology is widely used in security, bank, payment and personal information exchange field now, which is highly well-developed. Corresponding, the attacking methods against NFC are also emerged in endlessly. What if we want to “steal” from someone’s EMV. QuickPass, VisaPay bank card without “get” his wallet? To solve this problem, we build a hardware tool which we called “UniProxy”. This tool contains two self-modified high frequency card readers and two radio transmitters, which is a master-salve way. The master part can help people easily and successfully read almost all ISO 14443A type cards no matter what kind of this card is, bank card, ID card, Passport, access card, or whatever, no matter what security protocol this card uses, as long as it meets the ISO 14443A standard, meanwhile replaying this card to corresponding legal card reader via slave part to achieve our “evil” goals. The master and slave communicates with radio transmitters and can be part between 50 – 200 meters.
When Encryption is Not Enough...Sumanth Naropanth, Chandra Prakash Gopalaiah ...Shakacon
Communication protocols are core to computing devices. They have evolved from the traditional Serial and LAN ports to complex (and lightweight) protocols of today, such as Bluetooth Low Energy (BLE), ANT+, ZigBee, etc.
Bluetooth Low Energy (BLE) is a popular protocol of choice for low energy, low performance computing systems. While versions of the BLE specification prior to 4.2 allowed simple key mechanisms to encrypt the communication between connected nodes, the more recent specification of BLE (4.2) provides better channel encryption via the Secure Simple Pairing (SSP) mode to protect data against snooping and man-in-the-middle style attacks. These protocols are used extensively by wearables such as smart watches and activity trackers.
Most wearables work in conjunction with a companion mobile application running on a platform that supports BLE with the aforementioned security mechanisms. We looked at Android and iOS for our study. We observe that there are fundamental assumptions (leading security limitations) in the adoption of the BLE security specifications on these two platforms. Relying on the standard BLE APIs for Android and iOS may be insufficient and may even project a false sense of security. It is critical to understand the degree of security that the BLE specifications can offer, and clearly separate that from the developers’ responsibility to design application level security in order to assure confidentiality and integrity of data being transmitted between a wearable device and its companion application.
The fascinating world of Internet of Things is so huge that it cannot be fully described in one session. But you can start your adventure. Presentation of IoT Hub, reference architecture, fast review of a few ready solutions and interaction with MXChip IoT DevKit.
How to use Bluetooth® Smart to control your embedded device with a mobile deviceAnaren, Inc.
This presentation explores the challenges facing OEMs trying to achieve wireless control of their embedded applications via Bluetooth mobile devices -- and several tips for overcoming those challenges. At the session’s conclusion, he will also touch on how Anaren's online development tool (Atmosphere) simplifies the embedded-to-mobile-device code authoring experience.
What are the standards for IoT? What are the requirements for different parts of your business for IoT? For your infrastructure? For your employees? For your customers? For your partners? Examples of Successful Enterprise IOT architecture patterns and use cases. What are problems like security for IoT?
The Internet of Things is the idea that everything around us from cars to ovens can be connected. If everything around us is linked and collecting information, these networks must be able to provide security and privacy to the end-user particularly in low-power lossy networks.
BTLE (Bluetooth Low Energy) and CoreBluetooth Zach Dennis
This presentation is on Bluetooth low energy and how Apple's Core Bluetooth framework works to expose the higher level application layer to iOS and Mac developers.
Controlling Access to IBM i Systems and DataPrecisely
Security best practice and regulations such as SOX, HIPAA, GDPR and others require you to restrict access to your critical IBM i systems and their data, but this is easier said than done. Legacy, proprietary access protocols now co-exist with new, open-source protocols to create access control headaches.
View this webcast on-demand for an in-depth discussion of IBM i access points that must be secured and how exit points can be leveraged to accomplish the task. We’ll cover:
• Securing network access and communication ports
• How database access via open-source protocols can be secured
• Taking control of command execution
Azure IoT Client SDK can be used to connect many different types of devices. At the lowest end, you can use it to connect a less than 3$ WiFi capable system on a chip microcontroller, such as the NodeMcu and WeMOS D1.
In this lecture we will see how to build a WiFI capable, Arduino based, cloud controlled IoT smart switch. We will then use a cross platform Xamarin based application to activate the smart switch. Using this application installed on a mobile phone we will open a car gate on stage as well as 7500 Miles (12,000 KM) away.
You will learn:
• An Internet of Thing system overview
• How to create and use the Azure IoT Hub
• Implementing an Azure IoT client SDK based solution
• Provisioning IoT devices, sending information to the cloud and receiving commands
• Arduino development using Visual Studio with Visual Micro
The age of the Internet of Things (IoT) has come. IoT devices enable a new realm of services and applications—medical devices, fitness and fashion, appliances, industrial, etc. The market is expected to exceed $1.7 trillion by 2020 with more than 200 billion connected devices—and 90 percent of automobiles. Join Amir Rozenberg as he describes the ingredients to ensure quality IoT applications: IoT-enabled lab, test tools and methodologies, and compliance and test evidence. Test professionals need to expand their perspective to include IoT; new IoT dev testers need to adopt proven and agile test methodologies. Amir offers a working approach to shift from mobile test strategy to digital and IoT. He details how to build the test lab, enhance test cases with real user conditions, consider tools when moving to IoT, and how to reach the right test coverage level. Amir shares how to manage the growing set of tests that need to be executed into an agile framework from a planning, execution, and reporting perspective. To demonstrate these concepts, Amir shares real-world examples of applications for medical, automotive, and connected homes.
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
# Internet Security: Safeguarding Your Digital World
In the contemporary digital age, the internet is a cornerstone of our daily lives. It connects us to vast amounts of information, provides platforms for communication, enables commerce, and offers endless entertainment. However, with these conveniences come significant security challenges. Internet security is essential to protect our digital identities, sensitive data, and overall online experience. This comprehensive guide explores the multifaceted world of internet security, providing insights into its importance, common threats, and effective strategies to safeguard your digital world.
## Understanding Internet Security
Internet security encompasses the measures and protocols used to protect information, devices, and networks from unauthorized access, attacks, and damage. It involves a wide range of practices designed to safeguard data confidentiality, integrity, and availability. Effective internet security is crucial for individuals, businesses, and governments alike, as cyber threats continue to evolve in complexity and scale.
### Key Components of Internet Security
1. **Confidentiality**: Ensuring that information is accessible only to those authorized to access it.
2. **Integrity**: Protecting information from being altered or tampered with by unauthorized parties.
3. **Availability**: Ensuring that authorized users have reliable access to information and resources when needed.
## Common Internet Security Threats
Cyber threats are numerous and constantly evolving. Understanding these threats is the first step in protecting against them. Some of the most common internet security threats include:
### Malware
Malware, or malicious software, is designed to harm, exploit, or otherwise compromise a device, network, or service. Common types of malware include:
- **Viruses**: Programs that attach themselves to legitimate software and replicate, spreading to other programs and files.
- **Worms**: Standalone malware that replicates itself to spread to other computers.
- **Trojan Horses**: Malicious software disguised as legitimate software.
- **Ransomware**: Malware that encrypts a user's files and demands a ransom for the decryption key.
- **Spyware**: Software that secretly monitors and collects user information.
### Phishing
Phishing is a social engineering attack that aims to steal sensitive information such as usernames, passwords, and credit card details. Attackers often masquerade as trusted entities in email or other communication channels, tricking victims into providing their information.
### Man-in-the-Middle (MitM) Attacks
MitM attacks occur when an attacker intercepts and potentially alters communication between two parties without their knowledge. This can lead to the unauthorized acquisition of sensitive information.
### Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks
6. • IoT – connecting any device with an on/off switch to the internet
• Cost and low power consumption are significant considerations
• BT/BLE FTW!
• Connected world —>Huge amounts of data —> Lot of concerns
• Security on top of the list : Baby monitor, wearable and Wireless Car hacks!
Why Wearables/IoT
7. BT Classic vs BLE
Bluetooth Classic Bluetooth Low Energy
Range (theoretical) 100 m > 100 m
Power consumption 1 W 0.01 to 0.5 W
Peak current
consumption
<30 mA
<15 mA
Data rate 1-3 Mbit/s 1 Mbit/s
Radio Frequencies 2.4 GHz 2.4 GHz
Focus
Wireless protocol for
short range data
exchange
Low power consumption –
periodic exchange of small
amounts of dataUse Cases
Wireless speakers,
headsets
Wearable devices, smart pay
systems
• Bluetooth 5 is here! 4x Range and 2x Speed
8. GAP
Defines how devices discover, connect and create bonding
between them
SMP
Protocol for pairing and key distribution and authenticating other
device
Shared secrets can be managed and hence speed-up the
reconnection process
L2CAP
Multiplexing layer for BLE
GATT
Describes characteristics, services and type of attributes/ their
usage
ATT
Simple Client/ Server stateless protocol with rules for accessing
data on a peer device
BLE Protocol Stack
10. Secure Simple Pairing
• Just Works: very limited/ no user interface
• Numeric Comparison: devices with display plus yes/no button
• Passkey Entry: 6 digit pin as the pass key
• Out Of Band: Use of an out of the band channel against MITM
attacks
Pairing Algorithms
11. Pairing req.
Capabilities, list of keys to
be distributed and
authentication
requirements
Pairing resp.
TK
STKSrand
Mrand
Distribute LTK, IRK
and CSRK over link
encrypted with STK
Further secure
communication on
channel encrypted
with LTK
IRK : LE privacy by the use of
random addresses
CSRK : Resolve a signature and authenticate
sender
Supported Algorithms
ECDH for key exchange
AES-CCM for encryption
BLE Security
12. Object Model:
• Main objects
• CBCentralManager
• CBPeripheral
• CBPeripheralManager
• CBCentral
• Data objects
• CBService
• CBCharacteristic
• Helper objects
• CBUUID
Core Bluetooth - iOS
13. •Introduced in the core Android framework in 4.3 or API Level 18
•Declaration of necessary permissions in the manifest
•“BLUETOOTH” permission
•necessary to perform any communication
•request/accept a connection, transfer data
•“BLUETOOTH_ADMIN” permission
•app to initiate device discovery
•manipulate Bluetooth settings
Android - BLE support
14. • Security largely depends on the chosen flavor of the pairing mechanism
• Passive attacks
• Eavesdropping on the pairing session compromises encryption keys
• Mike Ryan’s research: With Low Energy comes Low Security
• Just works vulnerable to active attacks
• MITM attacks: Just works mode
Known Security Risks
17. The Problem – Prelude
Device Commands:
• Put device into recovery
mode
• Do a FW update
• Change Device (BLE) name
Notifications:
• Social apps
• Calls and texts
Information:
• User activity data
• User profile updates
• Application action (calls, music
control)
• Call/text/social updates
(sometimes)
18. The Problem – Prelude
Device Commands:
• Put device into recovery
mode
• Do a FW update
• Change Device (BLE) name
Notifications:
• Social apps
• Calls and texts
Information:
• User activity data
• User profile updates
• Application action (calls, music
control)
• Call/text/social updates
(sometimes)
BLE -
ENCRYPTED
ATTACKER
19. The Problem
Device Commands:
• Put device into recovery
mode
• Do a FW update
• Change Device (BLE) name
Notifications:
• Social apps
• Calls and texts
Information:
• User activity data
• User profile updates
• Application action (calls, music
control)
• Call/text/social updates
(sometimes)
BLE -
ENCRYPTED
ATTACKER
20. Root Cause
All applications on Android and iOS can subscribe to the BT
service and get the data on the same BT channels or BLE
characteristics as the legitimate app
• Android
• android.permission.BLUETOOTH
• android.permission.BLUETOOTH_ADMIN – quote:
• iOS
• Core Bluetooth (CB) Framework
• Centrals (client/phone) and Peripherals (server/wearable) classes
21. Example – Wearable Ecosystem 1
• Uses BLE
• Proprietary code
• Existing market research for format of messages and headers
• Malware app subscribes to the known BLE characteristics gets
data synced with the legit app
23. Example – Wearable Ecosystems 2
• Use BT, BLE and WiFi
• Device can sync directly to the cloud
• Fewer app-associated threats
• Malware app (GATT characteristics scan/read/write) does not
pick up any user information
24. Example – Wearable 3
• Similar, but with a twist
• Malware application cannot send commands to the wearable by itself
• Legitimate app opens a connection to the device
• The malware app piggybacks to send commands to the wearable
Moral: Partial security does not help
• Protect not just the handshake but every
message
26. Malware Proof of Concept
Wearable device sends heart rate data
continuously over BLE
if ((charaProp | BluetoothGattCharacteristic.PROPERTY_NOTIFY) > 0) {
mNotifyCharacteristic = characteristic;
mBluetoothLeService.setCharacteristicNotification(
characteristic, true);
}
return true;
}
public void onCharacteristicChanged(BluetoothGatt gatt,
BluetoothGattCharacteristic characteristic) {
final byte[] data = characteristic.getValue();
...
if (characterstics.equals("558dfa01-4fa8-4105-9f02-4eaa93e62980"))
{
int[] dataArray = new int[data.length];
int i = 0;
for (byte b : data)
dataArray[i++] = b & 0xff;
int steps = ((dataArray[5] & 0xff) << 8) | (dataArray[4] & 0xff);
int calories = ((dataArray[13] & 0xff) << 8) | (dataArray[12] & 0xff);
int heartRate = dataArray[18];
System.out.println("malware: Steps = "+ steps +" , calories = “+
calories +", HearRate = “+heartRate);
}
}
Malware app subscribes to the same
GATT profiles, captures the raw data
and parses to get useful personal data
27. • Activity data and exercise modes
• HR, calories, distance, skin temperature, etc.
• Fine-grained GPS patterns = user location
• Malware app puts the device into recovery mode
without a follow-up FW image
• User will need to take the device to a service
center to recover
• Change the device name to cause temporary DoS
“Malware on my phone?”
Never!
But…
Confidentiality
• Malware executes commands on the device
• Changing device name to rogue values
• See list for more commands
Integrity
Availability
PR Problems
• Hot research topic
• BORE risk
Why should we care?
29. Objectives
• Allow communication only between the legitimate application on the phone and the
wearable device
• Protect confidentiality of sensitive data sent from the wearable to phone
• activity data – HR, Calories, activity information, etc.
• Application specific feedback or inputs – music, notifications, etc.
• Protect integrity of all commands sent from the companion app to the wearable
30. Assumptions & Non-Objectives
• Out of the Box Experience (OOBE) occurs with the legit application
• Phone is not rooted/jail-broken
• Pre-existing application sandbox breaking vulnerabilities
• Man-In-The-Middle attack during BLE pairing
31. BLE Pairing
Mitigation Overview
Multiple
applications use
BLE link layer to
transmit data
Malware has access
to the same BLE
pairing as legit app
App to Device Pairing
App to device
pairing restricts
access to registered
app
BLE
Stack
BLE Hardware
BLE
Stack
BLE Hardware
33. Mitigation — Real World
Web portal &
Services
Service A
Service B
Service C
Multipletrustedappsonmultipletrustedphones
Cloud-based
account & key
management
Wearable device
may offer services
to multiple apps
36. The Future
• Android and iOS Security enhancements
• Support for App to Device security
• BLE Spec support for authentication and encryption
• Both
37. Summary
• Soft underbelly:
• Bluetooth/BLE Spec
• Adoption of the spec on popular smartphone platforms
• Medium Risk (malware on the phone); High Impact (sensitive user information)
• Severe impact for wearables with security and finance use cases
• Apple Watch Auto Unlock
• Pay
• Protecting from network attackers is not enough
• Onus on App developers and wearable OEMs to add an extra layer of security for
App <— —> Device communication