Tag Archive for: studies

Virtual reality headsets are vulnerable to hackers, demonstrate studies

/in


virtual reality
Credit: CC0 Public Domain

While augmented reality (AR) and virtual reality (VR) are envisioned as the next iteration of the internet immersing us in new digital worlds, the associated headset hardware and virtual keyboard interfaces create new opportunities for hackers.

Such are the findings of computer scientists at the University of California, Riverside, which are detailed in two papers to be presented this week at the annual Usenix Security Symposium in Anaheim, a leading international conference on cyber security.

The emerging metaverse technology, now under intensive development by Facebook’s Mark Zuckerberg and other tech titans, relies on headsets that interpret our bodily motions— reaches, nods, steps, and blinks—to navigate new worlds of AR and VR to play games, socialize, meet co-workers, and perhaps shop or conduct other forms of business.

A computer science team at UCR’s Bourns College of Engineering led by professors Jiasi Chen and Nael Abu-Ghazaleh, however, has demonstrated that spyware can watch and record our every motion and then use artificial intelligence to translate those movements into words with 90% or better accuracy.

“Basically, we show that if you run multiple applications, and one of them is malicious, it can spy on the other applications,” Abu-Ghazaleh said. “It can spy on the environment around you, for example showing people are around you and how far they are. And it can also expose to the attacker your interactions with the headset.”

For instance, if you take a break from a virtual game to check your Facebook messages by air typing the password on a virtual keyboard generated by the headset, the spyware could capture your password. Similarly, spies could potentially interpret your body movements to gain access to your actions during a virtual meeting in which confidential information is disclosed and discussed.

The two papers to be presented at the cybersecurity conference are co-authored Abu-Ghazaleh and Chen toether with Yicheng Zhang, a UCR computer…

Source…

Learning from Ghana’s Multistakeholder Approach to Cyber Security – Africa Center for Strategic Studies

/in


Ghana’s inclusive approach to developing a national cybersecurity strategy offers a model for how to rapidly build cyber capacity without undermining the safety of citizens.

Ghana's Joint Cybersecurity Committee

The inauguration of Ghana’s Joint Cybersecurity Committee. (Photo: Cyber Security Authority)

As internet penetration has exponentially grown, African countries have become more exposed to cyber-related threats. Increasingly organized malicious actors deploy increasingly sophisticated forms of malware that threaten critical maritime and energy infrastructure, cause billions of dollars in annual losses, disrupt internet access, and steal sensitive information from governments, politicians, businesspeople, citizens, and activists across the continent. Most African countries have experienced at least one publicly documented disinformation campaign, a majority of which are sponsored by external actors.

Unfortunately, most African countries have yet to establish foundational cybersecurity policies to confront these threats. A majority have yet to author a national cybersecurity strategy, to set up institutions capable of responding to major cybersecurity incidents, or to define an approach to international cooperation in cyberspace.

“Ghana has placed a citizen-centric, multistakeholder approach at the core of its efforts to address the country’s cybersecurity challenges.”

Ghana is not most African countries. It is 1 of only 12 nations in Africa to possess both a national cybersecurity strategy and national incident response capabilities. It is also one of only four to have ratified both the Budapest and Malabo Conventions, two major treaties aimed at addressing the international dimensions of cyber-related threats.

Just as impressively, Ghana has placed a citizen-centric, multistakeholder approach at the core of its efforts to address the country’s cybersecurity challenges. Civilians are in leadership roles in shaping most aspects of cybersecurity policy and strategy, from defining interagency responsibilities to developing incident response capabilities. Other countries across the continent have much to learn from Ghana’s approach, which has brought tremendous growth in cyber capabilities, enabled…

Source…

Ransomware Attacks: Why Case Studies Provide Rare Learning Opportunities

/in


by Patterson Belknap • May 4, 2022

The United States suffered a staggering 421.5 million ransomware attempts in 2021, a 98% increase from 2020. Those figures come from United States Senate Committee on Homeland Security and Governmental Affairs staff report titled “America’s Data Held Hostage: Case Studies in Ransomware Attacks on American Companies.”

The report details three companies’ experiences responding to attacks by Russia-based ransomware group REvil. The companies varied in size and industry but their previously established incident response plans in place helped mitigate the damage from the attacks.  However, the companies reported receiving little assistance from the Federal Government, highlighting the need for change at the federal level to better combat future attacks.

The report provides a comprehensive overview of ransomware’s state of play but the three case studies on anonymous companies’ reactions to ransomware attacks provides the freshest insight. The companies ranged from a Fortune 500 company with over 100,000 employees to a technology firm with approximately 50 employees.  Each had an incident response plan and various cybersecurity measures in place that helped mitigate the effects but to different levels of success.  Offline backups were uniformly hailed as one of the best defense measures each had in place to keep their company running while addressing the attacks but they all acknowledged at the attacks’ conclusions that they needed to address gaps in their plans and security that the attacks uncovered.

One of the companies did not need the government’s help responding to the ransomware attack but the two others reported little help from the government despite seeking its assistance.  Not surprisingly, the FBI continues to focus its efforts on its core law enforcement mission by identifying the bad actors and bringing them to justice, rather than proactively protecting and assisting victim companies.

Cybersecurity Incident Reporting: Time for FBI and CISA Reforms?

The Committee made seven recommendations in its report based on its investigation, three of which called for reform in the government:

  1. The Cybersecurity and…

Source…

Quantum computing and classical politics: The ambiguity of advantage in signals intelligence – Center for Security Studies

/in


Quantum computing and classical politics: The ambiguity of advantage in signals intelligence – Center for Security Studies | ETH Zurich

























JavaScript has been disabled in your browser

Source…