SlideShare a Scribd company logo

Device Hacking

Download as PPTX, PDF
Damian T. Gordon
Damian T. Gordon

Hackers are increasingly targeting hardware and firmware as software security improves. The USB port, which is used for charging many devices, can also transmit malicious code or data if the device is plugged into a compromised public charger. Several types of USB attacks have been demonstrated, including installing malware, simulating keystrokes to steal login credentials, and damaging devices with power surges. Bluetooth and wireless vulnerabilities have also been exploited by hackers to gain remote access to devices within range. Medical devices are a major concern as vulnerabilities have been shown that allow full wireless control of insulin pumps and ability to remotely trigger shocks from implanted pacemakers and defibrillators.

Education
1 of 20
Damian Gordon
 Although it is difficult to exploit hardware, there is a lot of interest in device hacking as it gives so much more control over devices.  As the security of software becomes more robust, attackers are looking in other areas to control systems, and hardware and firmware are the new targets.
 Newer smartphones and laptops use a USB port for charging (USB-C port).  The EU would like a common charger for all devices, and think USB-C is the way to go:
 The problem is that the port can take data and instructions as well as power, therefore, if I create a fake charging station, I can steal all the data off a phone, install malware, or do anything else I want with the phone.  So experts have identified 29 different types of USB attacks, and recommend never to use public chargers.
 Ran Yahalom of Ben-Gurion University showed the following kinds of USB attacks: ◦ Installation of infections, or other malicious software, that once connected, have access and take control of your computer or phone. ◦ Microcontrollers attacks, Microcontrollers (like an Arduino) can impersonate a USB peripheral and act like a keyboard or a mouse. Once you connect, it starts injecting key presses. ◦ Electrical attacks, creating an electrical component that looks like a flash drive, but conducts a power surge attack once connected, and, fry the entire computer or phone.
 There are also some commercial USB hacking devices: ◦ USBdriveby ◦ KeySweeper ◦ BadUSB
 USBdriveby: This USB stick is easily identified by the chain attached to it and contains a particularly nasty surprise inside. Once plugged into a PC, it begins to imitate your keyboard and uses keystrokes to disable firewalls, opens backdoors to allow remote control and tells network monitoring apps that everything is okay.
 KeySweeper: Disguised as a USB wall charger, the KeySweeper hack is a very well concealed device which uses wireless connections to identify and spy on local Microsoft wireless keyboards. And, by monitoring keystrokes, KeySweeper can quickly obtain login details and transmit these back to a remote location.
 BadUSB: A USB stick hack, BadUSB impersonates your keyboard to allow itself to reprogram firmware associated with your existing USB devices e.g. network cards can be reprogrammed to send users to sites containing malicious software which can soon infect your entire network.
 Bluetooth is a wireless technology standard for exchanging data between fixed and mobile devices over short distances.  It used short-wavelength UHF radio waves in the industrial, scientific and medical radio bands, from 2.400 to 2.485 GHz.  Bluetooth is managed by the Bluetooth Special Interest Group (SIG),
 BlueBorne is a generic term for several security vulnerabilities affecting electronic devices involving various Bluetooth implementations in Android, iOS, Linux and Windows.  BlueBorne scans for devices with Bluetooth enabled and once it finds them, can gain access in about 10 seconds. Once compromised, the device expands the reach of the attack, boosting the signal for the hacker and eliminating the need for the attack source to be within Bluetooth range of potential targets.
 WiFi Spoofing  A spoofing attack is one where a program successfully masquerades another by falsifying credentials.  So if you login to a public WiFi regularly, e.g. Starbucks, then if a hacker sets up a WiFi spot called Starbucks, your computer/phone may automatically connect. The hacker will be connected to your computer/phone.
 In 2017 Google’s Project Zero security team demonstrated a flaw in a very common wireless chip by the Broadcom (used in phones by Apple, Samsung and others) that leaves millions of mobile phones and other devices vulnerable to simple hacking by way of wireless networks.  One of the discovered holes was a “stack buffer overflow” hole that would allow an attacker to “execute arbitrary code on the WiFi Chip.  It has been mostly fixed, but there may be others.
 One extremely worrying area is medical device hacking; where hackers target devices like insulin pumps, pacemakers and heart implants.  New Zeland computer security expert Barnaby Jack showed vulnerabilities in each of these.
 Born: 22nd November 1977  Died: 25th July 2013  Born in Auckland, New Zealand  A New Zealand hacker, programmer and computer security expert.  Demonstrated how to hack ATMs (his technique was called “Jackpotting”.  He also show how to hack various medical devices  In 2012 his testimony led the United States Food And Drug Administration to change regulations regarding wireless medical devices.
 Hacking insulin pumps  In October 2011 Jack demonstrated the wireless hacking of insulin pumps. Interfacing with the pumps with a high- gain antenna, he obtained complete control of the pumps without any prior knowledge of their serial numbers, up to being able to cause the demonstration pump to repeatedly deliver its maximum dose of 25 units until its entire reservoir of 300 units was depleted, amounting to many times a lethal dose if delivered to a typical patient.
 Hacking pacemakers and heart implants.  In 2012-2013 Jack demonstrated the wireless hacking of pacemakers and heart implants.  He developed software that allowed him to remotely send an electric shock to anyone wearing a pacemaker within a 50-foot radius.  He also developed software to control of heart implants.
 The risk to medical devices grows as more and more become part of the internet of things (IoT), in which physical devices are embedded with technology to make them wirelessly accessible.  According to a report from the US Department of Health and Human Services' Office of the Inspector General, the US Food and Drug Administration is not doing enough to prevent medical devices being hacked (November 1, 2018).
 Medical device company Abbott announced a voluntary recall of 465,000 pacemakers in 2017 due to a possible hacking threat. The FDA said the devices contained vulnerabilities that could allow access to a patient’s device using commercially available equipment. This access could be used to modify programming commands to the implanted pacemaker, which could result in patient harm from rapid battery depletion or administration of inappropriate pacing.

Recommended

Mobile Security
Mobile SecurityMobile Security
Mobile SecurityMarketingArrowECS_CZ
 
seminar on invisible eye
seminar on invisible eyeseminar on invisible eye
seminar on invisible eyeVashishth Narayan Kumar
 
Hash function
Hash function Hash function
Hash function Salman Memon
 
Seminar ppt fog comp
Seminar ppt fog compSeminar ppt fog comp
Seminar ppt fog compMahantesh Hiremath
 
Mobile security
Mobile securityMobile security
Mobile securitydilipdubey5
 
Iot security and Authentication solution
Iot security and Authentication solutionIot security and Authentication solution
Iot security and Authentication solutionPradeep Jeswani
 
Threshold cryptography
Threshold cryptographyThreshold cryptography
Threshold cryptographyMohibullah Saail
 
Network security cryptography ppt
Network security cryptography pptNetwork security cryptography ppt
Network security cryptography pptThushara92
 

Recommended

Mobile Security
Mobile SecurityMobile Security
Mobile SecurityMarketingArrowECS_CZ
 
seminar on invisible eye
seminar on invisible eyeseminar on invisible eye
seminar on invisible eyeVashishth Narayan Kumar
 
Hash function
Hash function Hash function
Hash function Salman Memon
 
Seminar ppt fog comp
Seminar ppt fog compSeminar ppt fog comp
Seminar ppt fog compMahantesh Hiremath
 
Mobile security
Mobile securityMobile security
Mobile securitydilipdubey5
 
Iot security and Authentication solution
Iot security and Authentication solutionIot security and Authentication solution
Iot security and Authentication solutionPradeep Jeswani
 
Threshold cryptography
Threshold cryptographyThreshold cryptography
Threshold cryptographyMohibullah Saail
 
Network security cryptography ppt
Network security cryptography pptNetwork security cryptography ppt
Network security cryptography pptThushara92
 
Software security
Software securitySoftware security
Software securityRoman Oliynykov
 
Message authentication
Message authenticationMessage authentication
Message authenticationCAS
 
Safety app for woman
Safety app for womanSafety app for woman
Safety app for womanSMNajrulHowlader
 
Key management
Key managementKey management
Key managementSujata Regoti
 
Security services
Security servicesSecurity services
Security servicesGayan Geethanjana
 
Cryptography full report
Cryptography full reportCryptography full report
Cryptography full reportharpoo123143
 
Cryptographic algorithms
Cryptographic algorithmsCryptographic algorithms
Cryptographic algorithmsAnamika Singh
 
bluejacking.ppt
bluejacking.pptbluejacking.ppt
bluejacking.pptAeman Khan
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and SpywaresAnkit Mistry
 
Smart card
Smart cardSmart card
Smart cardSantosh Khadsare
 
Hash Function
Hash Function Hash Function
Hash Function ssuserdfb2da
 
Cryptographic hash function md5
Cryptographic hash function md5Cryptographic hash function md5
Cryptographic hash function md5Khulna University, Khulna, Bangladesh
 
Keyloggers
KeyloggersKeyloggers
Keyloggerskdore
 
PPT steganography
PPT steganographyPPT steganography
PPT steganographyparvez Sharaf
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Dr. Kapil Gupta
 
One time pad Encryption:
One time pad Encryption:One time pad Encryption:
One time pad Encryption:Asad Ali
 
Security and Authentication of Internet of Things (IoT) Devices
Security and Authentication of Internet of Things (IoT) DevicesSecurity and Authentication of Internet of Things (IoT) Devices
Security and Authentication of Internet of Things (IoT) DevicesSanjayKumarYadav58
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learningSecurity Bootcamp
 
Network security ppt
Network security pptNetwork security ppt
Network security pptOECLIB Odisha Electronics Control Library
 
Steganography(Presentation)
Steganography(Presentation)Steganography(Presentation)
Steganography(Presentation)Firdous Ahmad Khan
 
Bluetooth network-security-seminar-report
Bluetooth network-security-seminar-reportBluetooth network-security-seminar-report
Bluetooth network-security-seminar-reportROHIT SAGAR
 
Tao doc_acid
Tao doc_acidTao doc_acid
Tao doc_aciddocacid
 

More Related Content

What's hot

Message authentication
Message authenticationMessage authentication
Message authenticationCAS
 
Cryptography full report
Cryptography full reportCryptography full report
Cryptography full reportharpoo123143
 
Cryptographic algorithms
Cryptographic algorithmsCryptographic algorithms
Cryptographic algorithmsAnamika Singh
 
bluejacking.ppt
bluejacking.pptbluejacking.ppt
bluejacking.pptAeman Khan
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and SpywaresAnkit Mistry
 
Keyloggers
KeyloggersKeyloggers
Keyloggerskdore
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Dr. Kapil Gupta
 
One time pad Encryption:
One time pad Encryption:One time pad Encryption:
One time pad Encryption:Asad Ali
 
Security and Authentication of Internet of Things (IoT) Devices
Security and Authentication of Internet of Things (IoT) DevicesSecurity and Authentication of Internet of Things (IoT) Devices
Security and Authentication of Internet of Things (IoT) DevicesSanjayKumarYadav58
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learningSecurity Bootcamp
 

What's hot (20)

Software security
Software securitySoftware security
Software security
 
Message authentication
Message authenticationMessage authentication
Message authentication
 
Safety app for woman
Safety app for womanSafety app for woman
Safety app for woman
 
Key management
Key managementKey management
Key management
 
Security services
Security servicesSecurity services
Security services
 
Cryptography full report
Cryptography full reportCryptography full report
Cryptography full report
 
Cryptographic algorithms
Cryptographic algorithmsCryptographic algorithms
Cryptographic algorithms
 
bluejacking.ppt
bluejacking.pptbluejacking.ppt
bluejacking.ppt
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and Spywares
 
Smart card
Smart cardSmart card
Smart card
 
Hash Function
Hash Function Hash Function
Hash Function
 
Cryptographic hash function md5
Cryptographic hash function md5Cryptographic hash function md5
Cryptographic hash function md5
 
Keyloggers
KeyloggersKeyloggers
Keyloggers
 
PPT steganography
PPT steganographyPPT steganography
PPT steganography
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security
 
One time pad Encryption:
One time pad Encryption:One time pad Encryption:
One time pad Encryption:
 
Security and Authentication of Internet of Things (IoT) Devices
Security and Authentication of Internet of Things (IoT) DevicesSecurity and Authentication of Internet of Things (IoT) Devices
Security and Authentication of Internet of Things (IoT) Devices
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learning
 
Network security ppt
Network security pptNetwork security ppt
Network security ppt
 
Steganography(Presentation)
Steganography(Presentation)Steganography(Presentation)
Steganography(Presentation)
 

Similar to Device Hacking

Bluetooth network-security-seminar-report
Bluetooth network-security-seminar-reportBluetooth network-security-seminar-report
Bluetooth network-security-seminar-reportROHIT SAGAR
 
Tao doc_acid
Tao doc_acidTao doc_acid
Tao doc_aciddocacid
 
beware of Thing Bot
beware of Thing Botbeware of Thing Bot
beware of Thing BotBellaj Badr
 
Security threats analysis in bluetooth enabled mobile devices
Security threats analysis in bluetooth enabled mobile devicesSecurity threats analysis in bluetooth enabled mobile devices
Security threats analysis in bluetooth enabled mobile devicesIJNSA Journal
 
seminar Final ppt-format-1.pptx
seminar Final ppt-format-1.pptxseminar Final ppt-format-1.pptx
seminar Final ppt-format-1.pptxDarkDevil251247
 
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...IJCSIS Research Publications
 
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?acijjournal
 
ISSC456_Final_J_Intindolo
ISSC456_Final_J_IntindoloISSC456_Final_J_Intindolo
ISSC456_Final_J_IntindoloJohn Intindolo
 
Pocket virus threat
Pocket virus threatPocket virus threat
Pocket virus threatAli J
 
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI IJNSA Journal
 
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FIIMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FIIJNSA Journal
 
IEEE Wireless Communications • December 2018 531536-128418$2.docx
IEEE Wireless Communications • December 2018 531536-128418$2.docxIEEE Wireless Communications • December 2018 531536-128418$2.docx
IEEE Wireless Communications • December 2018 531536-128418$2.docxsheronlewthwaite
 
AirHopper: Bridging the Air-Gap between Isolated Networks and Mobile Phones u...
AirHopper: Bridging the Air-Gap between Isolated Networks and Mobile Phones u...AirHopper: Bridging the Air-Gap between Isolated Networks and Mobile Phones u...
AirHopper: Bridging the Air-Gap between Isolated Networks and Mobile Phones u...mordechaiguri
 
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docxIoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docxmariuse18nolet
 
A Literature Survey on Security Management Policies used in Wireless Domain
A Literature Survey on Security Management Policies used in Wireless DomainA Literature Survey on Security Management Policies used in Wireless Domain
A Literature Survey on Security Management Policies used in Wireless Domainijtsrd
 

Similar to Device Hacking (20)

Bluetooth network-security-seminar-report
Bluetooth network-security-seminar-reportBluetooth network-security-seminar-report
Bluetooth network-security-seminar-report
 
Tao doc_acid
Tao doc_acidTao doc_acid
Tao doc_acid
 
beware of Thing Bot
beware of Thing Botbeware of Thing Bot
beware of Thing Bot
 
Security threats analysis in bluetooth enabled mobile devices
Security threats analysis in bluetooth enabled mobile devicesSecurity threats analysis in bluetooth enabled mobile devices
Security threats analysis in bluetooth enabled mobile devices
 
seminar Final ppt-format-1.pptx
seminar Final ppt-format-1.pptxseminar Final ppt-format-1.pptx
seminar Final ppt-format-1.pptx
 
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
 
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
 
ISSC456_Final_J_Intindolo
ISSC456_Final_J_IntindoloISSC456_Final_J_Intindolo
ISSC456_Final_J_Intindolo
 
Blue jacking
Blue jackingBlue jacking
Blue jacking
 
Pocket virus threat
Pocket virus threatPocket virus threat
Pocket virus threat
 
Security News bytes October 2013
Security News bytes October 2013Security News bytes October 2013
Security News bytes October 2013
 
CS_UNIT 2(P3).pptx
CS_UNIT 2(P3).pptxCS_UNIT 2(P3).pptx
CS_UNIT 2(P3).pptx
 
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
 
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FIIMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
 
Iot(security)
Iot(security)Iot(security)
Iot(security)
 
IEEE Wireless Communications • December 2018 531536-128418$2.docx
IEEE Wireless Communications • December 2018 531536-128418$2.docxIEEE Wireless Communications • December 2018 531536-128418$2.docx
IEEE Wireless Communications • December 2018 531536-128418$2.docx
 
AirHopper: Bridging the Air-Gap between Isolated Networks and Mobile Phones u...
AirHopper: Bridging the Air-Gap between Isolated Networks and Mobile Phones u...AirHopper: Bridging the Air-Gap between Isolated Networks and Mobile Phones u...
AirHopper: Bridging the Air-Gap between Isolated Networks and Mobile Phones u...
 
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docxIoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
 
Internet in news
Internet in newsInternet in news
Internet in news
 
A Literature Survey on Security Management Policies used in Wireless Domain
A Literature Survey on Security Management Policies used in Wireless DomainA Literature Survey on Security Management Policies used in Wireless Domain
A Literature Survey on Security Management Policies used in Wireless Domain
 

More from Damian T. Gordon

Universal Design for Learning, Co-Designing with Students.
Universal Design for Learning, Co-Designing with Students.Universal Design for Learning, Co-Designing with Students.
Universal Design for Learning, Co-Designing with Students.Damian T. Gordon
 
Introduction to Microservices
Introduction to MicroservicesIntroduction to Microservices
Introduction to MicroservicesDamian T. Gordon
 
Introduction to Cloud Computing
Introduction to Cloud ComputingIntroduction to Cloud Computing
Introduction to Cloud ComputingDamian T. Gordon
 
Evaluating Teaching: SECTIONS
Evaluating Teaching: SECTIONSEvaluating Teaching: SECTIONS
Evaluating Teaching: SECTIONSDamian T. Gordon
 
Evaluating Teaching: MERLOT
Evaluating Teaching: MERLOTEvaluating Teaching: MERLOT
Evaluating Teaching: MERLOTDamian T. Gordon
 
Evaluating Teaching: Anstey and Watson Rubric
Evaluating Teaching: Anstey and Watson RubricEvaluating Teaching: Anstey and Watson Rubric
Evaluating Teaching: Anstey and Watson RubricDamian T. Gordon
 
Designing Teaching: Pause Procedure
Designing Teaching: Pause ProcedureDesigning Teaching: Pause Procedure
Designing Teaching: Pause ProcedureDamian T. Gordon
 
Designing Teaching: ASSURE
Designing Teaching: ASSUREDesigning Teaching: ASSURE
Designing Teaching: ASSUREDamian T. Gordon
 
Designing Teaching: Laurilliard's Learning Types
Designing Teaching: Laurilliard's Learning TypesDesigning Teaching: Laurilliard's Learning Types
Designing Teaching: Laurilliard's Learning TypesDamian T. Gordon
 
Designing Teaching: Gagne's Nine Events of Instruction
Designing Teaching: Gagne's Nine Events of InstructionDesigning Teaching: Gagne's Nine Events of Instruction
Designing Teaching: Gagne's Nine Events of InstructionDamian T. Gordon
 
Designing Teaching: Elaboration Theory
Designing Teaching: Elaboration TheoryDesigning Teaching: Elaboration Theory
Designing Teaching: Elaboration TheoryDamian T. Gordon
 
Universally Designed Learning Spaces: Some Considerations
Universally Designed Learning Spaces: Some ConsiderationsUniversally Designed Learning Spaces: Some Considerations
Universally Designed Learning Spaces: Some ConsiderationsDamian T. Gordon
 

More from Damian T. Gordon (20)

Universal Design for Learning, Co-Designing with Students.
Universal Design for Learning, Co-Designing with Students.Universal Design for Learning, Co-Designing with Students.
Universal Design for Learning, Co-Designing with Students.
 
Introduction to Microservices
Introduction to MicroservicesIntroduction to Microservices
Introduction to Microservices
 
REST and RESTful Services
REST and RESTful ServicesREST and RESTful Services
REST and RESTful Services
 
Serverless Computing
Serverless ComputingServerless Computing
Serverless Computing
 
Cloud Identity Management
Cloud Identity ManagementCloud Identity Management
Cloud Identity Management
 
Containers and Docker
Containers and DockerContainers and Docker
Containers and Docker
 
Introduction to Cloud Computing
Introduction to Cloud ComputingIntroduction to Cloud Computing
Introduction to Cloud Computing
 
Introduction to ChatGPT
Introduction to ChatGPTIntroduction to ChatGPT
Introduction to ChatGPT
 
How to Argue Logically
How to Argue LogicallyHow to Argue Logically
How to Argue Logically
 
Evaluating Teaching: SECTIONS
Evaluating Teaching: SECTIONSEvaluating Teaching: SECTIONS
Evaluating Teaching: SECTIONS
 
Evaluating Teaching: MERLOT
Evaluating Teaching: MERLOTEvaluating Teaching: MERLOT
Evaluating Teaching: MERLOT
 
Evaluating Teaching: Anstey and Watson Rubric
Evaluating Teaching: Anstey and Watson RubricEvaluating Teaching: Anstey and Watson Rubric
Evaluating Teaching: Anstey and Watson Rubric
 
Evaluating Teaching: LORI
Evaluating Teaching: LORIEvaluating Teaching: LORI
Evaluating Teaching: LORI
 
Designing Teaching: Pause Procedure
Designing Teaching: Pause ProcedureDesigning Teaching: Pause Procedure
Designing Teaching: Pause Procedure
 
Designing Teaching: ADDIE
Designing Teaching: ADDIEDesigning Teaching: ADDIE
Designing Teaching: ADDIE
 
Designing Teaching: ASSURE
Designing Teaching: ASSUREDesigning Teaching: ASSURE
Designing Teaching: ASSURE
 
Designing Teaching: Laurilliard's Learning Types
Designing Teaching: Laurilliard's Learning TypesDesigning Teaching: Laurilliard's Learning Types
Designing Teaching: Laurilliard's Learning Types
 
Designing Teaching: Gagne's Nine Events of Instruction
Designing Teaching: Gagne's Nine Events of InstructionDesigning Teaching: Gagne's Nine Events of Instruction
Designing Teaching: Gagne's Nine Events of Instruction
 
Designing Teaching: Elaboration Theory
Designing Teaching: Elaboration TheoryDesigning Teaching: Elaboration Theory
Designing Teaching: Elaboration Theory
 
Universally Designed Learning Spaces: Some Considerations
Universally Designed Learning Spaces: Some ConsiderationsUniversally Designed Learning Spaces: Some Considerations
Universally Designed Learning Spaces: Some Considerations
 

Recently uploaded

Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesCeline George
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxheathfieldcps1
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPoojaSen20
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxRamakrishna Reddy Bijjam
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxnegromaestrong
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...Poonam Aher Patil
 
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-IIFood Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-IIShubhangi Sonawane
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibitjbellavia9
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 

Recently uploaded (20)

Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docx
 
Asian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptxAsian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptx
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-IIFood Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 

Device Hacking

  • 2.  Although it is difficult to exploit hardware, there is a lot of interest in device hacking as it gives so much more control over devices.  As the security of software becomes more robust, attackers are looking in other areas to control systems, and hardware and firmware are the new targets.
  • 3.
  • 4.  Newer smartphones and laptops use a USB port for charging (USB-C port).  The EU would like a common charger for all devices, and think USB-C is the way to go:
  • 5.  The problem is that the port can take data and instructions as well as power, therefore, if I create a fake charging station, I can steal all the data off a phone, install malware, or do anything else I want with the phone.  So experts have identified 29 different types of USB attacks, and recommend never to use public chargers.
  • 6.  Ran Yahalom of Ben-Gurion University showed the following kinds of USB attacks: ◦ Installation of infections, or other malicious software, that once connected, have access and take control of your computer or phone. ◦ Microcontrollers attacks, Microcontrollers (like an Arduino) can impersonate a USB peripheral and act like a keyboard or a mouse. Once you connect, it starts injecting key presses. ◦ Electrical attacks, creating an electrical component that looks like a flash drive, but conducts a power surge attack once connected, and, fry the entire computer or phone.
  • 7.  There are also some commercial USB hacking devices: ◦ USBdriveby ◦ KeySweeper ◦ BadUSB
  • 8.  USBdriveby: This USB stick is easily identified by the chain attached to it and contains a particularly nasty surprise inside. Once plugged into a PC, it begins to imitate your keyboard and uses keystrokes to disable firewalls, opens backdoors to allow remote control and tells network monitoring apps that everything is okay.
  • 9.  KeySweeper: Disguised as a USB wall charger, the KeySweeper hack is a very well concealed device which uses wireless connections to identify and spy on local Microsoft wireless keyboards. And, by monitoring keystrokes, KeySweeper can quickly obtain login details and transmit these back to a remote location.
  • 10.  BadUSB: A USB stick hack, BadUSB impersonates your keyboard to allow itself to reprogram firmware associated with your existing USB devices e.g. network cards can be reprogrammed to send users to sites containing malicious software which can soon infect your entire network.
  • 11.  Bluetooth is a wireless technology standard for exchanging data between fixed and mobile devices over short distances.  It used short-wavelength UHF radio waves in the industrial, scientific and medical radio bands, from 2.400 to 2.485 GHz.  Bluetooth is managed by the Bluetooth Special Interest Group (SIG),
  • 12.  BlueBorne is a generic term for several security vulnerabilities affecting electronic devices involving various Bluetooth implementations in Android, iOS, Linux and Windows.  BlueBorne scans for devices with Bluetooth enabled and once it finds them, can gain access in about 10 seconds. Once compromised, the device expands the reach of the attack, boosting the signal for the hacker and eliminating the need for the attack source to be within Bluetooth range of potential targets.
  • 13.  WiFi Spoofing  A spoofing attack is one where a program successfully masquerades another by falsifying credentials.  So if you login to a public WiFi regularly, e.g. Starbucks, then if a hacker sets up a WiFi spot called Starbucks, your computer/phone may automatically connect. The hacker will be connected to your computer/phone.
  • 14.  In 2017 Google’s Project Zero security team demonstrated a flaw in a very common wireless chip by the Broadcom (used in phones by Apple, Samsung and others) that leaves millions of mobile phones and other devices vulnerable to simple hacking by way of wireless networks.  One of the discovered holes was a “stack buffer overflow” hole that would allow an attacker to “execute arbitrary code on the WiFi Chip.  It has been mostly fixed, but there may be others.
  • 15.  One extremely worrying area is medical device hacking; where hackers target devices like insulin pumps, pacemakers and heart implants.  New Zeland computer security expert Barnaby Jack showed vulnerabilities in each of these.
  • 16.  Born: 22nd November 1977  Died: 25th July 2013  Born in Auckland, New Zealand  A New Zealand hacker, programmer and computer security expert.  Demonstrated how to hack ATMs (his technique was called “Jackpotting”.  He also show how to hack various medical devices  In 2012 his testimony led the United States Food And Drug Administration to change regulations regarding wireless medical devices.
  • 17.  Hacking insulin pumps  In October 2011 Jack demonstrated the wireless hacking of insulin pumps. Interfacing with the pumps with a high- gain antenna, he obtained complete control of the pumps without any prior knowledge of their serial numbers, up to being able to cause the demonstration pump to repeatedly deliver its maximum dose of 25 units until its entire reservoir of 300 units was depleted, amounting to many times a lethal dose if delivered to a typical patient.
  • 18.  Hacking pacemakers and heart implants.  In 2012-2013 Jack demonstrated the wireless hacking of pacemakers and heart implants.  He developed software that allowed him to remotely send an electric shock to anyone wearing a pacemaker within a 50-foot radius.  He also developed software to control of heart implants.
  • 19.  The risk to medical devices grows as more and more become part of the internet of things (IoT), in which physical devices are embedded with technology to make them wirelessly accessible.  According to a report from the US Department of Health and Human Services' Office of the Inspector General, the US Food and Drug Administration is not doing enough to prevent medical devices being hacked (November 1, 2018).
  • 20.  Medical device company Abbott announced a voluntary recall of 465,000 pacemakers in 2017 due to a possible hacking threat. The FDA said the devices contained vulnerabilities that could allow access to a patient’s device using commercially available equipment. This access could be used to modify programming commands to the implanted pacemaker, which could result in patient harm from rapid battery depletion or administration of inappropriate pacing.