Modern technologies and cybersecurity
- 1. UNIVERSITY OF JYVÄSKYLÄ MODERN TECHNOLOGIES AND CYBERSECURITY November 13th, 2018 MODERN TECHNOLOGIES AND CYBERSECURITY VADIM DAVYDOV
- 2. V. Davydov MODERN TECHNOLOGIES AND CYBERSECURITY November 13th, 2018 !2 Table of contents 1. Introduction 2. Mobile applications 3. Electric cars 4. IoT threats 5. Crypto currency 6. Global threats 7. Conclusions
- 3. V. Davydov MODERN TECHNOLOGIES AND CYBERSECURITY November 13th, 2018 !3 A map of every device in the world which is connected to the Internet (2017, SHODAN) Introduction
- 4. V. Davydov MODERN TECHNOLOGIES AND CYBERSECURITY November 13th, 2018 !4 Mobile applications Key App Statistics: • The total number of mobile app downloads in 2017 – 197 billion (Source: Statista) • The total number of iOS app downloads in 2016 – 25+ billion (Source: App Annie) • The total number of Android app downloads in 2015 – 50 billions (Source: Benedict Evans) • The total number of Android app downloads in 2016 – 90 billion (App Annie)
- 5. V. Davydov MODERN TECHNOLOGIES AND CYBERSECURITY November 13th, 2018 !5 Example: GetContact Application (1/3) February 2018 — the application identified numbers using its users own contacts (simply, you can see how people write your name in their contact books) • Having installed it, user would know almost every caller by name and picture • The app pulled up the caller’s personal data and photo from its database But what about privacy?
- 6. V. Davydov MODERN TECHNOLOGIES AND CYBERSECURITY November 13th, 2018 !6 Example: GetContact Application (2/3) Source: kaspersky.com The user agreement allowed developers to transfer data to any third party and contained a clause forcing the user agree to receive mass e-mails / messages
- 7. V. Davydov MODERN TECHNOLOGIES AND CYBERSECURITY November 13th, 2018 !7 Example: GetContact Application (3/3) Source: trends.google.com
- 8. V. Davydov MODERN TECHNOLOGIES AND CYBERSECURITY November 13th, 2018 !8 Example: Spoofing in mobile applications April 2017, Paris — “Privacy Threats through Ultrasonic Side Channels on Mobile Devices” According to that study, smartphone apps have been silently spying on users Researchers discovered 234 applications constantly listening for ultrasonic beacons that can reveal human activity Two of them had been downloaded between 1 million to 5 million times
- 9. V. Davydov MODERN TECHNOLOGIES AND CYBERSECURITY November 13th, 2018 !9 IoT threats Building automation — the automatic centralised control of a building's heating, ventilation and air conditioning, lighting and other systems through a building management system or building automation system. (Source: wikipedia.org) What about privacy?
- 10. V. Davydov MODERN TECHNOLOGIES AND CYBERSECURITY November 13th, 2018 !10 IoT threats Source: youtube.com (Sberbank)
- 11. V. Davydov MODERN TECHNOLOGIES AND CYBERSECURITY November 13th, 2018 !11 Example: iKettle iKettle is a product of “Smarter” company Source: pentestpartners.com In 2015 Ken Munro (Pen Test Partners) showed a way how to easily get a Wi-Fi password using iKettle
- 12. V. Davydov MODERN TECHNOLOGIES AND CYBERSECURITY November 13th, 2018 !12 Example: iKettle Source: pentestpartners.com Key steps: • Social engineering. Using twitter and 192.com he found the user of the kettle and his address; • Then he sent an antenna to owner’s apartment and connected the kettle to his access point: • Sending fake disassociation • Use the same SSID but higher network power) • Then he used brute force attack to break the PIN of the kettle
- 13. V. Davydov MODERN TECHNOLOGIES AND CYBERSECURITY November 13th, 2018 !13 Electric cars
- 14. V. Davydov MODERN TECHNOLOGIES AND CYBERSECURITY November 13th, 2018 !14 Example: Tesla Motors PKES systems based on the physical proximity of a paired key fob. Passive Keyless Entry and Start Systems (PKES) — systems which allow users to open and start the vehicle using the key on the distance. Tesla Motors key fob for starting the car These systems are vulnerable to relay attacks (intercepting and manipulating communication between the key fob and the car)
- 15. V. Davydov MODERN TECHNOLOGIES AND CYBERSECURITY November 13th, 2018 !15 Example: Tesla Motors Hacking Tesla S key fob • To lock or unlock a car, Tesla Model S key rings send an encrypted signal based on a cryptographic key to a car radio system • However, key fobs (made by Pektron) use weak ciphers (40-bit) to encrypt such messages Sequencing: • Calculating all possible keys for pairs; • Attacking the key chain • Forging the keys Source: esat.kuleuven.be
- 16. V. Davydov MODERN TECHNOLOGIES AND CYBERSECURITY November 13th, 2018 !16 Cryptocurrency: Bitcoin Bitcoin is a cryptocurrency, a form of electronic cash Officially, the creator is Satoshi Nakamoto but nobody saw him ever Chart of Bitcoin price over the years (source: coindesk.com)
- 17. V. Davydov MODERN TECHNOLOGIES AND CYBERSECURITY November 13th, 2018 !17 According to some researchers: • Bitcoin architecture was described in the “White Paper” of American intelligence long before the developer appeared under the pseudonym Satoshi Nakamoto • “Satoshi Nakamoto’s” texts and code are full of Americanisms • A lot of work was done on the implementation of Bitcoin itself (design and programming), many person-years were invested in it Cryptocurrency: Bitcoin
- 18. V. Davydov MODERN TECHNOLOGIES AND CYBERSECURITY November 13th, 2018 !18 What are the main threats connected with bitcoin? • There is no control over payments or transactions • Bitcoin is not a subject to control or regulation • The cost of bitcoin is completely speculative Cryptocurrency: Bitcoin
- 19. V. Davydov MODERN TECHNOLOGIES AND CYBERSECURITY November 13th, 2018 !19 Global threats What are global threats? — these are threats which can damage the systems on the government and country levels and change cardinally people’s facilities. For example: — American sanctions to some payment systems (switching off Visa and MasterCard paying systems) — malware which are directed to critical infrastructure facilities (such as electoral system) …
- 20. V. Davydov MODERN TECHNOLOGIES AND CYBERSECURITY November 13th, 2018 !20 Global threats: Stuxnet An attack to nuclear object in Iran • 2009 — Stuxnet virus was detected in Iran (60% of infection total number) • In February 2011, Symantec published a report “W32.Stuxnet Dossier”. It was established that Stuxnet spread through five organisations, some of which were attacked twice - in 2009 and in 2010. Attacked organisations (according to Kaspersky Lab): 1) Foolad Technic Engineering Co 2) Behpajooh Co. Elec & Comp. Engineering 3) Neda Industrial Group 4) Control-Gostar Jahed Company 5) Kala Electric or Kala Naft All these organisations are nuclear manufactures in Iran
- 21. V. Davydov MODERN TECHNOLOGIES AND CYBERSECURITY November 13th, 2018 !21 Conclusions — Cybersecurity is extremely important nowadays, and we have to pay a lot of attention to this area; — When buying something new and modern, we must be sure that it would be safe for us; — We should always be accurate with mobile applications, to read some feedback and always check the data which the application uses; — Every time if something is suspicious, we should ask ourselves a question: “Is it a very useful thing for me or I could change it to something different?”
- 22. V. Davydov MODERN TECHNOLOGIES AND CYBERSECURITY November 13th, 2018 !22 Q&A