Tag Archive for: positive

Louisiana Tech students receive positive recognition for hacking | North Louisiana

/in


Cyber engineering, computer science team publishes a paper and presents research on popular app vulnerabilities

Hacking a safety app netted a Louisiana Tech University Computer Science graduate student a publishing credit, a trip to Hawaii, and the opportunity to present the research at an international conference.

Louisiana Tech Cyber Engineering alumnus and current MS Computer Science and CyberCorps Scholarship for Service student Jonah Fitzgerald (‘22), along with fellow Cyber Engineering program alumni Thomas Mason (‘22) and Brian Mulhair (‘22), discovered a vulnerability in the Louisiana Department of Health COVID Defense contact tracing app that allows hackers to attack neighboring devices.

As seniors researching a paper assignment for Dr. William Bradley Glisson’s Computer Science 448/543, Cyber Engineering 404 “Reverse Engineering” class, the team discovered the symptoms history share feature of the app could be modified to send a malicious link via email, WIFI, and nearby share systems. The team was able to demonstrate two attacks using the link: They were able to harvest credentials by redirecting users to a fake page resembling the My.LA.Gov page and installing an Android app on the target phone to access all the information in that phone.

With additional guidance from Glisson, the team improved their results, presented the research to Glisson’s Cybersecurity Information Technology Exploration Research Group, and submitted the paper to the conference.

Fitzgerald then had the opportunity to travel to Ka’anapali Beach on the island of Maui to present the team’s findings at the 56th Hawaii International Conference on System Sciences “Internet and the Digital Economy” track and “Cybercrime” mini-track.

“I wanted to get involved with this research because I felt I could make a meaningful contribution to improving mobile app security and fighting the COVID-19 pandemic,” Fitzgerald said. “I feel that my Tech education in cyber engineering prepared me for success in solving these types of problems by rapidly learning new concepts like reverse engineering and tackling tough challenges in…

Source…

Positive week on U.S. inflation hopes

/in


European markets advanced on Friday, building on gains from the previous session to notch their highest level since April 2022.

The pan-European Stoxx 600 was up 0.6% by late morning, with tech stocks adding 1.2% to lead gains while autos dropped 1.8% as the only sector in the red.

The European blue chip index closed Thursday’s trading up 0.7% at 450.22 points, its highest point since April 2022, after a choppy session following the latest U.S. inflation print.

The December consumer price index report was in line with economist expectations for a monthly dip of 0.1% but a 6.5% rise in consumer prices year over year, compared with a 0.1% monthly gain in November and an annual rise of 7.1%.

Investors around the world are closely monitoring inflation data for clues to how long and how far monetary policy tightening from central banks will go.

Federal Reserve Bank of Philadelphia President Ed Harker indicated in a speech Thursday that substantial hikes to interest rates are in the rearview, with inflation seemingly past its peak, suggesting that while the Federal Reserve will need to continue hiking, it could do so in 25 basis point increments at future meetings.

Shares in Asia-Pacific were mostly higher on Friday, though Japan’s Nikkei 225 slumped 1.25%, dragged down by a sharp decline for Uniqlo owner Fast Retailing as well as broad weakness in food and electronics stocks.

Stateside, stock futures were slightly lower in early premarket trading on Friday ahead of a suite of big bank earnings, with JPMorgan Chase, Wells Fargo, Citigroup and Bank of America all due to report before the bell on Wall Street.

Source…

Effecting positive change in the Internet of Things

/in


Way back when…

We started our journey back in the day when the IoT was in its infancy. Our first published research was in June 2015 with a post about extracting the Wi-Fi PSK from Fitbit’s Aria weighing scales. This led to a challenging disclosure process with Fitbit, though it ended positively and constructively, with Fitbit supporting our efforts to educate and improve cyber security. This included us delivering workshops and briefings at the world-famous DEFCON and BlackHat hacking conferences.

Seven years on and the security challenges that IoT device manufacturers, IoT platform providers and API coders fail to handle have not gone away. The growth in the market for smart ‘things’ and the persistence of poor practice has amplified the problems. Our ever increasing catalogue of IoT security research (160+ posts and counting) is anecdotal evidence of this. That’s not to say that some responsible manufacturers haven’t listened. There are many great examples of secure smart devices but it’s not ubiquitous.

Headlines

Along the way, we discovered a number of high profile vulnerabilities that made international media headlines. These included the fact that many Samsung smart TVs were listening to the viewer and sending text of conversations to the US for decoding in to text, but unencrypted. We discovered smart refrigerators that leaked the owners email credentials to passers-by. We demonstrated the first ever proof of concept ransomware on an embedded device (a smart thermostat) and many other world-leading pieces of research.

Independent research

We spend a lot of time carrying out independent research, compromising devices, then convincing vendors to fix the issues. Seeing these problems fixed is good for us, and good for consumers, but it doesn’t always address the root causes at the vendors involved. These stem from:

  • A lack of security understanding
  • A lack of sufficient care for users
  • Not factoring security in to their product roadmaps
  • A lack of comprehensive legislation to prevent bad vendors bringing products to market
  • Discrepancies in regulation across different regions
  • A lack of active enforcement of the regulations that do exist

Our flagship piece of…

Source…

NSA: Sanctions on Russia Having a Positive Effect on Ransomware Attacks, Attempts Down Due to Difficulty Collecting Ransom Payments

/in


National Security Agency (NSA) director of cybersecurity Rob Joyce told attendees of a recent UK security conference that ransomware attacks are down in roughly the last two months, and that trend can be traced directly to sanctions placed on Russia. Criminals that operate out of the country are struggling to find ways to cash out ransom payments and set up infrastructure, due in large part to sanctions attached to the invasion of Ukraine.

NSA director sees downward trend in ransomware attacks due to recent sanctions

The NSA cyber security director told the National Cyber Security Centre’s (NCSC) Cyber UK event in Wales that criminal attempts on government agencies and critical infrastructure had made ransomware attacks a national security priority, and that most of the serious players in this particular segment of the criminal underworld are based in Russia. New sanctions against entities in Russia are thus having a dampening effect on ransomware attacks, as the criminals lose options for doing business with the outside world.

Joyce said that this was likely not the only factor for the reduction in ransomware attacks, but was a significant contributor. Ransom payments are more difficult to process due to lack of access to assorted banking options, and inability to purchase necessary technology to set up the infrastructure for new ransomware campaigns.

Whether or not to formally ban ransomware payments has been a hot topic across the world for several years now, ever since ransomware attacks made a major resurgence. After a lull in the mid-2010s, ransomware roared back in 2017-2018 roughly concurrent with the massive rise in value of cryptocurrencies. Even larger spikes have occurred since the beginning of the Covid-19 pandemic, as both home and work internet traffic greatly increased. While there is some case to be made for cutting these attacks off at the source by banning ransom payments, an argument supported by this recent NSA announcement, many organizations feel that they have no option but to make a payment when they are unexpectedly caught by a breach. This is particularly true for companies that cannot afford even a small amount of downtime, such as health care…

Source…