Tag: mit | SpinSafe

Android-Geräte ab Werk mit Malware infiziert

October 10, 2023/in Computer Security

Der Sicherheitsanbieter Human Security weist darauf hin, dass derzeit Tablets und auch Settop-Boxen mit Google Mobilbetriebssystem Android im Umlauf sind, die ab Werk mit Schadsoftware ausgeliefert werden. Die Forscher von Human Security fanden vor allem den Trojaner Badbox, der unerwünschte Werbung anzeigt und weiteren Schadcode einschleust.

Die fraglichen Settop-Boxen mit Chipsätzen von Allwinner (H616 und H618) und Rockchip (3328) werden unter verschiedenen Bezeichnungen und von unterschiedlichen Herstellern – unter anderem als T95, T95Max, X12-Plus und X88-Pro-10 – auch in Deutschland vertrieben. Sie enthalten unter Umständen den Trojaner Badbox, den Human Security als eine Sammlung von Firmware-Hintertüren beschreibt.

Wird ein solches Gerät im heimischen Netzwerk in Betrieb genommen, verbindet es sich automatisch mit einem Befehlsserver, um weitere Instruktionen zu erhalten. Über den Befehlsserver erhält die Malware unter anderem betrügerische Anzeigen für unerwünschte Apps. Badbox arbeitet aber auch mit gefälschten E-Mail- und Messaging-Konten. Außerdem kann über den Befehlsserver weiterer Schadcode installiert werden.

Insgesamt fanden die Forscher den Trojaner auf sieben verschiedenen Settop-Boxen sowie einem Android-Tablet. Alle Geräte haben gemeinsam, dass sie für sehr geringe Preise angeboten werden – die Settop-Boxen sind mit Fernbedienung für unter 30 Euro erhältlich. Es wird vermutet, dass anhand der benutzten Chipsätze von Allwinner und Rockchip mehr als 200 unterschiedliche Modelle von Android-Geräten betroffen sein könnten.

Google soll die über Badbox verbreiteten Apps inzwischen aus dem Play Store entfernt haben. Da der Trojaner in der Firmware der infizierten Geräte integriert ist, lässt er sich ohne Installation einer neuen Firmware nicht entfernen – die aber nicht verfügbar ist. Nutzer sollten vor dem Kauf einer günstigen Settop-Box mit einem der genannten Chipsätze prüfen, ob es sich um einen namhaften Hersteller handelt und gegebenenfalls Billiganbieter meiden.

Source…

Bringing lessons from cybersecurity to the fight against disinformation | MIT News

August 21, 2022/in Computer Security

Mary Ellen Zurko remembers the feeling of disappointment. Not long after earning her bachelor’s degree from MIT, she was working her first job of evaluating secure computer systems for the U.S. government. The goal was to determine whether systems were compliant with the “Orange Book,” the government’s authoritative manual on cybersecurity at the time. Were the systems technically secure? Yes. In practice? Not so much.

“There was no concern whatsoever for whether the security demands on end users were at all realistic,” says Zurko. “The notion of a secure system was about the technology, and it assumed perfect, obedient humans.”

That discomfort started her on a track that would define Zurko’s career. In 1996, after a return to MIT for a master’s in computer science, she published an influential paper introducing the term “user-centered security.” It grew into a field of its own, concerned with making sure that cybersecurity is balanced with usability, or else humans might circumvent security protocols and give attackers a foot in the door. Lessons from usable security now surround us, influencing the design of phishing warnings when we visit an insecure site or the invention of the “strength” bar when we type a desired password.

Now a cybersecurity researcher at MIT Lincoln Laboratory, Zurko is still enmeshed in humans’ relationship with computers. Her focus has shifted toward technology to counter influence operations, or attempts by foreign adversaries to deliberately spread false information (disinformation) on social media, with the intent of disrupting U.S. ideals.

In a recent editorial published in IEEE Security & Privacy, Zurko argues that many of the “human problems” within the usable security field have similarities to the problems of tackling disinformation. To some extent, she is facing a similar undertaking as that in her early career: convincing peers that such human issues are cybersecurity issues, too.

“In cybersecurity, attackers use humans as one means to subvert a technical system. Disinformation campaigns are meant to impact human decision-making; they’re sort of the ultimate use of cyber…

Source…

How MIT Researchers Are Commercializing RFID, Computer Vision Robotics

May 17, 2021/in Computer Security

The MIT Media Lab system employs RFID technology to enable a robot to find a specific item in a complex environment and take instructions.

CAMBRIDGE, Mass. — Researchers at the MIT Media Lab are employing radio frequency identification (RFID) technology along with computer vision to enable robots to explore their environment in order to locate and move a targeted item that may not be visible. The system, which has been in development, simulation and testing for several years, employs machine learning to better accomplish such complex tasks, and the team is seeking to commercialize the research.

In that effort, the researchers have been interviewing potential customers and planning a possible company spinoff. This year, the team has participated in the I-Corps program, led by the National Science Foundation to identify potential sponsors and plan the first product. “The technology has matured enough to take it out of the lab into the real-world environment,” says Fadel Adib, an MIT associate professor and the Media Lab‘s principal investigator.

The RFID portion of the robotic system employs what researchers call RF perception, consisting of off-the-shelf passive UHF RFID tags, as well as an RFID reader and specialized antennas installed in the robot’s environment. Robots employ RFID to identify items and their specific locations when they are not visible, and the software analyzing that data can direct the robots via computer vision to focus on the items before them, determine what needs to be moved or navigated around, and act accordingly. The technology, the researchers say, could be leveraged by manufacturers, retailers or warehouses to sort, pick or place goods.

The robot is designed for two primary solutions, according to Adib. One is monitoring goods moving through warehouses that need to be picked and packed according to customer orders, which traditionally requires workers to move through aisles, opening boxes and finding specific items, then placing them in containers for shipping. With RFID, the robots could identify what is in a given box or on a particular shelf, then pick up that item and confirm where it was placed. The system is designed to prevent…

Source…