This blog post was written by Márton Horváth who worked on implementing a monitor for Certificate Transparency logs in the context of his student semester project. As a proof-of-concept, he used the monitor he created to collect information about logged certificates issued in Hungary or issued to Hungarian web sites. This blog post contains the main findings of the analysis of those certificates. Continue reading Certificate Transparency – the current landscape in Hungary
This blog post, written by István Telek, is the last post in a series of blog posts on transforming the Raspberry Pi into a security enhanced IoT platform. This last post describes how we implemented a very basic integrity monitoring function as a trusted application running in OP-TEE. Continue reading Linux integrity monitoring on the Raspberry Pi
This blog post, written by Márton Juhász, is the fifth in a series of blog posts on transforming the Raspberry Pi into a security enhanced IoT platform. This post specifically will explain how to convert the Raspberry Pi into a WiFi access point such that it can perform some gateway-like functionality. First, we describe how to enable WiFi and then how to enable other software components to make the Pi an access point. Continue reading Enabling WiFi and converting the Raspberry Pi into a WiFi AP
This blog post, written by Márton Juhász, is the fourth in a series of blog posts on transforming the Raspberry Pi into a security enhanced IoT platform. Previous posts discussed building a custom Linux system with Buildroot, installing OP-TEE, and verified boot on the Raspberry Pi. This post will describe some OS hardening options you can use to reduce the attacks surface. Continue reading OS hardening on the Raspberry Pi
This blog post, written by István Telek, is the third post in a series of blog posts on transforming the Raspberry Pi into a security enhanced IoT platform. It describes how you can implement a verified boot process on the Raspberry pi. Continue reading Verified boot on the Raspberry Pi
This blog post, written by Szilárd Dömötör, is the second post in a series of blog posts on transforming the Raspberry Pi into a security enhanced IoT platform. The first post explained how to build and install the default OP-TEE implementation for the Raspberry Pi 3. This one describes how you can build your own custom Linux system (with OP-TEE) using the Buildroot environment. Continue reading Using Buildroot to create custom Linux system images
This blog post, written by Márton Juhász, is the first in a series of blog posts on transforming the Raspberry Pi into a security enhanced IoT platform.
This blog post explains how to build and install the default OP-TEE implementation for the Raspberry Pi 3. The easiest way is to follow the steps described in the corresponding git repo of OP-TEE. However, for the sake of completeness (and because some steps may actually be a bit confusing in the original description), we provide a comprehensive description here. Continue reading OP-TEE default build and installation on the Raspberry Pi
The Internet has grown beyond a network of laptops, PCs, and large servers: it also connects millions of small embedded devices. This new trend is called the Internet of Things, or IoT in short, and it enables many new and exciting applications. At the same time, IoT also comes with a number of risks related to information security. The lack of security, however, cannot be tolerated in certain applications of IoT, including connected vehicles and smart factories. In those applications, security failures may lead to substantial physical damage or monetary loss. Therefore, one of the biggest challenges today, which hinders the application of IoT technologies in certain application areas, is the lack of security guarantees. Continue reading Enhancing the Security of the Internet of Things
by Iraklis Symeonidis, COSIC, KU Leuven
and Gergely Biczók, CrySyS Lab, BME
Recent technological advancements have enabled the collection of large amounts of personal data at an ever-increasing rate. Data analytics companies such as Cambridge Analytica (CA) and Palantir can collect rich information about individuals’ everyday lives and habits from big data-silos, enabling profiling and micro-targeting of individuals such as in the case of political elections or predictive policing. As it has been reported at several major news outlets already in 2015, approximately 50 million Facebook (FB) profiles have been harvested by Aleksandr Kogan’s app, “thisisyourdigitallife”, through his company Global Science Research (GSR) in collaboration with CA. This data has been used to draw a detailed psychological profile for every person affected, which in turn enabled CA to target them with personalized political ads potentially affecting the outcome of the 2016 US presidential elections. Whether CA used similar techniques at the time of the Brexit vote, elections in Kenya and an undisclosed Eastern European country (and several other countries) is under investigation. Both Kogan and CA deny allegations and say they have complied regulations and acted in good faith.
This blog post does not take sides in this debate, rather, it provides technical insight into the data collection mechanism, namely collateral information collection, that has enabled harvesting the FB profiles of the friends of app users. In this context, the term collateral damage refers to the privacy loss these friends suffer. In a larger nexus, this issue is part of interdependent privacy when your privacy depends unavoidably on the actions of others (in this case, your friends). Continue reading Interdependent privacy in effect: the collateral damage of third-party apps on Facebook
Boldizsár Bencsáth (Boldi) will have a presentation at Kaspersky Security Analyst Summit on 09/03/2018 Friday. The presentation is based on a technical paper which describes findings about modules and information in April 2017 Shadow Brokers leak. The particular information categorizes external APT attackers and calls them SIG1 to SIG45. For more, please check the paper. Please do not forget The corresponding external sample hash list text file.