risks

Safeguarding the Future: My IoT Security Lecture at Lund University

/ bugejajoseph / Leave a comment

Last Thursday, I had the honor of delivering an online lecture at Lund University, focusing on IoT security. The lecture addressed the core threats targeting IoT systems and the essential security measures to protect these devices from potential harm. In an increasingly interconnected world, the critical role of IoT security cannot be overstated.

As we continue to witness the exponential growth of IoT devices, it is crucial to prioritize security measures. The potential consequences of a security breach can be catastrophic, and we must remain vigilant in safeguarding our digital assets.

It is always a pleasure to share my expertise and insights on cybersecurity and IoT to guide the next-generation. I appreciate the opportunity and eagerly await what the future has in store.

Exploring the Interdependencies between AI and Cybersecurity

/ bugejajoseph / Leave a comment
Photo by Pixabay on Pexels.com

With the increasing prevalence of AI technology in our lives, it is important to understand the relationship between AI and cybersecurity. This relationship is complex, with a range of interdependencies between AI and cybersecurity. From the cybersecurity of AI systems to the use of AI in bolstering cyber defenses, and even the malicious use of AI, there are a number of different dimensions to explore.

  • Protecting AI Systems from Cyber Threats: As AI is increasingly used in a variety of applications, the security of the AI technology and its systems is paramount. This includes the implementation of measures such as data encryption, authentication protocols, and access control to ensure the safety and integrity of AI systems.
  • Using AI to Support Cybersecurity: AI-based technologies are being used to detect cyber threats and anomalies that may not be detected by traditional security tools. AI-powered security tools are being developed to analyze data and detect malicious activities, such as malware and phishing attacks.
  • AI-Facilitated Cybercrime: AI-powered tools can be used in malicious ways, from deepfakes used to spread misinformation to botnets used to launch DDoS attacks. The potential for malicious use of AI is a major concern for cybersecurity professionals.

In conclusion, AI and cybersecurity have a multi-dimensional relationship with a number of interdependencies. AI is being used to bolster cybersecurity, while at the same time it is being used for malicious activities. Cybersecurity professionals must be aware of the potential for malicious use of AI and ensure that the security of AI systems is maintained.

Security Engineering and Machine Learning

/ bugejajoseph / Leave a comment

This week I attended the 36th IFIP TC-11 International Information Security and Privacy Conference. The conference was organized by the Department of Informatics at the University of Oslo. During the first day of the conference, there was a keynote on Security Engineering by the celebrated security expert Prof. Dr. Ross Anderson.

He discussed the topic involving the interaction between security engineering and machine learning. He warned us about the things that can go wrong with machine learning systems, including some new attacks and defenses, such as the Taboo Trap, data ordering attacks, sponge attacks, and more.

Outline of Ross Anderson’s keynote (IFIP TC-11).

I especially enjoyed the part of his talk where he mentions the human to machine learning interaction. Coincidentally, this is a topic that I am researching. He discusses cases when robots incorporating machine learning components start mixing with humans, and then some tension and conflict, e.g., robots trying to deceive and bully humans, arises. This is a scenario that we should expect to see more in the future.

I highly recommend you to consider purchasing his brilliant book titled: “Security Engineering: A Guide to Building Dependable Distributed Systems”. This book is filled with actionable advice and latest research on how to design, implement, and test systems to withstand attacks. Certainly, this book has an extremely broad coverage of security in general and absolutely worth the purchase!

That is a Wrap On Computing 2020

/ bugejajoseph / Leave a comment

As a follow-up to my previous blog post, I can say that it was an honor to participate yesterday and on Thursday at the Computing Conference 2020.  It was very well organized, professionally executed, and fun!

There was a wide range of presenters coming from different research areas covering computing, AI, security, IoT, and much more. It was also cool to have a Mindfulness and Yoga general session at the conference. This was something unique!

Here, is a screenshot of my presentation with feedback received. Also, I got private messages for collaboration work and I truly appreciate those!

My Presentation

My presentation with feedback received.

Once again thanks for the thumbs up and already looking forward to next year’s edition!

Talking about DoS Attacks at the Computing Conference

/ bugejajoseph / Leave a comment

On Friday, 17 July 2020, I will be talking at the Computing Conference 2020. This conference going was going to be held in London but due to the COVID-19 pandemic, it is now going to be held fully online. I am especially excited to listen to the keynote of Vinton G. Cerf. He is widely known as a “father of the Internet”. Cerf is also the vice president and Chief Internet Evangelist for Google.  During the conference, I will be talking about Denial of Service (DoS) attacks and how commercial devices are prone to severe forms of this attack.

DoS is a widely used attack vector by various malicious threat agents from hackers to nation-states. Its consequences range from a nuisance to loss of revenues to even loss of life. Think about for instance the effects of disabling medical devices such as pacemakers, drones and weapon systems, connected alarm systems, and so on. In the case of smart homes, DoS may be the first attack to remove a component from a network to exploit a vulnerability.  In our study, we found devices manufactured by established commercial players prone especially to HTTP GET DoS attacks. This can result in the complete shutdown of the device, possibly remotely, by using a simple exploit with code available over the Internet.

DoS attacks targeting the smart connected home.

Take a look at the conference agenda and have a read of my conference paper. I will be uploading my presentation slides after the conference is held under my Presentations tab.

Feel free to drop me a message or get in touch if you want to know more about this topic or in case you are interested in information security.

The Current State of IoT Security and a Glimpse Into The Future

/ bugejajoseph / Leave a comment

On Tuesday 10th March, I  was invited to give a guest lecture about IoT security in Blekinge Tekniska Högskola (BTH) in Karlskrona, Sweden. Karlskrona is approximately 3 hours away from Malmö.

During my lecture, I gave realistic examples of attacks that targeted IoT systems. For instance, attacks targeting consumer drones, electric cars, and IP cameras. I also discussed the technical, procedural, and human challenges involved in securing IoT and some safeguards.

Blekinge Tekniska Högskola.

In the future, I will work to automate IoT security.  Similar to smart devices acting autonomously to perceive and act on their environment, IoT security should evolve towards greater autonomy in detecting threats and reacting to attacks. This evolution relates to the autoimmunity of smart devices allowing for the prevention and containment of attacks in hostile environments.

You can access a condensed version of my lecture here.

 

Weak risk awareness of our connected homes

/ bugejajoseph / Leave a comment

Traditionally, only a handful of household devices were connected to the Internet. Nowadays, we have everyday devices ranging from toasters, lightbulbs, TVs all connected to the Internet and with the possibly of being remotely controlled.  These devices often go by the name of Internet of Things or smart home devices. While these networked devices bring added convenience, efficiency, and peace of mind, they also bring unique perils to the smart home residents.

man-65049_1920.jpg

The more smart devices are connected to the home’s network, the more can go wrong. Malicious threat agents such as hackers can reprogram the devices to attack others, vendors can collect fine-grained information on your activities and behaviours, or your devices could become infected with malware possibly preventing you from entering your home or adjusting the temperature to your liking. Many of the manufacturers making these devices have shallow experience with information security and see security and privacy as a burden. As a result, many of the devices available in the market have little or no security backed into them. For example, some devices come with default passwords that are easily retrieved on the Internet, or they cannot be easily updated or reconfigured in a more secure or privacy-preserving way.

In August 2018, I was interviewed by Malmö University on a similar topic.  The interview was transcribed in Swedish but now you can read the full interview in English at the following link: http://iotap.mau.se/weak-risk-awareness-connected-homes/

My Licentiate Seminar

/ bugejajoseph / Leave a comment

On Monday, 03 September, I have my licentiate seminar at Malmö University.  On that day, I will give a presentation, where I will talk for about 40 minutes about the smart connected home ecosystem.

Here, I will emphasize the security and privacy risks such as an Internet of Things system bring to the smart home residents, threat agents interested in conducting attacks on the home,  challenges in implementing effective mitigations, and more.

This talk is essentially a summary highlighting key parts of my licentiate thesis (see picture of it below):

The full thesis is 192 pages long with a word count of about 48,000 words.

Take a look at my thesis and upcoming seminar by following the link: http://iotap.mah.se/smart-connected-homes-joseph-bugeja/

 

Risks to Consider Before Buying a Smart Home Device

/ bugejajoseph

People are increasingly buying voice-activated speakers (also called digital voice assistants or intelligent personal assistants) and other smart devices for added convenience, enhancing security, and also for entertainment purposes. But doing so blindly, without assessing risks involved with such technologies, can give intruders an accessible window into our homes and personal lives. Here are some risks that you may want to consider before purchasing a smart device for your house:

Listening In: Many new devices are being manufactured with built-in microphones. New generation devices falling in this category include for instance smart speaker systems such as Amazon Echo and Google Home,  and as well smart TVs, TV streaming devices, and Internet-connected toys. Many of these devices are constantly listening in for your commands and when they receive them they connect to corporate servers (can be located anywhere in the world) to satisfy your request.  What if you are having private conversations at home? Are these getting sent to the Internet without your awareness? Indeed, some devices just do that (yes, you may have unknowingly already accepted the vendor’s privacy policy or terms-of-use if that exists!). What can you do then? Well, devices typically have a mute function that disables the device microphone(s). But the question remains, can we actually verify what the manufacturer promises? Further to that, if data is sent over the Internet can it really be removed? I highly doubt that.

Watching You: Cloud security cameras let you check in on your pets, children, and your home status, when you are away, typically through your smartphone, tablet, and other handheld computing devices. Some devices routinely send video footage to online storage automatically while others do so when triggered, example by a motion sensor (typically signalling that an intruder or an unauthorized visitor is nearby). Reputable brands are likely to take security seriously, but no system is bulletproof. If you want to stay extra vigilant then you might want to turn the camera to face the wall or just unplug it altogether when you do not intend to use it. However, this is not a viable solution for many. Thus, my suggestion is that you should carefully inspect the device technical specification and assess whether the company is taking security and privacy seriously!

Digital Trails: Smart locks let you unlock doors from anywhere with an application installed on your digital devices. With this, you can let in guests even when you are away or when you have your hands full with other things (yes you can also connect your smart lock with a digital voice assistant). Similarly, landlords can automatically disable your digital key when you move out, and parents can keep an attentive eye on the time their beloved teens are coming back home. At the same time, intruders might try to hack the system not only forcibly with hardware tools but also through software hacking tools. Smart locks also pose a risk to privacy as usage of such keys leaves a digital trail. This trail can also be used in forensic investigation. This is an added attack surface that these digital devices bring into our lives, into our homes.

In this article, we scratched the surface of risks brought forth by smart devices. If you want to learn more about risks when purchasing smart home devices and as well about the different types of intruders spying on your home take a look at my paper.