International Journal of Cyber Forensics and Advanced Threat Investigations
Not a member yet
13 research outputs found
Sort by
Robot Teardown, Stripping Industrial Robots for Good
Full text linkBuilding a robot requires a careful selection of components that interact across networks while meeting timing deadlines. Given the complexity associated, as robots get damaged or security compromised, their components will increasingly require updates and replacements. Contrary to the expectations and similar to Ford in the 1920s with cars, most robot manufacturers oppose to this. They employ planned obsolescence practices organizing dealers and system integrators into "private networks", providing repair parts only to "certified" companies to discourage repairs and evade competition.
In this article, we introduce and advocate for robot teardown as an approach to study robot hardware architectures and fuel security research. We show how teardown can help understanding the underlying hardware and demonstrate how our approach can help researchers uncovering security vulnerabilities. Our case studies show how robot teardown becomes an essential practice to security in robotics, helping us identify and report a total of 100 security flaws with 17 new CVE IDs over a period of two years. Lastly, we finalize by demonstrating how, through teardown, planned obsolescence hardware limitations can be identified and bypassed obtaining full control of the hardware, which poses both a threat to the robot manufacturers' business model as well as a security threat
Robot Cybersecurity, a Review
Full text linkRobots are often shipped insecure and in some cases fully unprotected. The rationale behind is threefold: first, defensive security mechanisms for robots are still in their early stages, not covering the complete threat landscape. Second, the inherent complexity of robotic systems makes their protection costly, both technically and economically. Third, vendors do not generally take responsibility in a timely manner, extending the zero-day exposure window (time until mitigation of a zero-day) to several years on average. Worse, several manufacturers keep forwarding the problem to the end-users of these machines or discarding it.
In this article we review the status of robot cybersecurity considering three sources of data: 1) recent literature, 2) questionnaires performed in top robotics forums and 3) recent research results in robot cybersecurity. Building upon a decade of experience in robotics, this article reviews the current status of cybersecurity in robotics and argues about the current challenges to secure robotic systems. Ultimately, based on the empirical results collected over a period of three years performing security assessments in robots, the present text advocates for a complementary offensive approach methodology to protect robots in a feasible and timely manner
Scraping Airlines Bots: Insights Obtained Studying Honeypot Data
Full text linkAirline websites are the victims of unauthorised online travel agencies and aggregators that use armies of bots to scrape prices and flight information. These so-called Advanced Persistent Bots (APBs) are highly sophisticated. On top of the valuable information taken away, these huge quantities of requests consume a very substantial amount of resources on the airlines' websites. In this work, we propose a deceptive approach to counter scraping bots. We present a platform capable of mimicking airlines' sites changing prices at will. We provide results on the case studies we performed with it. We have lured bots for almost 2 months, fed them with indistinguishable inaccurate information. Studying the collected requests, we have found behavioural patterns that could be used as complementary bot detection. Moreover, based on the gathered empirical pieces of evidence, we propose a method to investigate the claim commonly made that proxy services used by web scraping bots have millions of residential IPs at their disposal. Our mathematical models indicate that the amount of IPs is likely 2 to 3 orders of magnitude smaller than the one claimed. This finding suggests that an IP reputation-based blocking strategy could be effective, contrary to what operators of these websites think today
Editorial–Volume 2, No 1 (2021) of the IJCFATI
Full text linkThis article introduces volume 2, no 1 (2021) for the International Journal of Cyber Forensics and Advanced Threat Investigations. The article outlines some insights, updates and summarizes the articles published in the issue
Data Security for the SME
Full text linkWhilst much discussion takes place within the Cyber Security Industry, and at annual events, such as yearly Infosecurity show held in London, with emphasis on the corporate world of security, very little attention given to the often forgotten (ignored) smaller enterprise and millions (billions) of end-users who face the very same cyber-threats on an everyday basis. However, this imposition is further compounded by the fact that generally, most of those within the SME sector, and ordinary end-user individuals can be deficient when it comes to cyber-defences, with a much lower level of cybersecurity savvy skills, which by inference exposes a soft-belly of low hanging fruit, manifesting in a significant surface of attack open to abuse by cybercriminals. In the current age of insecurity, such exposures are particularly noteworthy as threats posed by the potential of encountering a Ransomware attack may be concluded to be significant. This paper looks to outline the threats of the current age of 2020 posed by Ransomware and focuses on how the overlooked SME and Individuals may secure their most precious data object, and their business with affordable, simplistic tools and practices
Impact of Tools on the Acquisition of RAM Memory
Full text linkWhen responding to a security incident in a system, several basic principles must be followed regarding the collection of pieces of evidence from the system. The capture of these pieces of evidence has to be done according to its order of volatility. In this sense, RAM memory constitute the most important element to capture, given its extreme volatility. RAM memory must be acquired and analyzed because the data it holds, which may belong to the system itself or to any other device connected to it, can survive a certain amount of time in it. Since RAM is a constantly changing element, it must be stood out that any action carried on the system under analysis will modify the contents of the RAM. In this article a comparative and an objective analysis has been carried out, showing the impact that the execution of some tools for the capture of RAM has on the system. This comparative study details both the private shared workspaces, for each of the processes executed by each of the tools used
A Forensic Analysis of Home Automation Devices (FAHAD) Model: Kasa Smart Light Bulb and Eufy Floodlight Camera as Case Studies
Full text linkThe adoption of Internet of Things (IoT) devices is rapidly increasing with the advancement of network technology, these devices carry sensitive data that require adherence to minimum security practices. The adoption of smart devices to migrate homeowners from traditional homes to smart homes has been noticeable. These smart devices share value with and are of potential interest to digital forensic investigators, as well. Therefore, in this paper, we conduct comprehensive security and forensic analysis to contribute to both fields—targeting a security enhancement of the selected IoT devices and assisting the current IoT forensics approaches. Our work follows several techniques such as forensic analysis of identifiable information, including connected devices and sensor data. Furthermore, we perform security assessment exploring insecure communication protocols, plain text credentials, and sensitive information. This will include reverse engineering some binary files and manual analysis techniques. The analysis includes a data-set of home automation devices provided by the VTO labs: (1) the eufy floodlight camera, and (2) the Kasa smart light bulb. The main goal of the technical experiment in this research is to support the proposed model
Editorial–Inaugural Issue of the IJCFATI
Full text linkThis article introduces the inaugural issue for the International Journal of Cyber Forensics and Advanced Threat Investigations. The article outlines the journal’s aims and scope and summarizes the articles published in the issue
Exploring the Shift from Physical to Cybercrime at the Onset of the COVID-19 Pandemic
Full text linkThe novel coronavirus has made an impact on virtually every aspect of our lives. The current study utilizes secondary data to identify patterns and trends related to shifting crime from the physical to the cyber domain. With millions, if not billions, people staying at home, attackers now look for new ways to commit crimes. Our findings indicate that while a lot of crimes such as robbery, assault, rape, and murder have declined at the beginning of the pandemic, we are also witnessing a rise in cybercrime, vehicle theft, and domestic violence. The current study looks specifically at phishing and what new trends are observed due to COVID-19. The current work is grounded in routine activity theory and demonstrates its relevance to both the physical and cyberspace. The implications of our work can be used by scholars who want to continue researching this new phenomenon. Practitioners can utilize our findings to look for ways to improve the corporate security posture by protecting the employees and customers working from home. Developing new phishing training and awareness programs should be focused around possible scenarios involving COVID-19. Our study suggests victims are more likely to fall prey to those during times of fear and uncertainty like the current pandemic
Cyber Forensics on Internet of Things: Slicing and Dicing Raspberry Pi
Full text linkAny device can now connect to the Internet, and Raspberry Pi is one of the more popular applications, enabling single-board computers to make robotics, devices, and appliances part of the Internet of Things (IoT). The low cost and customizability of Raspberry Pi makes it easily adopted and widespread. Unfortunately, the unprotected Raspberry Pi device—when connected to the Internet—also paves the way for cyber-attacks. Our ability to investigate, collect, and validate digital forensic evidence with confidence using Raspberry Pi has become important. This article discusses and presents techniques and methodologies for the investigation of timestamp variations between different Raspberry Pi ext4 filesystems (Raspbian vs. UbuntuMATE), comparing forensic evidence with that of other ext4 filesystems (i.e., Ubuntu), based on interactions within a private cloud, as well as a public cloud. Sixteen observational principles of file operations were documented to assist in our understanding of Raspberry Pi’s behavior in the cloud environments. This study contributes to IoT forensics for law enforcement in cybercrime investigations