Over the past week, while the concerns have been mounting over cyber attacks initiated from Russia against Ukraine, government, business and investors across the world are shifting to the larger focus of cyber security and information privacy.

If evidences of the cyber security as a solid concern were to be requested from real world, the FBI, and Cybersecurity and Infrastructure Security Agency as well, alerted the U.S. companies over the weekend of the danger of potential ransomware hits, which hold hostage of data internal to an organization until payment – the ransom – is paid to the hacker. As such, the security breach of data cast the cyber security and privacy of users in question.

As covered on the media, ransomware gangs and extortionists have breached 52 US critical infrastructure organizations, including those belong to energy, financial services, government, critical manufacturing, and information technology sectors. Cyber attacks, especially taking the form of ransomware attack, target companies and cause damages including:

• Financial costs

A few cases and facts in focus to spot the damage caused by ransomware attack are provided. Cyber attacks come with a price to pay, and frequently a huge one. As of 2021, companies were cost of up to $4.24 million by cyber attacks on average, which registered an increase of around 10 percent compared to that in 2020 since IBM publishing the data.

• Leakage of company data/privacy

Last week, NVDIA Corp. experienced an ransomware attack and found its company data stolen in the cyber attack. Following the ransomware operation initiated by LAPSUS$, employee passwords, credentials and other information proprietary to NVDIA online were leaked, and the extortionists threatened the company to remove its Lite Hash Rate technology from its graphics cards. Unless the ‘ransom’ was paid through the company’s compliance, NVDIA would be further threatened to more data leakage.

Just a few days after the data leakage at the global leading chipmaker NVDIA, the ransomware gang LAPSUS$ was claiming in high profile to have Samsung Electronics as its another victim, and the time has come to release the data stolen from the global consumer electronics giant.

• Supply chain disruption and reputation damage

The damage that ransomware attacks cause on companies extends beyond technical to reputational and business level. As with the case of Samsung Electronics, loss of consumer confidence and supply chain disruptions are anticipated as LAPSUS$ announced with pride on its Telegram channel to have a taste of biometric authentication information and source code of Samsung and its supplier, Qualcomm.

Cyber Security Risks and Ransomware Here to Stay

Even for large, state-of-the-art tech firms such as Samsung is no easy escape of a target of such ransomware hit. The interest in writing this blog is to inform the persisting challenge of this cyber security concern, in terms of the costs caused and large scale of impact involving multiple stakeholders. In the most recent cases of NVIDIA and Samsung, they alert us the vulnerabilities of data-focused security.

References

Vumetric Cyber Portal. (2022, March 7). FBI: Ransomware gang breached 52 US critical infrastructure orgs. Retrieved from https://cyber.vumetric.com/security-news/2022/03/07/fbi-ransomware-gang-breached-52-us-critical-infrastructure-orgs/

Bracken, B. (2022, March 7). The move comes just a week after GPU-maker NVIDIA was hit by Lapsus$ and every employee credential was leaked. Threatpost. Retrieved from https://threatpost.com/samsung-lapsus-ransomware-source-code/178791/

Hill, M. (2022, March 7). Extortion group teases 190GB of stolen data as Samsung confirms security breach. CSO. Retrieved from https://www.csoonline.com/article/3652335/extortion-group-teases-190gb-of-stolen-data-as-samsung-confirms-security-breach.html

Navillier, L. (2022, March 8). Why Cybersecurity Stocks Are Soaring. Investorplace. Retrieved from https://investorplace.com/2022/03/why-cybersecurity-stocks-are-soaring/

A deadly banking virus was just identified, spreading through an apparently innocent-looking Android app, and if you are not aware of it, you are most likely a prospective victim of losing your own money. By posing as an antivirus software, the threat actor behind a fledgling Android banking malware known as SharkBot was able to get past Google Play Store security restrictions recently [1]. Researchers from the NCC Group issued a report earlier this week that detailed how SharkBot operates and how it was able to circumvent Play Store security protections.

What is SharkBot?

SharkBot is a malicious piece of malware that targets Android devices. SharkBot, like its malware cousins TeaBot, FluBot, and Oscorp (UBEL), belongs to a class of financial trojans capable of syphoning passwords and initiating money transfers from infected computers by bypassing multi-factor authentication methods. Therefore, the primary purpose of SharkBot is to gather and abuse financial data by deceptively diverting and starting money transactions from users’ devices [2]. In November 2021, it initially appeared on the scene, found by the Cleafy Threat Intelligence Team.

How does it work?

SharkBot, like other Android-targeting harmful apps, takes control of a smartphone by exploiting the operating system’s Accessibility Services. These features are designed to help in reading and interacting with the device. SharkBot obtains this level of control over compromised devices since the Android Accessibility Services encompass reading the screen (including written data) and simulating/interacting with the touchscreen. If Android Accessibility Services are not enabled, this virus shows pop-up windows asking permission to utilise these services on a constant basis. It can resume operations after being granted permission.

The malicious programme works as a three-tier poison pill, with one layer impersonating antivirus and the second layer impersonating a scaled-down version of SharkBot, which finally upgrades by downloading the full-fledged malware. That’s when it starts robbing victims’ bank accounts via a number of methods [3]. SharkBot differs from TeaBot in that it can carry out unlawful transactions through Automatic Transfer Systems (ATS), as opposed to TeaBot, which requires a human operator to interact with infected devices in order to carry out harmful operations.

“The ATS features allow the malware to receive a list of events to be simulated, and they will be simulated in order to do the money transfers. Since these features can be used to simulate touches/clicks and button presses, it can be used to not only automatically transfer money but also install other malicious applications or components.”

Alberto Segura and Rolf Govers, malware analysts at cybersecurity firm NCC Group, said in a report published last week [4]. 

SharkBot’s hidden techniques to get what it needs

SharkBot may steal banking credentials from Android users using one of the following methods, the majority of which need victims to activate Accessibility Permissions & Services [5] :

• Injections (overlay attack): When SharkBot detects that the legitimate banking app has been used, it can steal credentials by displaying a WebView with a false log in URL (phishing).
• Keylogging: By monitoring accessibility events (such as text field updates and button clicks) and forwarding these logs to the command-and-control server, Sharkbot may steal passwords (C2).
• SMS intercept: Sharkbot is capable of intercepting and hiding SMS messages..
• Remote control/ATS: Sharkbot has the capacity to take complete control of an Android smartphone through remote control (via Accessibility Services)

Wait, what is the name of the app spreading SharkBot?

One of most viral apps named Antivirus-Super Cleaner is found to be carrying SharkBot inside its operations. The current version of SharkBot, which was discovered on the Google Play Store on February 28, includes a number of dropper applications that use Android’s Direct Reply capabilities to spread to other devices, making it the second banking trojan to intercept notifications for wormable assaults after FluBot. 

However, Antivirus, Super Cleaner is not the only app that spreads SharkBot as researchers found the following android apps that are highly suspicious of spreading SharkBot as well.

1. Antivirus, Super Cleaner (com.abbondioendrizzi.antivirus.supercleaner) – 1,000+ installs
2. Atom Clean-Booster, Antivirus (com.abbondioendrizzi.tools.supercleaner) – 500+ installs
3. Alpha Antivirus, Cleaner (com.pagnotto28.sellsourcecode.alpha) – 5,000+ installs, and
4. Powerful Cleaner, Antivirus (com.pagnotto28.sellsourcecode.supercleaner) – 50,000+ installs

How to protect yourself from installing this type of malware?

Well, if you are using an iOS device, you might have a slightly higher security built-in in the ecosystem. However, regardless of what OSs your device based on, you should always follow the recommendations below to be on the safe side. 

• Download from official and verified sources only.
• All programmes should be enabled and updated using genuine tools received from authorised sources.
• Emails that are suspicious or irrelevant should not be opened.
• Install and keep up-to-date an anti-virus programme.

References

[1] https://thehackernews.com/2022/03/sharkbot-banking-malware-spreading-via.html

[2] https://www.pcrisk.com/removal-guides/22402-sharkbot-malware-android

[3] https://www.androidpolice.com/vicious-sharkbot-banking-trojan-discovered-in-play-store-antivirus-app/

[4] https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/

[5] https://securityaffairs.co/wordpress/128765/malware/sharkbot-trojan-google-play.html

What is this:

Samy Kamkar – a security researcher has developed a method that enables him to open almost any garage door that uses an insecure “fixed code” system in seconds. The device he built called OpenSesame, using a new attack he’s discovered, to reduce the time needed to guess the code to open the garage.

It is built from a discontinued Mattel toy, called the IM-ME. The IM-ME is a defunct toy and Mattel no longer produces it, but if you are lucky, you can find it on Amazon or eBay with prices varying from $12 to $100.

How does this work:

The issue with fixed code is their limited keyspace. For example, a common garage uses an 8-12 bit code. They are binary and since the password that opens the garage is fixed, there are only 256 to 4096 possible combinations. We can see even the 2-character password is more secure than the 12-bit binary dip switches.

Kamkar starts with a normal brute-force attack, and it took around 29 minutes. He says that normally a single click sends the same code 5 times. It takes 2ms to send each bit and also a 2ms wait period per bit after the entire code is sent. That is why to break the 12-bit code, we have to send a total of 98304 bits to produce every 12-bit code and wait period. This is not bad, but he felt that there was a need to reduce the time.

First, he stops retransmitting each code. This of course significantly reduces the amount of time by 5 times.  This is a great improvement, however, reducing the time can even be more effective if we can eliminate the waiting period between sent codes. In order to achieve that, the number of codes we send must be as few as possible. In the best scenario, we could send just only one code.

He realizes that the “fixed code” garage uses a bit shift register to decode the received codes if it works or not. This is actually a weak link of the system since this makes the method above possible. By using a bit shift register method, when encountering an incorrect code, instead of clearing it, the garage will just shift out one bit and pull in one bit of the next code transmitted. Let’s say our garage password is 1010 which is a 4-bit code. If we send a code “11010”, the garage will first test 1101 (incorrect). Then, it removes the first bit and pulls the next one bit which becomes 1010 (correct). That means, instead of sending 12 bits (to test two 4-bits codes and a 4-bits wait period), we just need to send 5 bits. Kamkar uses an algorithm called the De Bruijn sequence. The method produces a single code that uses as few bits as possible and includes every possible combination of (in this case) 12-bits code. By using this method, he calculates that a total of bits to send are 4107 bits, only around 4 percents compare to the normal method (98304 bits).

How to prevent it:

If one owns a house that is built in 1995 and before, they will most likely have a fixed code garage door opener and face a high risk of security.

Basically, this method only works with garages that use fixed code. To prevent this type of attack or any traditional brute-forcing attack, Kamkar suggests an upgrade to a system that uses rolling codes, hopping codes, etc… 

References:

https://samy.pl/opensesame/

https://hackaday.com/2015/06/08/hacking-the-im-me-to-open-garages/

https://www.wired.com/2015/06/hacked-kids-toy-opens-garage-doors-seconds/

On Monday, it was confirmed by Samsung that they had a data breach that exposed internal company data relating to the company’s line of Smartphones, Galaxy.

The incident was first reported at the end of last week, when data extortion group Lapsus$ leaked nearly 190GBs of data that they claimed were stolen from Samsung Electronics. The same group was also responsible for another data breach at Nvidia last month, when 71,000 employee credentials were stolen with some of them being leaked online, after Nvidia refused to meet the groups demands. Those demands being to open-source their GPU drivers and to remove the Ethereum mining cap on their GPUs.

The group first posted a snapshot of C/C++ directives in Samsung software as a teaser for its followers.

Shortly after, they released a description of the upcoming leak, which included source code for trusted applets installed within TrustZone (which is used for sensitive operations like access control), algorithms for biometric authentication, bootloaders for recent devices, and even confidential data from Samsung’s chip supplier, Qualcomm. The data was later made available in a torrent, with more than 400 peers sharing the content. The group even said that they would deploy more servers to further increase the download speed.

Access to source code can help malicious parties find security vulnerabilities, which potentially opening affected devices or systems to exploitation.

A spokesperson for Samsung stated that the security breach was related to some internal company data but said no personal data belonging to customers or employees were included.

“According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees,” Samsung said. “Currently, we do not anticipate any impact to our business or customers. We have implemented measures to prevent further such incidents and will continue to serve our customers without disruption.”

When asked to comment, Qualcomm stated that they are working with Samsung to understand the scope of the incident, and confirm what Qualcomm data was stolen. They also stated they they do not believe that any of their systems or security has been impacted.

Casey Bisson, head of product and developer relations at BluBracket, told threatpost via email that “If Samsung’s keys were leaked, it could compromise the TrustZone environment on Samsung devices that stores especially sensitive data, like biometrics, some passwords and other details,” and also adding that “If Samsung has lost control of the signing keys, it could make it impossible for Samsung to securely update phones to prevent attacks on the TrustZone environment.”

Unlike their previous data breach with Nvidia, it is unclear whether the group made any demands to Samsung before releasing the data, as Samsung did not mention if the group made any ransoms.

In conclusion, Samsung has stated that there has been no impact to its business or its customers caused by the data breach, but the contents of the leaked data has serious implications on the security of Samsung Galaxy devices in the future.

REFERENCES

https://thehackernews.com/2022/03/samsung-confirms-data-breach-after.html

https://www.bleepingcomputer.com/news/security/hackers-leak-190gb-of-alleged-samsung-data-source-code/

https://www.bleepingcomputer.com/news/security/hackers-leak-190gb-of-alleged-samsung-data-source-code/

Samsung Confirms Lapsus$ Ransomware Hit, Source Code Leak

Alexa might not need your voice command to play Despacito anymore! A new vulnerability, that can be exploited in the Amazon Echo has been found by researchers at the University of London and University of Milan (this will also be referred to as Esposito et al. in the future).

The Amazon Echo, similar to the Google Home, is a smart speaker. It operates through voice commands, and is able to do a plethora of tasks, including controlling household “smart” appliances, setting alarms, sending emails, shopping, and playing music. Because of the large presence, and access the Amazon Echo has on personal information, any vulnerabilities could have disastrous consequences.

What is Alexa vs. Alexa (AvA)?

Alexa vs. Alexa, or AvA, is a new term coined by Esposito et al., and entails multiple different ways that the Amazon Echo in particular can be subject to malicious attackers, but this can also likely apply to other smart speakers as well. It works by making Alexa, the virtual assistant in the Amazon Echo, say commands to itself, making it possible to alter emails, smart appliances, and buy products off of Amazon, all unauthorized. This can work through either a Bluetooth device, or through radio.

What about requiring verbal confirmation/volume decreases?

The researchers were able to negate the requirement of confirmation for some commands by having Alexa say yes after a pause. In order to combat the volume decrease that arises when the Echo perceives someone speaking, they are able to take advantage of a vulnerability known as the Full Volume Vulnerability, which actually stops the Echo from turning the volume down.

Invasion of Privacy

If that wasn’t enough, malicious attackers could also make an application that runs in the background, while it can overhear your commands. It then responds to your commands in the voice of Alexa in such a way that while eavesdropping, can make it seem as though you are just interacting with Alexa. This can allow for multiple issues: attackers can listen in on all information, potentially sensitive, provided, and they can provide you with incorrect information, such that it removes suspicion.

What does this look like?

Here’s a video of the authors demonstrating how the various commands work:

Are there any weaknesses to this attack?

A clear weakness that presents itself is that due to the nature of Bluetooth, if using this method, attackers need to be near the Echo to go through with the attack. Additionally, in response to the paper, Amazon had changed functionality to make the Echo resistant to commands presented through a radio.

How can I protect myself?

A recommendation presented by the authors is that in order to reduce the likelihood of these attacks occurring, it is very important to mute your microphones when not using the Echo, or set it so that the microphone only turns on when you are near it, so that you can hear commands if they arise. Additionally, through the Alexa app, you can delete voice recordings, reducing the likelihood of commands coming from the Echo itself, and it is possible to cancel a skill by giving a verbal command.

References

https://arstechnica.com/information-technology/2022/03/attackers-can-force-amazon-echos-to-hack-themselves-with-self-issued-commands/

https://arxiv.org/pdf/2202.08619.pdf

https://www.bitdefender.com/blog/hotforsecurity/alexa-hack-yourself-researchers-describe-new-exploit-that-turns-smart-speakers-against-themselves/

https://www.tomsguide.com/news/amazon-echo-security-loophole-exploited-to-make-them-hack-themselves

Every day that we are alive on this planet, humanity and the software continues to grow and evolve collectively, if not together. And everyday we are introduced to more and more vulnerabilities in both areas, from the unfortunate effects of Covid-19 to losing your computer data because all you wanted to see were some dancing pigs. Today, I will be sharing with you a new type of malware that has recently arisen in the news known as the Daxin Malware, a complex and undetectable virus that is able to take your information via a shared network.

What is it? Why is it?

The Daxin Malware, or more formally Backdoor.Daxin, is a piece of malware that is able to enter your computer(s) as a backdoor (A backdoor is a type of malware that negates normal authentication procedures to access a system, aka a form of a trojan virus) to allow the controller to insert whatever they would like into it. Not only that, it also has network tunneling abilities (a protocol that allows for the movement of data from one network to another) and can even hijack Transmission Control Protocol/Internet Protocol connections! It was created by china-linked actors, and is considered the most formidable and advanced piece of malware released by China thus far. Although its original purpose was to be used against the Chinese government or related members in its espionage campaign, its an incredibly complex sort of code and can do disastrous amounts of damage to any computer system in its path. It is optimized to hack into the targets network as quietly as possible to steal data and cause overall chaos

TCP/IP stands for Transmission Control Protocol/Internet Protocol and is a suite of communication protocols used to interconnect network devices on the internet.

https://www.techtarget.com/searchnetworking/definition/TCP-IP

Okay, but when was this discovered?

The Symantec Threat Hunter Team, the first to discover that this virus had been lurking around, deduced that this silent virus may have been used since 2013, its age showing how it infects its victims as a Windows kernel driver, which is more uncommon nowadays, only having minor tweaks before then up until November 2021, which is when its more recent attacks occurred. It was thought that one attack that used this virus was back in 2019, in which Daxin and another malware, known as OwlProxy, was found in the computer of a small tech company. They used OwlProxy as a last resort after attempting to deploy Daxin, but failing to miserably. In July of 2020, they used this virus as an attack on the Chinese military, making two unsuccessful attempts to eject a driver with suspicious content that was thought to be Daxin due to the nature of its prior attacks, though it remains unconfirmed.

It was thought that before Daxin, the creators of this virus had been experimenting on something prior, called Backdoor.Zala, which had almost all the features of the Daxin, but was somewhat less advanced in quite a few aspects such as in its networking techniques. The two malwares, however, shared many common libraries, leading many to believe the two shared a codebase.

That’s fine and all, now what does it REALLY do?

As previously mentioned, Daxin operates as a Windows kernel driver, and is designed to hop from infected system to infected system with a single external command, over one network of course, an astonishing advance in malware since normally most attackers get from node to node one command at a time.

As previously stated, it hijacks TCIP/IP sessions too, and does this by monitoring traffic and finding patterns only to disconnect the client straight after in order to take over the connection, and establish a secure peer-to-peer network over the hijacked network link so that the backdoor can receive communications from the command-and-control network. This method allows it to bypass any sort of firewall and minimizes all risk of being noticed by a security team, since its not opening any sort of new network services, and is instead abusing any real services already running on the infected computers.

“It is designed to be used in long-term strategic attack campaigns. To achieve that, it does the second thing, which is to be as stealthy as possible: It does not open up any new ports; it does not speak with a command-and-control servers explicitly at any point at time.”

Symantec’s Thakur

Dangerous! Is there any cure?

At this moment, much is unknown about the virus, and the discovery team has not said much about it either. In another blog post, it is mentioned how the attacks may originate from tools like PsExec, which was actually what they used to attack that small tech company mentioned earlier, instead of sending files in hopes that their victims will open them eventually.

Knowing this, they simply recommended to use good cyber security practices and to stay safe, although if you’re a member of the Chinese government, you’ll have to be more careful than most.

Everyday is a new danger, so make sure you stay safe and make certain your network is secure!

Many aspects of our lives have been engulfed by technology, but we do not seamlessly interact with our devices. Google’s Advanced Technology and Products division (ATAP) has revealed its latest research on Soli radar to push the boundaries of non-verbal human-computer interaction¹. The technology is capable of reading people’s body language and performing automated tasks. 

What is Soli Radar?

Soli is a radar platform developed by Google’s ATAP research team in 2015. It is a sensor with embedded radar technology that uses electromagnetic waves to pick up on subtle human body language and movements². It was first seen in Google’s Pixel 4 for distant gesture detection and recently in Nest Hub smart display for movement and breathing pattern tracking. It’s worth noting that data from the sensor is processed locally and the raw data is never sent to the cloud.

How does Soli Radar work?

1.       Emits.

Soli’s radar emits electromagnetic waves in a broad beam. An object within the beam, like a human hand, scatters some of this energy, reflecting some portion back towards the antenna.

2.       Reflects.

Properties of the reflected signal, such as energy, time delay, and frequency shift capture rich information about the object’s characteristics and behaviors, including size, shape, orientation, material, distance and velocity.

3.       Recognizes.

By processing the temporal signal variations and other captured characteristics of the signal, Soli can distinguish between complex movements to understand the size, shape, orientation, material, distance and velocity of the object within its field.

The Proxemics concept

Proxemics is the study of how people use space around them to mediate social interactions³. As you get closer to another person, you expect increased engagement and intimacy. Each Soli Radar-enabled device will be given a personal space concept to react more human-like when a person enters. The personal space overlap is a good indicator of whether humans will interact or just pass by.

Radar sensors assist devices in understanding the social context around them and acting accordingly (together with AI).  Furthermore, Soli captures the subtle elements of movement and gesture, such as body orientation, the path you might take, and the direction your head is facing⁵ – aided by machine learning algorithms that refine the data and allow devices to recognize the social context of the environment around them4. It can tell if you approach or just walk past the device.

 The ultimate goal is for the sensor to be able to anticipate a user’s next move and serve up a corresponding response. Radar is more privacy-friendly to gather spatial data. Unlike a camera, radar doesn’t capture and store distinguishable images of your face, or other means of identification.

Potential Applications on Roadmap

• Booting up or pull up touch controls when you are approaching
• Turn on the screen when your head facing it
• TV bookmarks where you left and resumes from that position when you’re back.
• Learn your routines over time and prevent you from any unhealthy habits.

Limitations

While radar detects multiple subjects, if individuals are too close, it only senses an amorphous blob, which causes confusion to the algorithm in decision-making. There is also a balance between your settings and what the device believes you want. Due to Soli’s limited radar range of 9 feet², more Soli devices would have to be installed in your house, and data have to be shared to process the anticipation, so the gathered data would percolate to the cloud eventually.

REFERENCE

1. https://www.wired.com/story/google-soli-atap-research-2022/#intcid=_wired-verso-hp-trending_a075d90f-cb9d-4d46-bcde-f31b98adc77c_popular4-1
2. https://atap.google.com/soli/technology/
3. https://www.scienceofpeople.com/proxemics/
4. https://singularityhub.com/2022/03/04/googles-new-camera-free-sensor-can-read-and-react-to-your-body-language/

Instruction

Nowadays we can search or browse any information we want through the internet. Creating an account and logging in may help the computer to recommend the related message in a more efficient way. However, the log of data may leak your privacy and that’s the reason why I would like to share this blog.

Is that necessary to set a password

Cryptology is a famous subject in computer science. There will be two parts for the whole majority. Encryption and decryption. During World War two, the allies had tried thousands of times to decrypt the Nazi’s telegraph and the password (or we refer to the key to decrypt the message in the right way) has turned out to be the well-known sufficient way to protect your individual information.

How to crack a password

I will show you the most common way to crack a password as a hacker as below:

Dictionary attack–This method involves the use of a word list to compare against user passwords. For example, if the college has delivered the account to you to log in for the education. The password may be related to your ID number, the year of the entrance, or your majority. The hacker will create a worklist that is involved in all possible related information and try it. If the students do not change the password, it may leak your score and other individual privacy.

Brute force attack– This method is similar to the dictionary attack. Brute force attacks use algorithms that combine alphanumeric characters and symbols to come up with passwords for the attack. It will take time, but this is the most regular way. For example, if the limitation of the password is eight characters, for the full number option, it starts from 00000000 to 99999999, it will be done in one second for the whole test and that is the reason why we recommend setting a password with a number, alphabet, symbol and even the uppercase letter.

Rainbow table attack– This method uses pre-computed hashes. You are not familiar with hashes? It doesn’t matter. Let us consider it as the ID for the web page. If you have clicked the link from the mailbox and the computer will open the related website. What if the link is faked? The computer will be wide open for the hacker to get all the info he wants. The website may be so similar, and you may not notice. For yourself, you cannot improve the algorithms, however, never clicking the strange link is enough.

                      How to hash work

Guess– As the name suggests, this method involves guessing.

Spidering – Most organizations use passwords that contain company information. If you have browsed the web page, the computer will create a log named as history or cookies. This information will not be encrypted normally and please delete or ban it.

The Ways to protect you from the attack

I will introduce some helpful ways to protect your password.

1, Don’t pick a weak password– Just use a combined password with all options I have mentioned.

2, Use multifactor authentication– Link your mobile to the account and it may deliver your random Pin code as an extra way to verify.

3, If biometrics is an option, take it- Like a fingerprint or iris recognition.

4, Different accounts need different passwords- you may combine some related word (like the name of the website or the year when you created it) with the regular password.

5, Consider a password manager- It may cost much, or it will be riskier. However, this will save time.

6, Don’t share your password- Very important.

7, Don’t fall for phishing- Do you still remember the mailbox’s link? Make sure the resource and pay attention.

8, Always update software- The company will improve the security and just update it.

All above are just some common shares for the password, which I hope is to introduce the importance of your privacy and the way to protect it. May this passage be helpful for you.

References

https://www.cnbc.com/2022/02/27/most-common-passwords-hackers-leak-on-the-dark-web-lookout-report.html

https://www.cnbc.com/2016/02/24/8-ways-to-protect-your-passwords-from-identity-theft-online.html

What is homomorphic encryption?

Encryption is useful for communication when 3rd parties are present. A key pair(or sometimes one key) is used to encrypt and decrypt messages/information so that these malicious 3rd parties cannot read the information, or get any hints about what the information can contain. We still see developments in this field, from both attackers and defenders. 

Homomorphic encryption is one type of encryption, it is not too common these days though. It allows for users to perform operations on the encrypted data without decrypting it. That is, after the information is encrypted into ciphertext, operations can be done on this ciphertext before decrypting it back into information. This limits the number of possible algorithms which is probably why it is not common; few effective methods exist. It does have useful applications though just because you do not need the key to decrypt the message if you want to change it.

What’s the problem?

Researchers from North Carolina State University and Dokuz Eylul University have found a way to gather information while it is being encrypted. They called it a first side channel attack. Essentially, they look at power consumption by the computers encrypting the data to gather clues about the data. They were able to fine tune their analysis until they were able to directly read all the encrypted data. 

This is quite clever, because they are not directly looking at the encrypted data. With infinite possible keys that could encrypt a specific message into a specific ciphertext, it is quite difficult to get any information about the encrypted message by observing the ciphertext. However, looking at the power consumption of the encrypting device does tell you how many steps the algorithm takes, and diving deeper tells you when the algorithm takes the most steps. Since homomorphic encryption is limited in terms of possible algorithms, it is more vulnerable when any information about the algorithms are leaked. This type of attack could certainly help against other encryption methods too; it reveals some information and that’s all an attacker needs. As an attacker, you could combine a first side channel attack with another strategy, and the two combined might give enough info. Attackers can and will try anything.

Who is at risk?

The big companies are at risk here, because homomorphic encryption is most common when large databases are involved. This makes sense because it is not efficient to decrypt a large amount of information just to tweak it, homomorphic encryption is much faster. These companies will have to change something about their encryption practices, because they are huge targets with lots of cash on hand.

References

https://thehackernews.com/2022/03/researchers-demonstrate-new-side.html

Background

Have you seen an Electric Vehicle (EV) on the road yet? Maybe you’ve been cut off by a fully electric Tesla on Deerfoot. Or you may have saved a few dollars by taking an “Eco-Friendly Uber Green,” which was most likely a Hybrid Electric Vehicle (HEV). Electric Vehicles are run on electric motors instead of gasoline engines [7]. These vehicles require to be charged after every ~300km [9] in a wall plug-in or electric vehicle supply equipment to recharge its large traction battery pack [10]. EVs are significantly more exposed to cyber security risks with more technology involved than the good old 2005 Honda Civic. 

What’s happening today?

Earlier this week, on March 1, 2022, hackers launched an attack on select Electric Vehicle Charging Stations in Russia. [11] Electric Vehicles at these stations could not be charged during this time, and messages with derogatory slang about Putin and the words “Glory to Ukraine!” were displayed on the screens. [1] With this news, we see another example of how hacking into technology will be involved in modern warfare. 

Breaking Down the Issue:

This specific hack in Russia is reportedly from “AutoEnterprise by Rosseti,” the Ukrainian company that provided the parts for the chargers. They claim to have exploited a back-door in the system that allowed this sustained distributed denial of service (DDoS) attack. [11]

Research on vulnerabilities in EV chargers has concluded that these security shortfalls pose a significant risk to the safety and operation of electric grids. In Russia, access to charging was effectively stopped during the attack. Hackers can turn chargers on and off or even use EV charging stations as a cyberweapon to overload the electric grid and cause widespread power cuts. [3]

But that’s not all! Along with these concerns, EV chargers are an access point to the Electric Vehicles that connect to them. In the event that EV chargers and their internet connection to the Electric Vehicles are targetted, additional cybersecurity threats arise, such as:

1. Damage to the vehicle’s data, software, or operating system [4]

2. Vehicles could be immobilized or made inoperable [4]

3. Theft of electricity at the expense of driver accounts [3]

4. Opening a Back door into EV the owners’ home networks and other devices in the home [2]

Implications in the Future:

Not only do EVs have the potential to run on 100% sustainable, renewable energy (depending on how the electric power is produced), it also has the potential to save people big bucks! A UK study by USwitch compared the cost of electricity worldwide and stated that the cost of charging an EV in Canada would be around $277.10 CAD [6][8] per year. With rising gas prices ($1.58/litre today!!), and the Canadian Government offering point-of-sale incentives for EV consumers, it is a growing industry with an upward trend of EV purchases in Canada. In Canada and around the world, we are moving towards becoming dependent on electric modes of transportation. It’s scary to think that it can be hacked, dismantled, or overloaded – especially in times of conflict. As the consumers, by keeping informed on the issues and encouraging research into solutions like asymmetric encryption [11], we can push for higher security standards in our transportation industry. 

References:

[1] https://insideevs.com/news/570958/russia-electric-car-chargers-hacked/   [2] https://futurism.com/the-byte/ev-chargers-vulnerable-hacking
[3] https://techcrunch.com/2021/08/03/security-flaws-found-in-popular-ev-chargers/

[4]https://finance.yahoo.com/news/hsb-cyber-survey-finds-electric-144100406.html?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNhLw&guce_referrer_sig=AQAAAB5oyL1ZaFztjCASBCvJLXgXGxQ0MXlHvhMgmh0LWg7qPZf8T1xs6M3rd4241-TYgNx5_6rin49cLAjydu9jo9UatecCIZMJprxlL16osmGHJ_s0nSY6oXbnbdVGN__GrqcDTiHkXBfZPW6mSSew2bfx-U2fY175znTPrI4jlf8u

[6] https://mobilesyrup.com/2020/07/13/average-cost-charging-ev-canada/

[7] https://afdc.energy.gov/vehicles/how-do-all-electric-cars-work

[8] https://www.uswitch.com/gas-electricity/world-powers/#how-much-does-it-cost-to-charge-an-electric-vehicle

[9] https://evcharging.enelx.com/ca/en/resources/blog/666-how-far-can-electric-cars-go-on-one-charge

[10] https://www.fierceelectronics.com/electronics/safeguarding-electric-vehicle-charging-key-to-secure-e-mobility

[11] https://www.ladbible.com/news/electric-chargers-hacked-putin-ukraine-russia-autoenterprise-rosetti-20220301