This document discusses emerging security challenges with new technologies. It begins with an overview of how information security has evolved from a focus on confidentiality to also include integrity and availability. Four emerging technologies are then examined: robotics, 3D printing, the Internet of Things, and wearables. Each section identifies applications of the technology and discusses associated security risks. For example, robotic systems could be hacked and manipulated to cause physical harm. The document emphasizes that security needs to be considered from the early design stages of new technologies and provides some approaches to help secure them.
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"Lane Huff
I'm Cuckoo for Malware provides an introductory overview to Cuckoo Sandbox and Malware Analysis. This talk walks through discussing different types of malware and what they do, to explaining how Cuckoo Sandbox works and how to get the best results from it. The talk will cover how to harden your sandbox against Malware authors attempts to avoid analysis and give ideas for listeners wanting to set up custom environments of their own. The goal of the talk is to allow listeners with enough information so that they can begin analyzing malware in their own Cuckoo-based sandbox environment.
The development of intelligent network forensic tools to focus on specific type of network traffic analysis is a challenge in terms of future perspective.
This will reduce time delays, less computational resources requirement; minimize attacks, providing reliable and secured evidences, and efficient investigation with minimum efforts
Mobile device usage has skyrocketed in enterprises and so have the risks. Eric Vanderburg and Trevor Tucker discuss the evidentiary value of mobile forensics, its limitations, and how cybersecurity can ensure the processes, procedures, and controls necessary to protect mobile devices and organizational data. This helps companies and attorneys to be better prepared for investigations and associated legal implications of mobile use in the enterprise.
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"Lane Huff
I'm Cuckoo for Malware provides an introductory overview to Cuckoo Sandbox and Malware Analysis. This talk walks through discussing different types of malware and what they do, to explaining how Cuckoo Sandbox works and how to get the best results from it. The talk will cover how to harden your sandbox against Malware authors attempts to avoid analysis and give ideas for listeners wanting to set up custom environments of their own. The goal of the talk is to allow listeners with enough information so that they can begin analyzing malware in their own Cuckoo-based sandbox environment.
The development of intelligent network forensic tools to focus on specific type of network traffic analysis is a challenge in terms of future perspective.
This will reduce time delays, less computational resources requirement; minimize attacks, providing reliable and secured evidences, and efficient investigation with minimum efforts
Mobile device usage has skyrocketed in enterprises and so have the risks. Eric Vanderburg and Trevor Tucker discuss the evidentiary value of mobile forensics, its limitations, and how cybersecurity can ensure the processes, procedures, and controls necessary to protect mobile devices and organizational data. This helps companies and attorneys to be better prepared for investigations and associated legal implications of mobile use in the enterprise.
Cyber security is the body of technologies and process which practices protection of network, computers, data and programs from unauthorized access, cyber threats, attacks or damages
The current presentation is based on different Cyber Security Threats for 2017 published in Internet. All threats are explained at a high level but at the end of this presentation all references URL are present if you want to investigate deeply any threat.
Human Factors in Cyber Security: User authentication as a use caseShujun Li
Invited 3-hour tutorial as an invited guest speaker at the 2017 Summer School on "Human Factor in Systems Safety and Security", organized by the Department of Computing and Informatics, Bournemouth University, UK and sponsored by the IEEE Systems, Man and Cybernetics (SMC) Society. Delivered on 7 July 2017.
DNS Protection safeguards Incapsula clients’ DNS servers, while also accelerating DNS responses.
Infrastructure Protection, enabled by the addition of a GRE tunneling onboarding option, widen Incapsula's security perimeter - allowing it to protect entire subnets, secure all network elements and inspect all TCP/UDP communication.
WhiteHat Security, the Web security company, today released the twelfth installment of the WhiteHat Security Website Security Statistics Report. The report reviewed serious vulnerabilities* in websites during the 2011 calendar year, examining the severity and duration of the most critical vulnerabilities from 7,000 websites across major vertical markets. Among the findings in the report, WhiteHat research suggests that the average number of serious vulnerabilities found per website per year in 2011 was 79, a substantial reduction from 230 in 2010 and down from 1,111 in 2007. Despite the significant improvement in the state of website security, organizational challenges in creating security programs that balance breadth of coverage and depth of testing leave large-scale attack surfaces or small, but very high-risk vulnerabilities open to attackers.
The report examined data from more than 7,000 websites across over 500 organizations that are continually assessed for vulnerabilities by WhiteHat Security’s family of Sentinel Services. This process provides a real-world look at website security across a range of vertical markets, including findings from the energy and non-profit verticals for the first time this year. The metrics provided serve as a foundation for improving enterprise application security online.
Cyber security is the body of technologies and process which practices protection of network, computers, data and programs from unauthorized access, cyber threats, attacks or damages
The current presentation is based on different Cyber Security Threats for 2017 published in Internet. All threats are explained at a high level but at the end of this presentation all references URL are present if you want to investigate deeply any threat.
Human Factors in Cyber Security: User authentication as a use caseShujun Li
Invited 3-hour tutorial as an invited guest speaker at the 2017 Summer School on "Human Factor in Systems Safety and Security", organized by the Department of Computing and Informatics, Bournemouth University, UK and sponsored by the IEEE Systems, Man and Cybernetics (SMC) Society. Delivered on 7 July 2017.
DNS Protection safeguards Incapsula clients’ DNS servers, while also accelerating DNS responses.
Infrastructure Protection, enabled by the addition of a GRE tunneling onboarding option, widen Incapsula's security perimeter - allowing it to protect entire subnets, secure all network elements and inspect all TCP/UDP communication.
WhiteHat Security, the Web security company, today released the twelfth installment of the WhiteHat Security Website Security Statistics Report. The report reviewed serious vulnerabilities* in websites during the 2011 calendar year, examining the severity and duration of the most critical vulnerabilities from 7,000 websites across major vertical markets. Among the findings in the report, WhiteHat research suggests that the average number of serious vulnerabilities found per website per year in 2011 was 79, a substantial reduction from 230 in 2010 and down from 1,111 in 2007. Despite the significant improvement in the state of website security, organizational challenges in creating security programs that balance breadth of coverage and depth of testing leave large-scale attack surfaces or small, but very high-risk vulnerabilities open to attackers.
The report examined data from more than 7,000 websites across over 500 organizations that are continually assessed for vulnerabilities by WhiteHat Security’s family of Sentinel Services. This process provides a real-world look at website security across a range of vertical markets, including findings from the energy and non-profit verticals for the first time this year. The metrics provided serve as a foundation for improving enterprise application security online.
Wearable devices are revolutionizing data center operations. Information that traditionally was included in multiple volumes can now be made available at a technician's fingertips. This presentation provides a case study as to how one company is improving its operational performance thru wearable technology
Acting quickly after a data breach can help you regain security, preserve evidence and protect your brand. Use this checklist as your guide in the first 24 hours after discovering a breach.
The Importance of Proper Windshield ReplacementEason Chan
Aside from helping to avoid ejection in case of an accident, your windshield also contributes to the structural integrity of the roof of your car. We can say that windshields are truly essential to your vehicle's overall safety. So be sure to take note of the importance of proper windshield replacement.
CEO's see themselves as the stewards of reputation of the oganization - they want to turn it over to their successor in a better shape than they received it.
In this slideshow, we highlight research on CEOs and reputation management, pr, crisis communication, employer branding and much more.
V Międzynarodowa Konferencja Naukowa Nauka o informacji (informacja naukowa) w okresie zmian Innowacyjne usługi informacyjne. Wydział Dziennikarstwa, Informacji i Bibliologii Katedra Informatologii, Uniwersytet Warszawski, Warszawa, 15 – 16 maja 2017
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...APNIC
APNIC Senior Security Specialist Adli Wahid provides some useful findings of lessons learned from security incidents at the UMS Cybersecurity Awareness Seminar, held online on 25 October 2021.
Digital revolution with Cloud computingTarry Singh
Digital revolution is upon us. Cloud has become increasingly mature, social has taken over our lives by storm, whether twitter, Facebook, linkedin or just about doing anything with our personal or private lives. Mobile / smartphone is almost literally wearable tech in our pockets but more is coming. And finally with big data & analytics (structured and unstructured), we are at the brink of defining our new lives as "fully informed consumers". IoT (Internet of things) is the next big platform, a marketplace where all things will happen. Yes, all of the things!
This presentation was given in Malaysia conference 2009 and it still holds true!
The combination of being a grid operator means that you have to keep your workforce safe at all times, meanwhile enabling them to be as productive as possible (shortage of engineers) using BYOD and mobile. Presentation delivered at the Enterprise Mobility Exchange, Noordwijk (NL) on 12 May 2014
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014Security Weekly
The Internet of Things (IoT) aims to makes our lives better, yet there is still no foundation for security controls on the devices that allow us to access the Internet, listen to music, watch television, control the temperature in our homes and more. This talk will look at the history of embedded device insecurity. We’ll explore some real-world example of how devices are exploited (and attackers profited). You will also learn what we can do to help fix these problems and push the industry for a much higher level of security for devices affecting our daily lives.
Keynote on why you should make Infosec a board level strategic item, how you should raise it to this level and how to approach Information Security strategically
Latest trends in information technologyAtifa Aqueel
This ppt includes the latest trends in information technology such as big data analytics, cloud computing, virtual reality, 5G wireless technology etc.
George konstantakis iot and product design360mnbsu
The Internet of Things (IoT) may be at the core of the next Industrial Revolution! The socioeconomic implications of IoT, in general, are astounding. As with all disruptive technology, there are threats and opportunities that must be understood by business leaders. How do these implications relate to the needs of manufacturing businesses and the human resources that are intertwined with them? How can Product Design address those needs? This closing session will explore these questions and offer solutions.
Trendcasting for 2018 what will the future of tech holdBrian Pichman
Join Brian Pichman of the Evolve Project as he highlights this year's biggest technology trends and what it means for 2018. What changes are on the horizon? What technologies should we hold out for? From drones to virtual/augmented reality, to creating, to innovation. Find out what is on the cusp and what will be the biggest trends of 2018.
Managing Frequently Overlooked Risks & Threats (FORTS) in CorporationsDinesh O Bareja
There are many (small) risks and threats which are frequently overlooked in an organization. The presentation takes a look at where Risks & Threats (RaT) come from and at the "Biggies" in the RaT Lists. We look at a few Frequently Overlooked Threats and Risks (FORT) and Course Correction Options and finally a few Case Studies to highlight FORTs
How to keep your IT environment secure using IAM while deploying BYOD and mobile
presentation delivered at the BYOD and Mobility Forum, London on 26 March 2014
Similar to Security Challenges in Emerging Technologies (20)
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
3. Ground Rules
• Questions are welcome
• Share your knowledge
• Mobile phones – you know
what to do
4. Session Objectives
• Exploratory look at emergent technologies
• Identification of associated security
challenges
• Bottom-line:
Incite the thought process on upcoming
challenges and opportunities in information
security.
5. Session Plan
•The Evolution of Information
Security
•4 Emerging Areas of Technology
and Associated Security
Challenges
8. C
I
A
Quick Reminder
• The fundamental objective of information security is to
protect the C, I and A of data.
However, it wasn’t always this way.
9. The Shifting Focus of
Information Security
• The early days of data security focused primarily on
Confidentiality of Data
• Cryptography dates back to around 2000 B.C. in Egypt when
encrypted hieroglyphic messages were etched on tombs
10. The Shifting Focus of
Information Security
• Military applications of cryptography were developed in the
1800s.
• Cryptography was extensively used to encrypt tactical
communications during World Wars I and II.
Can you Identify This Machine?
11. The Shifting Focus of
Information Security
• With the computing era, the way people use information in
their daily lives evolved.
And with it, so did information security.
1944 Today
12. Today’s InfoSec Focals – How is
Data Transmitted
Accessed
Shared
Retained
Used
Stored
Processed
13. What Does The Future Hold?
Wearables
Self Driving Cars 3D Printing
14. What This All Means
• The same trend from the 60s and 70s is repeating itself.
• Just like how computers spread out from a few offices to the
common man, advanced technology is becoming cheaper and
easily available.
15. From Greater Pervasiveness to
Greater Power
• Technology’s control over a common man’s life is increasing.
• Today we use mobile phones to keep us connected, and
process information.
• Tomorrow, we will use technology to drive our cars to work.
16. Shift in the Goal of Information
Security
• Today, the end objective of information security is mainly to
protect assets like
• money
• trade secrets
• business productivity
• organizations’ reputations, etc.
In future, the end objective will shift towards the protection
of
• Human Life
17. Example Scenario
I’ve hacked into your Core
Banking Database. Pay me
$500,000 or I will crash it.
I’ve hacked into your self-driven
car. All I ask is $10 million. I’ve
texted you my Account Number.
Choose not to comply and I WILL
crash your car.
Cyber extortion TODAY Cyber extortion of the FUTURE
21. Robots Have Been Around A
Very Long Time
First Robot Ever Made:
Archytas’ Bird
• Steam powered wooden bird
• Dates back to 360 BC
• First known attempt at
automation
First Industrial Robot
• 1961 – General Motors developed
a robot to move hot car parts into a
cooling liquid
22. Robotics: Applications Today
• Industrial Applications:
• Factories – manufacture of cars,
packaging material, processed
foods, etc.
• Automation of repetitive tasks
with high precision
• Medical Applications:
• Robotic surgery allows doctors
to control and automate
complex procedures with high
precision, sometimes even
remotely.
23. Military Applications of
Robotics • TALON
• Built by a company called Foster-
Miller
• Most common military robot in use
• Can travel through sand, water, and
snow.
• Has Audio-visual listening devices and
a mechanical arm
• Primarily used in search and rescue
operations. Was used in 911.
• Controlled remotely by a human.
Upcoming versions of TALON will include a weapons system
holding guns and grenade launchers.
24. What Are The Security
Implications?
• End-Points – ie the
equipment at the
doctor’s end or at the
patient’s end is
compromised. This is
less common since the
end-points are usually
physically guarded.
• Network Attacks – the
channel of
communication
between the doctor and
patient is compromised.
This is more common.
Ref: http://arxiv.org/pdf/1504.04339v2.pdf
Consider a Tele-Robotic Surgery. How can it be attacked?
26. How Bad Can It Get?
• The above was just one example, but it
can be extrapolated to other scenarios
where robots are used.
• Most robots today are not entirely
autonomous – ie. they must be instructed
by a human entity over a communication
channel.
• If this process is compromised, the impact
can be death and/or serious physical
damage.
28. Security Approach
• Go Back to the Basics
• Strong encryption of the network link between
the Operator and the Operated Device.
• Use secure communication protocols like TLS
v1.3 and above, SSH, WPA2, etc.
• Strong authentication of source and
destination IPs
• Harden the end-point devices
• Perform network and app level pen-testing
30. What Is It?
Technology that allows you to fabricate three
dimensional objects using plastic, metal, ceramics,
powders, liquids, or even living cells provided you
have a blueprint of the object created with CAD
software.
3D Printing has been around
since the late 80s. Since 2006,
the technology has started to
become cheaper and more
accessible.
31. You Will Need A 3D Printer and
a “.stl” Template
http://www.thingiverse.com
3D printing is also called Stereolithography and the CAD templates are created in the
.stl format.
32. Applications
• Automobile Manufacture
Manufacture and testing of
prototypes and auto
parts/components
• Medical Sector
Manufacture of low cost prosthetic
limbs, dental implants and even living
tissue.
• Defence, Education, etc.
33. 3D Printed Weapons?
• Defense Distributed is an open source company that provides .stl designs for
3D printed firearms – for FREE.
34. 3D Printed Weapons?
• Plastic 3D printed guns can actually be used to fire rounds.
• Liberator 3D is a functioning 3D printed gun developed by Defense
Distributed.
• Plastic guns – don’t show up under a metal detector scan. So this means
everyone with a 3D Printer can create and own an invisible weapon.
Ref:
https://www.youtube.com/watch?feature=player_embedded&v=drPz6n6UXQY
35. 3D Printed ATM Skimmers
• An ATM skimmer fits into an ATM card
slot and can capture Track data from a
swiped credit/debit card.
• A pinhole camera/ keypad overlay
captures the PIN as it is keyed in by the
cardholder
• This is transmitted wirelessly to criminals
located within a 100m range of the ATM.
• Unless cardholders are alert, the
skimmer will pass off as a genuine part of
the ATM itself.
• 3D printing allows ATM skimmer devices
to be made faster, more accurately and
efficiently by crooks.
36. How About Your Car Keys?
• All it takes is a few photographs of a key to
create the .stl design and 3D print a
duplicate set.
• Burglars, car thieves, etc. are jumping at
the opportunities.
37. What’s Next?
•There are 6 million parts that go
into a Boeing 747. What if
tomorrow one of those is a 3D
printed fake?
•Counterfeit coins
•Fake ID Cards ???
38. And By The Way…
• The world’s first fully 3D printed car is on its way out in 2016.
• LocalMotors is working on a road-ready model.
39. Solutions?
•The technology is still evolving
•Regulation and Legislation is yet
to catch up with ethical, legal,
privacy and security challenges.
•It is going to be difficult to predict,
let alone prevent the mis-use of
this technology.
42. How Do We Understand
Wearables?
What’s Common to All Wearables
,
which are carried either of
a user’s body.
What’s Different
Primary Function of the device
• Smart Glasses- Augmented
Reality Device
• Smart Watch - Makes calls,
plays music, etc.
• Smart Pills – monitor health
stats
Device Capability
• Does it have a camera?
• Can it make calls?
• Is it online?
• Does it keep you alive?
43. Most Popular Wearables Today
• Smart Watches
• Samsung Gear, Apple Watch, Pebble, etc.
• They account for 40% of the wearables market
• Fitness Bands
• FitBit, Garmin, etc.
• Smart Glasses
• Vuzix, Google Glass
Ref: http://www.gartner.com/document/2847117
44. The Security Challenge with
Wearables
I. For a Personal User – Data
Privacy is the primary concern
with Wearables
II. At an Organizational Level –
Data Security is the key concern
45. I. Personal Users: The Privacy
Challenge
• Wearable technology is still evolving.
• The primary design focus is more on
functionality and less on privacy.
• Imagine the data available to a stalker who
has hacked into your fitness band:
• Location of your house
• Places you frequent the most
• Your sleep patterns
• Your food habits
• Your exercise habits
• Your health data: heart rate, BP, etc.
46. Security vs Functionality
• We all know the Google Glass story. A host of great new
features… but privacy??
Eye Tracking Feature Recording Feature
What you see – Glass sees. People that you see – Glass
sees (and can record).
Ref: https://www.youtube.com/watch?t=85&v=9c6W4CCU9M4
Come Jan 2015, Google eventually had to pull the plug on Glass
47. II. Organizational Context –
Security Challenge
The primary challenge with allowing wearables within an
office workspace is Data Security
Mobile phones have already changed the
security landscape within organizations. How
hard is it to take pictures of your screen using a
mobile camera?
The main issue with wearables is they make it
difficult to find out when they are used to steal
data - taking pictures at the blink of an eye, for
instance.
49. Implantables
Jiya Bavishi's auditory brainstem implant is helping her hear
sounds for the first time.
Auditory Brain-Stem
Implant consists of a
i. mic attached to the
ear and
ii. a sensor implanted in
the brain
to process sound signals
in hearing impaired
patients.
Ref: http://www.npr.org/sections/health-shots/2015/06/01/410065053/new-hearing-technology-brings-sound-to-a-litte-
girl
50. Ingestibles
• The Pill communicates with a
wearable sensor on the skin
called a Patch.
• The technology will track the
patient’s physiological stats
about medication ingestion,
heart rate, activity, rest, and skin
temperature
• The digital health information
can be viewed on a synced
Mobile/Tablet.
Ref: proteus.com
Proteus, a company specializing in Digital Medicine, has received FDA
approval for its Digital Pills – sensors which can be swallowed by a patient.
51. What are the Security Threats?
• Can someone hack into your internet connected pacemaker
and speed your heart up till you die? According to the former
US Vice President’s advisors…
Ref:
https://www.washingtonpost.com/news/the-
switch/wp/2013/10/21/yes-terrorists-could-
have-hacked-dick-cheneys-heart/
52. Securing Wearable Technology
Manufacturers of Wearable Technology
• Manufacturers are being pushed by security researchers to look at
security and privacy at the design stage of their devices.
• Devices must anticipate and inform users of privacy compromises they
will make at every stage of using a device
Organizations/Work Places
• Organizations must understand the risks introduced by allowing
wearables within their premises.
• A risk assessment must be done to identify controls ranging from
restricted permission to use these devices to fully denying access
End-Users:
• Users must be aware that privacy will be compromised when they use a
wearable device.
• Children and senior citizens are more vulnerable.
54. What Is It?
Technology today consists of a number of devices
of different kinds, each with a certain level of
computing power and memory.
55. The IoT is a
ecosystem of
hardware and embedded
within which data can be
and
How Do We Define the IoT?
56. Interesting Statistic
• The IoT s is projected to consist of 30 billion connected
“things” by 2020.
Ref: IDC
The world’s human population is projected to be almost 8
billion by 2020.
Ref: United Nations Population Fund
58. The Big Challenge – Securing
the IoT
• BMW patches security flaw on their ConnectedDrive software,
that would have allowed a hacker to unlock car doors
Ref: http://www.bmw.com/com/en/insights/technology/connecteddrive/2013/
59. The Big Challenge – Securing
the IoT
Jul 22, 2015: Hack moving Jeep. Switch off engine.
Ref: http://www.cbc.ca/news/technology/hackers-kill-engine-of-moving-jeep-on-highway-in-security-demo-
1.3162944
60. The Challenges are Many
• Complexity
A heterogeneous network means devices on the IoT are
different, with unique designs, software, operating
protocols, etc. Where does a security attempt even begin?
• Uniform Standards
On the IoT, we will need to develop a uniform standard for
devices to communicate. A uniform standard/protocol
makes the IoT that much easier to hack into.
• Monitoring
Currently, organizations have SOCs with IPS/DLP, etc. Who
will monitor the IoT network?
63. • Recommends a holistic approach
• Focus not only on securing the Device, but also,
• The IoT Environment it operates in
• It looks at:
• The Device
• The Cloud
• The Mobile Application
• Network Interfaces
• Software
• Use of Encryption
• Use of Authentication
• Physical Security
• USB Ports
Ref: OWASP Internet of Things Top Ten
OWASP – Internet of Things
Top Ten
Early 60s
The core asset was the computer and not so much the data it processed.
Information protection was achieved mainly through the control of physical access to computers.
Skilled users of the computers were few
Computers were not networked.
Two parallel developments from the 80s onwards:
Increasing dependence on computers – which means an organization CANNOT operate efficiently without some reliance (extensive in most cases) on a technology platform.
Increasing simplicity of computing. Today, people don’t need any specific skills to learn to use a mobile phone, for instance. Computing is becoming intuition driven, so as to enable greater adoption.
With more and more sensitive data being put on a computer, the primary asset has become the information, and with cheaper availability of computers, the computer has become a secondary asset – more like a primary asset container.
Give explanation of each case – stored, processed, transmitted, work from home, Google Right to be Forgotten, Misuse of data for identity thefts, sharing of data with third parties (Main reason why Myntra is going mobile, Facebook acquired WhatsApp for 19 billion USD)
- It is undoubtedly true that a mobile is a far more personal device than a desktop and ergo, it knows a lot more about you than your desktop. Everything from your location to your social circle to your waking and other habits & preferences.
PII, SPI available on a smartphone:
- Mobile Number
- Email ID
- Location
- Travel updates
- Contacts (Phone nos)
- Text messages (SMS and WhatsApp)
- Photos taken with mobile camera
- Call Data (most called persons, average time spent per day on calls, etc.)
- Browsing habits (most frequented websites)
Types of Network Attack:
Intention Modification
A man-in-the-middle attacker modifies the surgeon’s messages to the robot.
Intention Manipulation
A man in the middle modifies feedback messages originating from a robot. A surgeon’s messages (and his/her intent) are not modified
Hijacking Attack
A man in the middle takes control of the robot, causing it to ignore the intentions of a surgeon, and to instead perform other, potentially harmful actions. These attacks can also be done discreetly to avoid detection.
You are involved in a car crash.
Sensors in your car detect the collision and deploy your air bags.
Using your car’s navigation system, the nearest hospital is identified
The emergency helpline number is found on Google and a call is triggered from your phone (which of course is linked to your car via Bluetooth) to this emergency number.
A shrill alarm is sounded off from your car, to alert passers-by.
Meantime, your car’s sensors have already sent warning messages to the nearest set of traffic lights, alerting incoming vehicles to slow down.
Simple iPhone game app - 10,000 lines of code
Average Car software – 100 million lines of code