A decade has passed since the introduction of network enabled home appliances into the market. Every year these appliances advance in functionality and inter device integrations, such as the integration with cell phones/smart phones , service servers/ cloud services and more. This has lead to a significant increase in the information and value that the network enabled house hold appliances handle. Under such circumstances a vulnerability in the house hold appliance could be leveraged to gain access to other devices and information. In this presentation I will present whether such risks can be actualised and the changes of functionality and vulnerabilities in network enabled house hold appliances,looking at those changes from a user's and developer'sperspective.
Yukihisa Horibe
Panasonic Corporation Analysis Cente
Panasonic PSIRT member.
Over 10 years of experience in vulnerability research and risk analysis regarding networked household appliances and embedded systems.
The document reviews opportunities in information and communication technologies for the South West region. It analyzes 210 regional companies, identifying strengths in areas like semiconductor design, telecom chip design, and content storage. Near field communications, all-optical networking, low power chips, and vertical chips are highlighted as opportunities based on their market size, growth, and the region's relevance. Regional companies mentioned as leaders in these areas include Samsung, Innovision, Atmel, AT&T Bell Labs, Gooch & Housego, Nortel, Infineon, Zarlink, and Broadcom.
Hackers are increasingly targeting hardware and firmware as software security improves. The USB port, which is used for charging many devices, can also transmit malicious code or data if the device is plugged into a compromised public charger. Several types of USB attacks have been demonstrated, including installing malware, simulating keystrokes to steal login credentials, and damaging devices with power surges. Bluetooth and wireless vulnerabilities have also been exploited by hackers to gain remote access to devices within range. Medical devices are a major concern as vulnerabilities have been shown that allow full wireless control of insulin pumps and ability to remotely trigger shocks from implanted pacemakers and defibrillators.
This document discusses mobile commerce. It covers mobile computing and devices, the benefits of mobility and wireless connectivity, and some early mobile applications in various industries. It also addresses some inhibitors and barriers to mobile computing adoption, including limitations of bandwidth and device interfaces, security issues, and health and legal concerns.
This document provides an overview of a company that offers various business process outsourcing and knowledge process outsourcing services including contact center services, technical support, social media marketing, and software services. The company is located in Technopark, one of the largest IT parks in Asia, and draws from the large pool of educated graduates in Trivandrum, the capital of Kerala. It has accreditations from various industry bodies and focuses on industries like e-commerce, dairy and farming, retail, pharmaceuticals, healthcare, and telecom.
This document provides an overview of a company that offers various business process outsourcing and knowledge process outsourcing services including contact center services, technical support, social media marketing, and software services. The company is located in Technopark, Trivandrum, one of the largest IT parks in Asia, and draws from the large pool of educated graduates in the area. It has various accreditations and certifications and focuses on industries like e-commerce, dairy and farming, retail, pharmaceuticals, healthcare, and telecom.
Cashless Society - Latest Developments in JapanNFC Forum
Koichi Tagawa, Co-Chairman, NFC Forum and Jun Iwasaki, CardWave Chief Editor, Infcurion presented "Cashless Society - Latest Developments in Japan" in Tokyo.
Presentation by Hisashi Yamamoto of NXP Semiconductors from the Tokyo Tap Into NFC Seminar on February 9, 2016.
NXP presents solutions for the next generation of NFC applications. Presentation includes a general overview of NFC and NXP’s achievements, and then focuses on the steady growing number of NFC applications in gaming, automotive, the connected home, payment, access, and marketing.
Full slide deck from the NFC In Action Conference held October 2014 in Tokyo, Japan.
The NFC In Action Conference is part of the NFC Forum Tap Into NFC Developer Program.
1) The document describes a voice recognition robot that can be controlled by an Android mobile phone using Bluetooth. The robot has a Bluetooth receiver that receives control commands from the mobile phone app and sends them to a microcontroller to operate motors and control the robot's movement.
2) The goal is to create an inexpensive robot that can be controlled by most users, as Android phones are widely used. The Bluetooth feature on Android phones allows wireless control of the robot over short distances.
3) The robot's hardware includes DC motors connected to a motor driver and microcontroller. The microcontroller is connected to the Bluetooth module. Code is written in Embedded C to make the microcontroller respond to Bluetooth commands and control the motors.
The Future of the Internet - The Next 30 YearsRahul Singh
What will the future look like? What role does the Internet play in your life today, and how will it affect you in the future. This paper expands on current trends and extrapolates what our world will look like in the next thirty years.
Company driven by innovation and customer satisfaction. It is a web-mobile-electronics convergence company headquartered in India with offices globally. It has a team of over 130 employees developing flagship products across multiple industry verticals like health, education, tourism, and delivering end-to-end solutions to clients worldwide including governments and large corporations.
The document discusses vulnerabilities in IoT devices and provides examples of potential threats, including hacking a Jeep remotely and changing the target of a smart sniper rifle. It then summarizes challenges in securing IoT devices like limited resources, difficulty upgrading firmware, and lack of security software. Guidelines are provided for vendors, developers, and users to improve IoT security, such as using encryption, patching vulnerabilities, and educating users. Finally, the document demonstrates hacking a DTH set-top box by disturbing service, recording shows without permission, and stealing recordings.
IRJET- IoT Based Digital Notice Board Using Raspberry Pi with Audio Alert SystemIRJET Journal
This document describes a proposed IoT-based digital notice board system using a Raspberry Pi with audio alerts. The system would allow authorized users to wirelessly transmit notices and messages to the board using WiFi. At the receiver, a Raspberry Pi would connect to the WiFi and display messages on an LCD monitor while also playing audio alerts through a speaker. The system aims to provide a low-cost and easy-to-use digital alternative to traditional physical notice boards.
IRJEWT-An Intelligent Remote Controlled System for Smart Home AutomationIRJET Journal
1) The document proposes a smart home automation system using a Raspberry Pi that allows users to control and monitor home appliances and security sensors from their smartphones.
2) The system uses a Raspberry Pi connected to sensors and devices like a webcam, door sensors, light switches. The Pi transmits the sensor data and allows control of devices to a user's smartphone over WiFi.
3) The proposed system is intended to provide home security monitoring and control of lights and appliances for users with limited mobility through a simple smartphone interface. It aims to enable users to remotely check security cameras, door sensors, and control lights from their phones.
This document discusses Near Field Communication (NFC) technology and the NFC Forum. It notes that over 2x more people in the US pay with NFC than use TikTok, and that NFC is used for billions of interactions worldwide. Examples of NFC use include payments, transit cards, car keys, and smart packaging. The document outlines that NFC allows for secure, intuitive, two-way communication and interoperability between devices globally. It positions the NFC Forum as the leading standards and advocacy organization for NFC technology with over 120 member organizations.
This document describes a system that uses sensors to monitor air pollution levels from vehicles. The system uses RFID to identify vehicles and CO2 sensors to measure emission levels. If emission levels exceed thresholds, the vehicle owner is notified via their phone. If the owner does not respond after multiple notifications, the information is sent to the RTO office to take legal action. All sensor data is sent over WiFi to a cloud server for monitoring via a web interface. The system aims to help control vehicle emissions and improve air quality.
Karl Weaver from Gemalto gave a presentation on mobile payment and NFC at Beijing Mobile Monday #35. Some key points:
1) Gemalto is a global leader in SIM cards and has delivered over 1 billion SIM cards. They provide solutions for contactless mobile NFC applications.
2) Early pilots of contactless mobile payment using NFC in places like France showed great consumer satisfaction but wider deployment requires solutions for business models, interoperability standards, and availability of NFC phones.
3) A survey found 70% of smart phone owners use mobile financial services and nearly two-thirds would be interested in a mobile wallet solution, showing consumer demand for mobile payment applications.
Fight Against Citadel in Japan by You NakatsuruCODE BLUE
Lately in Japan the malware Citadel has been implicated in multiple internet banking unauthorised transaction incidents.
Citadel is a type of malware much like the Zeus known as banking trojans. When the malware successfully infects the users environment it utilises special functions called Web Injects to alter the website displayed in the end users computer to steal login credentials for internet banking sites.
To handle Citadel infection incidents, it is necessary to clarify whatsettings and what servers the Citadel malware uses and communicates totherefore its essential to have an in-depth knowledge of Citadel and to conduct research on the files left by Citadel. In this presentation I will present my findings on doing detailed analysis on Citadel and introduce data transmission reconstruction and file reconstruction tools which have been created to handle Citadel incidents.
You Nakatsuru
You 'Tsuru' Nakatsuru, CISSP is a "just married" Information Security Analyst of Analysis Center at JPCERT/CC (Japan Computer Emergency Response Team Coordination Center) since April 2013.
His primary responsibilities are to analyze malware abused in highly sophisticated cyber attacks, along with R&D on advanced counter malware technologies and cutting-edge incident handling methods. He also takes an active role in capacity building for junior malware analysts.
SCADA Software or Swiss Cheese Software? by Celil UNUVERCODE BLUE
The talk is about SCADA vulnerabilities and exploiting. We will answer some specific questions about SCADA software vulnerabilities with technical details.
The questions are;
- Why are SCADA applications buggy?
- What is the status and impact of the threat?
- How do researchers or hackers discover these vulnerabilities?
In this talk we will also look at some SCADA vulnerabilities that affects well-known SCADA/HMI vendors, and will show how it's easy to hunt these vulnerabilities via reverse engineering , fuzzing etc.
Celil UNUVER
Celil Unuver is co-founder & security researcher of SignalSEC Ltd. He is also founder of NOPcon Security Conference. His areas of expertise include Vulnerability Research & Discovery, Exploit Development, Penetration Testing and Reverse Engineering. He has been a speaker at CONFidence, Swiss Cyber Storm, c0c0n, IstSec, Kuwait Info Security Forum. He enjoys hunting bugs and has discovered critical vulnerabilities affect well-known vendors such as Adobe, IBM, Microsoft, Novell etc.
o-checker : Malicious document file detection tool - Malicious feature can be...CODE BLUE
In the targeted email attacks, it is often used the documentation file embedded with the execution files. To detect this kind of malicious documentation file, researching with the malcode detection approach has been focused. However, because the attacker can write the arbitrary code, thus it is always behind of the attacker to find the unknown malcode by focusing the traditional malcode detection methods.
In this talk I will introduce a different analytical approach compared to the more traditional malcode detection approach to detecting targeted email attacks by focusing on structural analysis of file formats. I will explain the ability to detect malware solely on file size and introduce o-checker which has implemented a general detection method that does not rely on the content of malicious code.
Yuuhei Ootsubo
Started to be interested in programming around 1987.
2005 Employed by the National Police Agency.
2007 National Police Agency Public Safety Information Technology Counter Crime Division.
2001 National Police Agency Information Communication Division Information Technology Analysis Division.
2012 Assigned to The National Information Security Center.
libinjection: from SQLi to XSS by Nick GalbreathCODE BLUE
libinjection was introduced at Black Hat USA 2012 to quickly and accurately detect SQLi attacks from user inputs. Two years later the algorithm has been used by a number of open-source and proprietary WAFs and honeypots. This talk will introduce a new algorithm for detecting XSS. Like the SQLi libinjection algorithm, this does not use regular expressions, is very fast, and has a low false positive rate. Also like the original libinjection algorithm, this is available on GitHub with free license.
Nick Galbreath
Nick Galbreath is Vice President of Engineering at IPONWEB, a world leader in the development of online advertising exchanges. Prior to IPONWEB, his role was Director of Engineering at Etsy, overseeing groups handling security, fraud, security, authentication and other enterprise features. Prior to Etsy, Nick has held leadership positions in number of social and e-commerce companies, including Right Media, UPromise, Friendster, and Open Market. He is the author of ""Cryptography for Internet and Database Applications"" (Wiley). Previous speaking engagements have been at Black Hat, Def Con, DevOpsDays and other OWASP events. He holds a master's degree in mathematics from Boston University and currently resides in Tokyo, Japan.
In 2013
- LASCON http://lascon.org/about/, Keynote Speaker Austin, Texas USA
- DevOpsDays Tokyo, Japan
- Security Development Conference (Microsoft) San Francisco, CA, USA
- DevOpsDays Austin, Texas, USA
- Positive Hack Days http://phdays.com, Moscow Russia
- RSA USA, San Francisco, CA, speaker and panelist
In 2012
- DefCon
- BlackHat USA
- Others
A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...CODE BLUE
A Security Barrier Device protects PC and other control devices by relaying every port between the motherboard and the peripherals. The SBD is totally transparent from the PC and can be installed regardless of OS or application. At this presentation I will discuss the storage securing function achieved by the SBD relaying the SATA port.
The SBD has a security information disk only accessible to itself where it stores the access privilege information of the original disk in the PC. When the PC issues a data access request to the original disk, the SBD will reference the access privileges of that particular sector, if the sector is read-deny then returns dummy data of 0 , if the sector is write-deny then it won’t write to that sector. The SBD not only allows for sector based protection but also a file based protection. In case of a file write-deny, there were some issues with the disc related cache in memory not being synchronised or the pointer’s position to the file in regards to its directory being shifted , but I will show how it was solved.
I will also talk about the fact that a SBD is an effective protection against any malware that attempts to manipulate the boot data sector or system files, once it detects any access right violations it can shutdown the ethernet port remotely and thwart the spreading of malware.
Kenji Toda
At the National Institute of Advanced Industrial Science and Technology conducted research and development of 30 Gbps intrusion detection systems , 60 Gbps URL filtering systems and or network devices testing equipment for such systems. Currently co-developing security barrier devices with the Research and Development Control System Security Center. (Presented at international conferences regarding MST and real-time systems)
http://codeblue.jp/en-speaker.html#KenjiToda
Keynote : CODE BLUE in the ICU! by Jeff MossCODE BLUE
1. The document discusses cybersecurity threats from different groups like nation states, criminals, protesters, and hackers/researchers. It argues hackers and researchers play an important role in discovering vulnerabilities and spurring security improvements.
2. It notes the increasing scale of DDoS attacks and complexity of cloud systems makes failures difficult to predict. The lack of secure communication options shows current approaches have failed.
3. The author advocates for a public health approach to cybersecurity where risks are managed rather than eliminated, and emphasizes the role of the security community in providing leadership through education and best practices.
IDA Vulnerabilities and Bug Bounty by Masaaki ChidaCODE BLUE
IDA Pro is an advanced disassembler software and often used in vulnerability research and malware analysis. IDA Pro is used to analyse software behavior in detail, if there was a vulnerability and the user is attacked not only can it have impact in a social sense but also impact legal proceedings. In this presentation I will discuss the vulnerabilities found and attacks leveraging the vulnerabilities and Hex-rays's remediation process and dialogue I had with them.
http://codeblue.jp/en-speaker.html#MasaakiChida
Preventing hard disk firmware manipulation attack and disaster recovery by Da...CODE BLUE
The document discusses disaster data recovery methods for HDDs. It describes how physical damage from events like floods, earthquakes or head crashes can corrupt HDD components like the PCB, firmware or platters, preventing normal access to data storage areas. The document outlines challenges in recovering data from scratched or dusty platters due to their close proximity to read/write heads. It proposes research into precision surface cleaning and analysis techniques to improve data recovery rates from physically damaged HDDs.
The Current State of Automotive Security by Chris ValasekCODE BLUE
Automotive computers, or Electronic Control Units (ECU), were originally introduced to help with fuel efficiency and emissions problems of the 1970s but evolved into integral parts of in-car entertainment, safety controls, and enhanced automotive functionality. This presentation will examine some controls in two modern automobiles from a security researcherís point of view. We will first cover the requisite tools and software needed to analyze a Controller Area Network (CAN) bus. Secondly, we will demo software to show how data can be read and written to the CAN bus. Then we will show how certain proprietary messages can be replayed by a device hooked up to an ODB-II connection to perform critical car functionality, such as braking and steering. Finally, weíll discuss aspects of reading and modifying the firmware of ECUs installed in todayís modern automobile.
Chris Valasek
Christopher Valasek is the Director of Security Intelligence at IOActive, an industry leader in comprehensive computer security services. Valasek specializes in offensive research methodologies with a focus in reverse engineering and exploitation. Valasek is known for his extensive research in the automotive field and his exploitation and reverse engineering of Windows. Valasek is also the Chairman of SummerCon, the nation’s oldest hacker conference. He holds a B.S. in Computer Science from the University of Pittsburgh.
Secret of Intel Management Engine by Igor SkochinskyCODE BLUE
Intel Management Engine ("ME") is a dedicated microcontroller embedded in all recent Intel motherboard chipsets. It works independently from the main CPU, can be active even when the rest of the system is powered off, and has a dedicated connection to the network interface for out-of-band networking which bypasses the main CPU and the installed OS. It not only performs the management tasks for which it was originally designed, but also implements features such as Intel Identity Protection Technology (IPT), Protected Audio-Video Path, Intel Anti-Theft, Intel TPM, NFC communication and more. There is not much info available about how exactly it works, and this talk aims to fill the gap and describe the low-level details.
Igor Skochinsky
Igor Skochinsky is currently one of the main developers of the world-famous Interactive Disassembler and Hex-Rays Decompiler. Even before joining Hex-Rays in 2008 he had been interested in reverse engineering for a long time and had brief periods of Internet fame after releasing a dumper for DRM-ed iTunes files (QTFairUse6) and hacking the original Amazon Kindle. He spoke previously at Recon, Breakpoint and Hack.LU.
HH QUALCOMM UplinQ - the next 10 billion mobile devicesSatya Harish
The document discusses how Qualcomm Technologies is enabling the Internet of Everything through its portfolio of wireless technologies and platforms. It highlights how Qualcomm is supporting key vertical markets like automotive, smart energy/home, and water utilities. It also discusses upcoming opportunities in smart cities through technologies like LTE for machine-to-machine communications and 802.11ah for low power wide area networks. The document provides an overview of Qualcomm's role in connecting billions of devices to support applications in areas like smart metering, asset management, and remote monitoring.
IoT is a green field of new business opportunities. The ran has started…..
Everyware Device Cloud (EDC) is a full set of Operational Technologies available also as a service, which represent the fastest way to start an IoT business.
You can connect a Device to Cloud in 15 minutes.
With EDC A typical IoT project would take 2 to 6 months to go live and the ROI is really fast
.
This document discusses embedded systems. It defines an embedded system as a special purpose computer used inside devices. Embedded systems have several key components: embedded hardware like microcontrollers, embedded operating systems, device drivers, and communication stacks. Challenges in developing embedded systems include low cost, high performance, and efficiency. Examples of applications are appliances, communication equipment, transportation systems, factory automation, and medical devices. Future trends include adaptive cruise control, telemedicine, security, telematics, and Bluetooth applications.
This is an introductory slide set on the Report JVE Consulting will release by end of Q1 2015. The report is extensive in its IoT introduction, connectivity coverage, IoT applications, security, standards efforts, alliances forming and the views of several market and analyst leaders
The document discusses the opportunities and challenges for CIOs with the rise of the Internet of Things (IoT). It notes that IoT will generate vast amounts of data from a growing number of connected devices. CIOs must help their organizations adapt by embracing new technologies, data sources, and ways of analyzing data to drive business value from IoT. While IT organizations currently focus on cost and stability, IoT requires an approach that also fosters innovation.
DELL Technologies - The IoT Value Chain - Solutions for the Smart World - Del...Smarter.World
In this presentation we will introduce various aspects of the Internet of Things, Industry 4.0 and the associated challenges in implementing new digital services.
We also refer to IoT / Industry 4.0 terminology, market developments, factors and drivers, IoT platform components, but also to the differentiation and similarities of the Internet of Things and Industry 4.0.
Using various application examples, we will outline the range of DELL Technologies offerings.
Here, however, we remain at an overview level for the first time without paying attention to the details of the deployable DELL-EMC products and solutions.
We would continue this in downstream discussions depending on the identified topic segment.
The document describes OEM product offerings from Unizen Technologies for various industries including home automation, building automation, industrial automation, defense, aerospace, and homeland security. Some of the products mentioned include an IoT-enabled water purifier sensor, wall-mounted home assistant devices, industrial HMIs, wearable tracking modules, and various sensor modules. The document provides details on Unizen's capabilities and case studies for sample products they are developing.
An Introduction to IoT: Connectivity & Case Studies3G4G
The document discusses various scenarios for connecting coffee machines in an office building to the Internet of Things (IoT). It begins by describing a basic scenario where coffee machine levels are checked manually multiple times per day. It then discusses scenarios where the machines can send basic notifications when low on supplies, and where they are connected to office systems and databases to optimize replenishment. The most advanced scenario discussed involves the machines ordering their own supplies based on inventory and usage patterns. The document suggests this level of connectivity could allow machines to automate remaining tasks.
IRJET - IoT based Advanced Home AutomationIRJET Journal
This document describes an IoT-based home automation system that allows users to control home appliances remotely through either a website or voice commands. The system uses a PIC microcontroller connected to sensors, relays for appliances, and a GSM module for internet connectivity. It provides comfort features like voice-controlled lights and fans. Security features include a burglar alarm and gas detection. The system aims to help elderly or disabled people control home devices easily through voice commands.
This document discusses Internet of Things (IoT) security. It defines IoT as interconnecting physical devices via communication technologies. It categorizes IoT devices and lists common technology vendors. It then describes why IoT devices are vulnerable in terms of cost, processing power, history of neglecting security, proprietary technologies, and inability to update. Examples of IoT attacks are also provided such as using webcams for DDoS attacks and hacking home routers and cars. The document concludes with recommended countermeasures like leveraging existing frameworks, segmentation, not relying on users, and building in automatic updates.
The Internet of Things (IoT) refers to connecting physical objects to the internet. It will connect 50 billion "smart objects" by 2020. IoT builds on previous technologies like RFID and machine-to-machine communication by giving devices IP addresses and allowing direct interaction over various networks. IoT has potential applications in areas like manufacturing, healthcare, transportation and smart cities. Key challenges to enabling IoT include connectivity, security, interoperability between devices and domains, and handling large amounts of data and traffic.
This document discusses Internet of Things (IoT) security technologies. It describes how IoT security involves protecting devices, communication pipes, platforms and applications. It outlines Huawei's "3T+1M" IoT security framework which leverages technologies, scenarios and management to provide comprehensive protection. Examples of typical IoT security cases and how Huawei addresses threats at each layer of the IoT architecture are also presented.
The document discusses the opportunities and challenges presented by the Internet of Things (IoT). It notes that IoT is expected to have a $3.9-11.1 trillion economic impact annually by 2025. While IoT allows for new revenue streams and improved user experiences, developing IoT projects faces many underestimated costs around hardware, software, cloud services, and security. The complexity of connecting and managing devices across end nodes, gateways and the cloud often results in delayed projects. Samsung's ARTIK IoT platform aims to address these challenges by providing a complete end-to-end solution for developing, connecting, managing and analyzing IoT devices and data.
MT85 Challenges at the Edge: Dell Edge GatewaysDell EMC World
- Dell Technologies presented their IoT infrastructure portfolio, which spans from the edge to the core to the cloud. This includes embedded gateways, on-premise appliances, data center infrastructure, and cloud and application integration capabilities.
- Falling sensor costs, power efficiencies, ubiquity of mobility, growth of cloud computing, and other modern technologies are fueling more IoT solutions. However, enterprises face challenges like security, data volume/analytics complexity, and lack of standards.
- Dell's portfolio is designed to address these challenges and unlock IoT potential. Their edge gateways feature diverse connectivity, data protocol support, security, and manageability. This infrastructure combined with partners allows customers to gather and analyze data and
The document discusses Texas Instruments' enterprise mobility strategy and requirements. It aims to enable mobile access to information to improve productivity while ensuring security, manageability, and cost-effectiveness. Key points include deploying mobile email to thousands of employees using a network operations center architecture with centralized management of handsets from a single point.
Supelec m2 m - iot - course 1 - update 2015 - part 1 - warming - v(0.1)Thierry Lestable
Internet of things (IoT) & Machine-to-Machine (M2M) course from Supélec - Warming phase / Q1'2015 session. Introduction of New alliances : HomeKit, Nest, Allseen, OIC
Gem iCon Provides Campus Wide Security & Wi Fitycollc
Global Eye Monitor is a new technology that provides wireless streaming of audio, video, and internet across campuses without traditional network infrastructure. It uses a proprietary "black box" device to transmit signals from source devices like cameras to monitoring stations. The technology could provide campus-wide WiFi, mobile video from vehicles, and remote classroom/area monitoring to improve security and operations. Global Eye Monitor invites educational institutions to a technical briefing to learn more.
The document discusses cybersecurity challenges related to IoT. It outlines several security incidents involving IoT devices over time. It then discusses inherent security challenges for IoT, including threats from advanced persistent threats, cyber terrorism, and compromised supply chains. The document also summarizes statistics on IoT security concerns and vulnerabilities. It identifies top vulnerabilities according to OWASP and discusses how to secure IoT in different domains like smart cities and homes.
Securing 4G and LTE systems with Deep Learning and VirtualizationDr. Edwin Hernandez
In a world of mobile communications, the best solution for 4G and 5G systems is creating your own private network to secure all communications and sensitive information send and received by a mobile phone. EGLA CORP can assist you with that paradigm and our virtualization system based on MOBILECAD.
Our deep learning partnership with BLUEHEXAGON brings unique opportunities for 4G and 5G systems.
Dell OEM/IoT Solutions for Industrial Automation and Smart Manufacturing v3a ...Smarter.World
Two-digit growth rates can be observed in the industrial domains of automation, industrial image processing and robotics.
Intelligent assembly and production solutions as well as the integration of individual domains in a production are becoming ever more powerful and faster.
ERP, PLM, MES, CAQ and many other production-related applications need to exchange data with one another more and more and faster, acquire new data and evaluate it.
The increasing number of data-producing devices, more and more sensor-equipped machines, and the need to analyze and store that data present new challenges for both OT and IT.
In this presentation, you will see how you can solve the new digital challenges in industrial automation with our solutions for the IoT EDGE-CORE-CLOUD ecosystem and how OT and IT are jointly implementing industrial digitization.
In detail: In this presentation we will introduce various aspects of the value chain of industrial automation, smart manufacturing, the Internet of Things, Industry 4.0 and the associated challenges in implementing new digital services.
Using various application examples, we will outline the range of DELL Technologies offerings.
Here, however, we remain at an overview level for the first time without paying attention to the details of the deployable DELL Technologies products and solutions.
Each slide contains notes and additional information.
Notes pages are optimized for printing.
Similar to Networked Home Appliances and Vulnerabilities. by Yukihisa Horibe (20)
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...CODE BLUE
It started with computer hacking and Japanese linguistics as a kid. Zach Mathis has been based in Kobe, Japan, and has performed both red team services as well as blue team incident response and defense consultation for major Japanese global Japanese corporations since 2006. He is the founder of Yamato Security, one of the largest and most popular hands-on security communities in Japan, and has been providing free training since 2012 to help improve the local security community. Since 2016, he has been teaching security for the SANS institute and holds numerous GIAC certifications. Currently, he is working with other Yamato security members to provide free and open-source security tools to help security analysts with their work.
[cb22] Tales of 5G hacking by Karsten NohlCODE BLUE
An expert in mobile network security provided a summary of hacking 5G networks. Some key points include:
1) Standard IT security techniques uncovered issues when applied to upgraded legacy 4G networks, such as unpatched operating systems, weak configurations, and lack of encryption.
2) Future 5G networks introduce new security risks due to increased complexity from virtualization and automation layers, as well as a continuously evolving attack surface extending into cloud infrastructure.
3) Red team exercises show that hacking mobile networks has become a multi-step process, where initial access through one vulnerability can enable lateral movement and privilege escalation to compromise critical systems or customer data.
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...CODE BLUE
Printer has become one of the essential devices in the corporate intranet for the past few years, and its functionalities have also increased significantly. Not only print or fax, cloud printing services like AirPrint are also being supported as well to make it easier to use. Direct printing from mobile devices is now a basic requirement in the IoT era. We also use it to print some internal business documents of the company, which makes it even more important to keep the printer safe.
Nowadays, most of the printers on the market do not have to be connected with USB or traditional cable. As long as you are using a LAN cable connected to the intranet, the computer can find and use the printer immediately. Most of them are based on protocols such as SLP and LLMNR. But is it really safe when vendors adopt those protocols? Furthermore, many printers do not use traditional Linux systems, but use RTOS(Real-Time Operating System) instead, how will this affect the attacker?
In this talk, we will use Canon ImageCLASS MF644Cdw and HP Color LaserJet Pro MFP M283fdw as case study, showing how to analyze and gain control access to the printer. We will also demonstrate how to use the vulnerabilities to achieve RCE in RTOS in unauthenticated situations.
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...CODE BLUE
While hackers have known the importance of sharing research to improve security for years, the importance of coordinated vulnerability disclosure is increasingly recognized by governments around the world. The principals of disclosure an protecting security researchers are common across borders, but different countries have some key differences. This panel will present a global perspective that may in turn inform key public policy and company behavior.
ENISA has published 'Coordinated Vulnerability Disclosure policies in the EU' in April 2022 . This report not only provides an objective introduction to the current state of coordinated vulnerability disclosure policies in the Member States of the European Union, but also introduces the operation of vulnerability disclosure in China, Japan and the USA. Based on these findings, the desirable and good practice elements of a coordinated vulnerability disclosure process are examined, followed by a discussion of the challenges and issues.
This session aims to share the contents of this report and clarify the challenges and future direction of operations in Japan, as well as national security and vulnerability handling issues in the US, in a panel discussion with representatives from various jurisdictions.
The panelists are involved in the practice of early warning partnership notified bodies in Japan, the authors of the above report in Europe and the contributors to the above report in the US.
In Japan, the issues of system awareness, incentives, increase in the number of outstanding cases in handling and so-called triage in handling vulnerabilities will be introduced.
From the United States, the Vulnerabilities Equities Process for National Security and the publication of a non-prosecution policy for vulnerability research will be introduced, as well as a historical background on the issue.
The aim is that the panel discussion will enable the audience to understand the international situation surrounding CVD, as well as future trends, in particular the important role of vulnerability in cybersecurity and the challenges faced by society around it.
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...CODE BLUE
While hackers have known the importance of sharing research to improve security for years, the importance of coordinated vulnerability disclosure is increasingly recognized by governments around the world. The principals of disclosure an protecting security researchers are common across borders, but different countries have some key differences. This panel will present a global perspective that may in turn inform key public policy and company behavior.
ENISA has published 'Coordinated Vulnerability Disclosure policies in the EU' in April 2022 . This report not only provides an objective introduction to the current state of coordinated vulnerability disclosure policies in the Member States of the European Union, but also introduces the operation of vulnerability disclosure in China, Japan and the USA. Based on these findings, the desirable and good practice elements of a coordinated vulnerability disclosure process are examined, followed by a discussion of the challenges and issues.
This session aims to share the contents of this report and clarify the challenges and future direction of operations in Japan, as well as national security and vulnerability handling issues in the US, in a panel discussion with representatives from various jurisdictions.
The panelists are involved in the practice of early warning partnership notified bodies in Japan, the authors of the above report in Europe and the contributors to the above report in the US.
In Japan, the issues of system awareness, incentives, increase in the number of outstanding cases in handling and so-called triage in handling vulnerabilities will be introduced.
From the United States, the Vulnerabilities Equities Process for National Security and the publication of a non-prosecution policy for vulnerability research will be introduced, as well as a historical background on the issue.
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...CODE BLUE
While hackers have known the importance of sharing research to improve security for years, the importance of coordinated vulnerability disclosure is increasingly recognized by governments around the world. The principals of disclosure an protecting security researchers are common across borders, but different countries have some key differences. This panel will present a global perspective that may in turn inform key public policy and company behavior.
ENISA has published 'Coordinated Vulnerability Disclosure policies in the EU' in April 2022 . This report not only provides an objective introduction to the current state of coordinated vulnerability disclosure policies in the Member States of the European Union, but also introduces the operation of vulnerability disclosure in China, Japan and the USA. Based on these findings, the desirable and good practice elements of a coordinated vulnerability disclosure process are examined, followed by a discussion of the challenges and issues.
This session aims to share the contents of this report and clarify the challenges and future direction of operations in Japan, as well as national security and vulnerability handling issues in the US, in a panel discussion with representatives from various jurisdictions.
The panelists are involved in the practice of early warning partnership notified bodies in Japan, the authors of the above report in Europe and the contributors to the above report in the US.
In Japan, the issues of system awareness, incentives, increase in the number of outstanding cases in handling and so-called triage in handling vulnerabilities will be introduced.
From the United States, the Vulnerabilities Equities Process for National Security and the publication of a non-prosecution policy for vulnerability research will be introduced, as well as a historical background on the issue.
The aim is that the panel discussion will enable the audience to understand the international situation surrounding CVD, as well as future trends, in particular the important role of vulnerability in cybersecurity and the challenges faced by society around it.
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...CODE BLUE
While hackers have known the importance of sharing research to improve security for years, the importance of coordinated vulnerability disclosure is increasingly recognized by governments around the world. The principals of disclosure an protecting security researchers are common across borders, but different countries have some key differences. This panel will present a global perspective that may in turn inform key public policy and company behavior.
ENISA has published 'Coordinated Vulnerability Disclosure policies in the EU' in April 2022 . This report not only provides an objective introduction to the current state of coordinated vulnerability disclosure policies in the Member States of the European Union, but also introduces the operation of vulnerability disclosure in China, Japan and the USA. Based on these findings, the desirable and good practice elements of a coordinated vulnerability disclosure process are examined, followed by a discussion of the challenges and issues.
This session aims to share the contents of this report and clarify the challenges and future direction of operations in Japan, as well as national security and vulnerability handling issues in the US, in a panel discussion with representatives from various jurisdictions.
The panelists are involved in the practice of early warning partnership notified bodies in Japan, the authors of the above report in Europe and the contributors to the above report in the US.
In Japan, the issues of system awareness, incentives, increase in the number of outstanding cases in handling and so-called triage in handling vulnerabilities will be introduced.
From the United States, the Vulnerabilities Equities Process for National Security and the publication of a non-prosecution policy for vulnerability research will be introduced, as well as a historical background on the issue.
The aim is that the panel discussion will enable the audience to understand the international situation surrounding CVD, as well as future trends, in particular the important role of vulnerability in cybersecurity and the challenges faced by society around it.
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...CODE BLUE
Yuuma Taki is enrolled in the Hokkaido Information University Information Media Faculty of Information Media (4th year).
At university he is focusing on learning about security for lower-level components, such OS and CPU. In his third year of undergraduate school, he worked on trying to implement the OS security mechanism "KASLR", at Sechack365.
Currently, he is learning about ROP derivative technology and embedded equipment security.
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...CODE BLUE
In October 2021, we published the first analysis of Wslink – a unique loader likely linked to the Lazarus group. Most samples are packed and protected with an advanced virtual machine (VM) obfuscator; the samples contain no clear artifacts and we initially did not associate the obfuscation with a publicly known VM, but we later managed to connect it to CodeVirtualizer. This VM introduces several additional obfuscation techniques such as insertion of junk code, encoding of virtual operands, duplication of virtual opcodes, opaque predicates, merging of virtual instructions, and a nested VM.
Our presentation analyzes the internals of the VM and describes our semi automated approach to “see through” the obfuscation techniques in reasonable time. We demonstrate the approach on some bytecode from a protected sample and compare the results with a non-obfuscated sample, found subsequent to starting our analysis, confirming the method’s validity. Our solution is based on a known deobfuscation method that extracts the semantics of the virtual opcodes, using symbolic execution with simplifying rules. We further treat the bytecode chunks and some internal constructs of the VM as concrete values instead of as symbolic ones, enabling the known deobfuscation method to deal with the additional obfuscation techniques automatically.
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...CODE BLUE
Kimsuky is a North Korean APT possibly controlled by North Korea's Reconnaissance General Bureau. Based on reports from the Korea Internet & Security Agency (KISA) and other vendors, TeamT5 identified that Kimsuky's most active group, CloudDragon, built a workflow functioning as a "Credential Factory," collecting and exploiting these massive credentials.
The credential factory powers CloudDragon to start its espionage campaigns. CloudDragon's campaigns have aligned with DPRK's interests, targeting the organizations and key figures playing a role in the DPRK relationship. Our database suggested that CloudDragon has possibly infiltrated targets in South Korea, Japan, and the United States. Victims include think tanks, NGOs, media agencies, educational institutes, and many individuals.
CloudDragon's "Credential Factory" can be divided into three small cycles, "Daily Cycle," "Campaign Cycle," and "Post-exploit Cycle." The"Daily Cycle" can collect massive credentials and use the stolen credentials to accelerate its APT life cycle.
In the "Campaign Cycle," CloudDragon develops many new malware. While we responded to CloudDragon's incidents, we found that the actor still relied on BabyShark malware. CloudDragon once used BabyShark to deploy a new browser extension malware targeting victims' browsers. Moreover, CloudDragon is also developing a shellcode-based malware, Dust.
In the "Post-exploit Cycle," the actor relied on hacking tools rather than malicious backdoors. We also identified that the actor used remote desktop software to prevent detection.
In this presentation, we will go through some of the most significant operations conducted by CloudDragon, and more importantly, we will provide possible scenarios of future invasions for defense and detection.
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...CODE BLUE
Social media is no doubt a critical battlefield for threat actors to launch InfoOps, especially in a critical moment such as wartime or the election season. We have seen Bot-Driven Information Operations (InfoOps, aka influence campaign) have attempted to spread disinformation, incite protests in the physical world, and doxxing against journalists.
China's Bots-Driven InfoOps, despite operating on a massive scale, are often considered to have low impact and very little organic engagement. In this talk, we will share our observations on these persistent Bots-Driven InfoOps and dissect their harmful disinformation campaigns circulated in cyberspace.
In the past, most bots-driven operations simply parroted narratives of the Chinese propaganda machine, mechanically disseminating the same propaganda and disinformation artifacts made by Chinese state media. However, recently, we saw the newly created bots turn to post artifacts in a livelier manner. They utilized various tactics, including reposting screenshots of forum posts and disguised as members of “Milk Tea Alliance,” to create a false appearance that such content is being echoed across cyberspace.
We particularly focus on an ongoing China's bots-driven InfoOps targeting Taiwan, which we dub "Operation ChinaRoot." Starting in mid-2021, the bots have been disseminating manipulated information about Taiwan's local politics and Covid-19 measures. Our further investigation has also identified the linkage between Operation ChinaRoot and other Chinese state-linked networks such as DRAGONBRIDGE and Spamouflage.
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...CODE BLUE
Malwares written in Go is increasing every year. Go's cross-platform nature makes it an opportune language for attackers who wish to target multiple platforms. On the other hand, the statically linked libraries make it difficult to distinguish between user functions and libraries, making it difficult for analysts to analyze. This situation has increased the demand for Go malware classification and exploration.
In this talk, we will demonstrate the feasibility of computing similarity and classification of Go malware using a newly proposed method called gimpfuzzy. We have implemented "gimpfuzzy", which incorporates Fuzzy Hashing into the existing gimphash method. In this talk, we will verify the discrimination rate of the classification using the proposed method and confirm the validity of the proposed method by discussing some examples from the classified results. We will also discuss issues in Go-malware classification.
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...CODE BLUE
This document discusses the results of long-term scanning and analysis of Winnti 4.0 and ShadowPad malware command and control (C2) protocols. It finds that Winnti 4.0 C2s primarily use TLS, HTTPS, and HTTP, while ShadowPad variants primarily use TCP, HTTPS, and HTTP. Analysis of the protocols reveals encryption methods, packet structures, and server-side functionality. Over time, the number and distribution of active C2s changed, likely in response to research publications and incident response actions. The document advocates for anonymization techniques and merits and risks of future research publications.
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...CODE BLUE
We are swamped with new types of malware every day. The goal of malware analysis is not to reveal every single detail of the malware. It is more important to develop tools for efficiency or introduce automation to avoid repeating the same analysis process. Therefore, malware analysts usually actively develop tools and build analysis systems. On the other hand, it costs a lot for such tool developments and system maintenance. Incident trends change daily, and malware keeps evolving. However, it is not easy to keep up with new threats. Malware analysts spend a long time maintaining their analysis systems, and it results in reducing their time for necessary analysis of new types of malware.
To solve these problems, we incorporate DevOps practices into malware analysis to reduce the cost of system maintenance by using CI/CD and Serverless. This presentation shares our experience on how CI/CD, Serverless, and other cloud technologies can be used to streamline malware analysis. Specifically, the following case studies are discussed.
* Malware C2 Monitoring
* Malware Hunting using Cloud
* YARA CI/CD system
* Malware Analysis System on Cloud
* Memory Forensic on Cloud
Through the above case studies, we will share the benefits and tips of using the cloud and show how to build a similar system using Infrastructure as Code (IaC). The audience will learn how to improve the efficiency of malware analysis and build a malware analysis system using Cloud infrastructure.
Support en anglais diffusé lors de l'événement 100% IA organisé dans les locaux parisiens d'Iguane Solutions, le mardi 2 juillet 2024 :
- Présentation de notre plateforme IA plug and play : ses fonctionnalités avancées, telles que son interface utilisateur intuitive, son copilot puissant et des outils de monitoring performants.
- REX client : Cyril Janssens, CTO d’ easybourse, partage son expérience d’utilisation de notre plateforme IA plug & play.
YOUR RELIABLE WEB DESIGN & DEVELOPMENT TEAM — FOR LASTING SUCCESS
WPRiders is a web development company specialized in WordPress and WooCommerce websites and plugins for customers around the world. The company is headquartered in Bucharest, Romania, but our team members are located all over the world. Our customers are primarily from the US and Western Europe, but we have clients from Australia, Canada and other areas as well.
Some facts about WPRiders and why we are one of the best firms around:
More than 700 five-star reviews! You can check them here.
1500 WordPress projects delivered.
We respond 80% faster than other firms! Data provided by Freshdesk.
We’ve been in business since 2015.
We are located in 7 countries and have 22 team members.
With so many projects delivered, our team knows what works and what doesn’t when it comes to WordPress and WooCommerce.
Our team members are:
- highly experienced developers (employees & contractors with 5 -10+ years of experience),
- great designers with an eye for UX/UI with 10+ years of experience
- project managers with development background who speak both tech and non-tech
- QA specialists
- Conversion Rate Optimisation - CRO experts
They are all working together to provide you with the best possible service. We are passionate about WordPress, and we love creating custom solutions that help our clients achieve their goals.
At WPRiders, we are committed to building long-term relationships with our clients. We believe in accountability, in doing the right thing, as well as in transparency and open communication. You can read more about WPRiders on the About us page.
The Rise of Supernetwork Data Intensive ComputingLarry Smarr
Invited Remote Lecture to SC21
The International Conference for High Performance Computing, Networking, Storage, and Analysis
St. Louis, Missouri
November 18, 2021
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptxSynapseIndia
Your comprehensive guide to RPA in healthcare for 2024. Explore the benefits, use cases, and emerging trends of robotic process automation. Understand the challenges and prepare for the future of healthcare automation
Quality Patents: Patents That Stand the Test of TimeAurora Consulting
Is your patent a vanity piece of paper for your office wall? Or is it a reliable, defendable, assertable, property right? The difference is often quality.
Is your patent simply a transactional cost and a large pile of legal bills for your startup? Or is it a leverageable asset worthy of attracting precious investment dollars, worth its cost in multiples of valuation? The difference is often quality.
Is your patent application only good enough to get through the examination process? Or has it been crafted to stand the tests of time and varied audiences if you later need to assert that document against an infringer, find yourself litigating with it in an Article 3 Court at the hands of a judge and jury, God forbid, end up having to defend its validity at the PTAB, or even needing to use it to block pirated imports at the International Trade Commission? The difference is often quality.
Quality will be our focus for a good chunk of the remainder of this season. What goes into a quality patent, and where possible, how do you get it without breaking the bank?
** Episode Overview **
In this first episode of our quality series, Kristen Hansen and the panel discuss:
⦿ What do we mean when we say patent quality?
⦿ Why is patent quality important?
⦿ How to balance quality and budget
⦿ The importance of searching, continuations, and draftsperson domain expertise
⦿ Very practical tips, tricks, examples, and Kristen’s Musts for drafting quality applications
https://www.aurorapatents.com/patently-strategic-podcast.html
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...Erasmo Purificato
Slide of the tutorial entitled "Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Emerging Trends" held at UMAP'24: 32nd ACM Conference on User Modeling, Adaptation and Personalization (July 1, 2024 | Cagliari, Italy)
UiPath Community Day Kraków: Devs4Devs ConferenceUiPathCommunity
We are honored to launch and host this event for our UiPath Polish Community, with the help of our partners - Proservartner!
We certainly hope we have managed to spike your interest in the subjects to be presented and the incredible networking opportunities at hand, too!
Check out our proposed agenda below 👇👇
08:30 ☕ Welcome coffee (30')
09:00 Opening note/ Intro to UiPath Community (10')
Cristina Vidu, Global Manager, Marketing Community @UiPath
Dawid Kot, Digital Transformation Lead @Proservartner
09:10 Cloud migration - Proservartner & DOVISTA case study (30')
Marcin Drozdowski, Automation CoE Manager @DOVISTA
Pawel Kamiński, RPA developer @DOVISTA
Mikolaj Zielinski, UiPath MVP, Senior Solutions Engineer @Proservartner
09:40 From bottlenecks to breakthroughs: Citizen Development in action (25')
Pawel Poplawski, Director, Improvement and Automation @McCormick & Company
Michał Cieślak, Senior Manager, Automation Programs @McCormick & Company
10:05 Next-level bots: API integration in UiPath Studio (30')
Mikolaj Zielinski, UiPath MVP, Senior Solutions Engineer @Proservartner
10:35 ☕ Coffee Break (15')
10:50 Document Understanding with my RPA Companion (45')
Ewa Gruszka, Enterprise Sales Specialist, AI & ML @UiPath
11:35 Power up your Robots: GenAI and GPT in REFramework (45')
Krzysztof Karaszewski, Global RPA Product Manager
12:20 🍕 Lunch Break (1hr)
13:20 From Concept to Quality: UiPath Test Suite for AI-powered Knowledge Bots (30')
Kamil Miśko, UiPath MVP, Senior RPA Developer @Zurich Insurance
13:50 Communications Mining - focus on AI capabilities (30')
Thomasz Wierzbicki, Business Analyst @Office Samurai
14:20 Polish MVP panel: Insights on MVP award achievements and career profiling
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdfNeo4j
Presented at Gartner Data & Analytics, London Maty 2024. BT Group has used the Neo4j Graph Database to enable impressive digital transformation programs over the last 6 years. By re-imagining their operational support systems to adopt self-serve and data lead principles they have substantially reduced the number of applications and complexity of their operations. The result has been a substantial reduction in risk and costs while improving time to value, innovation, and process automation. Join this session to hear their story, the lessons they learned along the way and how their future innovation plans include the exploration of uses of EKG + Generative AI.
Are you interested in dipping your toes in the cloud native observability waters, but as an engineer you are not sure where to get started with tracing problems through your microservices and application landscapes on Kubernetes? Then this is the session for you, where we take you on your first steps in an active open-source project that offers a buffet of languages, challenges, and opportunities for getting started with telemetry data.
The project is called openTelemetry, but before diving into the specifics, we’ll start with de-mystifying key concepts and terms such as observability, telemetry, instrumentation, cardinality, percentile to lay a foundation. After understanding the nuts and bolts of observability and distributed traces, we’ll explore the openTelemetry community; its Special Interest Groups (SIGs), repositories, and how to become not only an end-user, but possibly a contributor.We will wrap up with an overview of the components in this project, such as the Collector, the OpenTelemetry protocol (OTLP), its APIs, and its SDKs.
Attendees will leave with an understanding of key observability concepts, become grounded in distributed tracing terminology, be aware of the components of openTelemetry, and know how to take their first steps to an open-source contribution!
Key Takeaways: Open source, vendor neutral instrumentation is an exciting new reality as the industry standardizes on openTelemetry for observability. OpenTelemetry is on a mission to enable effective observability by making high-quality, portable telemetry ubiquitous. The world of observability and monitoring today has a steep learning curve and in order to achieve ubiquity, the project would benefit from growing our contributor community.
Kief Morris rethinks the infrastructure code delivery lifecycle, advocating for a shift towards composable infrastructure systems. We should shift to designing around deployable components rather than code modules, use more useful levels of abstraction, and drive design and deployment from applications rather than bottom-up, monolithic architecture and delivery.
7 Most Powerful Solar Storms in the History of Earth.pdfEnterprise Wired
Solar Storms (Geo Magnetic Storms) are the motion of accelerated charged particles in the solar environment with high velocities due to the coronal mass ejection (CME).
Transcript: Details of description part II: Describing images in practice - T...BookNet Canada
This presentation explores the practical application of image description techniques. Familiar guidelines will be demonstrated in practice, and descriptions will be developed “live”! If you have learned a lot about the theory of image description techniques but want to feel more confident putting them into practice, this is the presentation for you. There will be useful, actionable information for everyone, whether you are working with authors, colleagues, alone, or leveraging AI as a collaborator.
Link to presentation recording and slides: https://bnctechforum.ca/sessions/details-of-description-part-ii-describing-images-in-practice/
Presented by BookNet Canada on June 25, 2024, with support from the Department of Canadian Heritage.
How Social Media Hackers Help You to See Your Wife's Message.pdfHackersList
In the modern digital era, social media platforms have become integral to our daily lives. These platforms, including Facebook, Instagram, WhatsApp, and Snapchat, offer countless ways to connect, share, and communicate.
Blockchain technology is transforming industries and reshaping the way we conduct business, manage data, and secure transactions. Whether you're new to blockchain or looking to deepen your knowledge, our guidebook, "Blockchain for Dummies", is your ultimate resource.
How RPA Help in the Transportation and Logistics Industry.pptxSynapseIndia
Revolutionize your transportation processes with our cutting-edge RPA software. Automate repetitive tasks, reduce costs, and enhance efficiency in the logistics sector with our advanced solutions.
2. Profile
堀部 千壽(Yukihisa Horibe)
2
Panasonic Corporation Analysis Center
Panasonic-PSIRT Member
Focusing on improving security for networked
home appliances
Vulnerability assessment of house hold appliances
and embedded systems
Vulnerability assessment of home service servers
Table top analysis of networks including house hold
appliances.
Over 10 years of experience in security evaluation
related work
3. Agenda
3
Changes in the feature of connected CE
products
The risks to connect
Performance and trends in the Vulnerability
Assessment for connected CE products
Security functions required for CE products in
the time of IoT
Closing
4. Agenda
4
Changes in the feature of connected CE
products
The risks to connect
Performance and trends in the Vulnerability
Assessment for connected CE products
Security functions required for CE products in
the time of IoT
Closing
5. Evolving Home Appliances.
5
Remote Control
Media Server
HDD Recorder
Image Upload
Wifi Data Transfer
Digital Camera/Video Cam
CDDB
Audio System
Browser
Media Player
Smartphone like apps
Browser
Media Player
Smartphone like apps
Digital TVDigital TV
Browser
Media Player
Smartphone like apps
Digital TV
Door Chimes
Notification
Communications
Measurements
data transfer
Scales
Device
Integration
Smartphone
Integration
Cloud
Integration
Monitoring
Power Control
On Demand
Control
HEMS
Monitorin
Remote Control
Air Conditioner
6. Historical Overview of Function and Data Information of Networked Home
Appliances(~2005:Growth Period)
6
Internet(Household)
Cellphones
Digital TV
Recorders
Cooking Appliances
201220102008200620042002
ADSL
mova
3G
Browser
Remote operations
Status Notifications
7. Historical Overview of Function and Data Information of Networked Home
Appliances(~2005:Growth Period)
7
Internet (Household)
Cellphones
Digital TV
Recorders
Cooking Appliances
201220102008200620042002
ADSL
mova
3G
Browsers
Remote Operation
Status Notifications
ID/Password
Recording
Information
email address
Status Info on
operations
Access History
Most of the functions are contained within each appliance and
the information they handle is limited.
8. Historical Overview of Function and Data Information of Networked Home
Appliances(2005~2010:Evolution Phase)
8
Internet(Household)
Cellphone
Digital TV
Recorder
Audio System/Music
Digital
Camera/Camcorders
Cooking Appliances
Home Related
201220102008200620042002
ADSL
FTTH(Optical Fiber)
mova
3G
Browser
Remote Operations
CDDB
Appliance Integration
(DLNA)
VOD
Status notifications
Security: Status Monitoring
Door Chime:Visitor Notification
HEMS
Image Upload
9. Historical Overview of Function and Data Information of Networked Home
Appliances(2005~2010:Evolution Phase)
9
Internet (Household)
Cellphones
Digital TV
Recorder
Audio
Systems/Music
Digital
Camera/Camcorder
Cooking Appliance
Home Related
201220102008200620042002
ADSL
FTTH(Fiber Optic)
mova
3G
ブラウザ
宅外操作
CDDB
Device Integration
(DLNA)
VOD
状態通知
Security Status Monitoring
Door Chime Visitor Notifications
HEMS
Image upload
CD Ownership
List
Payment Info
Viewing History
“at home” info
Operational Info of
each appliance
Image Information
Blog/UL Service
Account
Visitor Info
email Address
Content Ownership Info
Device Ownership Info
Operational Info
of each device
Power usage info
With the increase in server/inter-device integration
the importance of information also grew
10. Historical Overview of Function and Data Information of Networked Home
Appliances(2010~:Mature Phase)
10
Internet(Household)
Cellphone
DigitalTV
Recorder
Audio System/Music
Digital
Camera/Cammcorder
Health Care
Appliances
Cooking Appliances
Home Related
201220102008200620042002
ADSL
FTTH(Fiber Optic)
mova
3G
smartphone
Browser
Remote Operations
CDDB
Device Integration
(DLNA)
VOD
Status Notifications
Security Status Monitoring
Door Chimes Visitor Notification
applications
HEMS
Smartphone
Integration
AC
Remote
Operations
Image Upload
11. Historical Overview of Function and Data Information of Networked Home
Appliances(2010~:Mature Phase)
11
Internet(Household)
Cellphone
Digital TV
Recorder
Audio System/Music
Digital
Camera/Cammcorder
Health Care
Appliances
Cooking Appliances
Home related
201220102008200620042002
ADSL
FTTH(Fiber Optic)
mova
3G
Smart Phones
Browser
Remote Operation
CDDB
機器連携
(DLNA)
VOD
Status Notification
Security Status Monitoring
ドアホン 来客通知
Apps
HEMS
Smartphone
Integration
AC
Remote
Operation
Image Upload
Payment Info
Purchase History
Address/Name
Blog/SNS Account
Physical Info
Service Account
Operation Info
Service Account
12. Historical Overview of Function and Data Information of Networked Home
Appliances(2010~:Mature Phase)
12
Internet(Household)
Cellphones
Digital TV
Recorder
Audio System/Music
Digital
Camera/Camcorder
Health Care Appliances
Cooking Appliance
Home Related
201220102008200620042002
ADSL
FTTH(光回線)
GSM(cHTML)
広帯域CDMA(HTML/Java)
Smartphone
ブラウザ
宅外操作
CDDB
機器連携
(DLNA)
VOD
状態通知
Security Operational Info
ドアホン 来客通知
Apps
HEMS
スマホ
連携
エアコン
遠隔操作
画像アップロード
Cloud Integration allows the information linkage to include
everything including smartphones.
ID/Passworr
Recording history
Email Address
Device Operation Info
Access History
CD Ownership
List
Payment Info
Viewing History
Vacancy Info
Operational Info
of each device
Image Info
Blog/UL Service
account info
Visitor Info
Email address
Content Ownership
Device Ownership
Operational Info of
each device.
Power Usage Info
Payment Info
Purchase History
住所氏名
ブログ/SNSアカウント
Physical
Information
Service Account
Operation Info
Service Account
Cloud
Integration
Address Book
Video/Image
Account info
13. The Evolution of Networked Home Appliances Functionality and Information
(Near Future)
House hold(Audio Visual, Home , Cosmetic)
PC, Game terminal,Information
terminal
Smartphone, Cellphones, Land lines
Housing Equipment(Single Family,complexes)
13
Inside the
home
connecting
14. The Evolution of Networked Home Appliances Functionality and Information
(Near Future)
Home Appliances(Audio Visual,House hold,Cosmetic)
PC,Game Terminal,Information Terminals
Smartphone,Cellphones,Landlines
Housing Equipment( Single Family, Complexes)
Medical Devices (Individual , Institutional)
Public Services(Municipal offices, schools)
Public Transportations(Bus、Trains)
Cars/Automotive equipment
Infrastructure(Power、Gas、Water)
Retail(Large scale, individual)
14
Is the era when household appliances , home and
public,commercial services are all connected near?
Everything
is
connected
Inside the
home
connecting
15. Agenda
15
Changes in the feature of connected CE
products
The risks to connect
Performance and trends in the Vulnerability
Assessment for connected CE products
Security functions required for CE products in
the time of IoT
Closing
16. Risks of Home Appliances Having Network Capabilities
The possibility of unauthorized access via the
network
Many devices have global IPs assigned.
Possibility of attacks leveraging
vulnerabilities in home appliances.
Attack by forcing a download of malware
Targeted attacks leveraging XSS/CSRF
16
Using search engines you
can find sites that hint they
are home appliances.
Fake Firmware or
Contents
17. CVE-2008-3482 (2008)
Network Camera made by Panasonic , Reflected XSS vulnerability
Defect in escaping routine of the display on the error page
Defcon17 (2009)
CSRF vulnerability in household network camera by Panasonic
Many vulnerabilities were disclosed for household routers and
other embedded web systems.
Reported vulnerabilities on CE category: Panasonic case
17
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000037.html
http://www.blackhat.com/presentations/bh-usa-09/BOJINOV/BHUSA09-Bojinov-EmbeddedMgmt-PAPER.pdf
18. Reported vulnerabilities on CE category: example of other case
18
Year Product Outline Manufacturer
2004 Video recorder Accessible without authentication (springboard) Japan
2008 NAS CSRF (remote data deletion) Japan
2010 Digital camera Arbitrary code execution from SD card Japan
2011 MFP Authentication bypass and more Japan & overseas
2012 Digital TV DoS Japan
2012 Many Devices Arbitrary code execution by UPnP vulnerability Japan & overseas
2013 Digital TV DoS & restart by malformed packets Japan & overseas
2013 Smart phone Intrusion of malware through power cable Japan & overseas
2013 Digital TV Authority seizure & remote control by illegal application Overseas
2013 Lighting system Force unable to turn on Overseas
2013 Home GW
Vulnerability in authentication, CSRF and more (electric lock
unlock by malicious third party)
Overseas
2013 Toilet Hard-Coded Bluetooth PIN Vulnerability Japan
With the advancement of function, the reports of vulnerability have
been increasing after 2012
19. Agenda
19
Changes in the feature of connected CE
products
The risks to connect
Performance and trends in the
Vulnerability Assessment for connected
CE products
Security functions required for CE products in
the time of IoT
Closing
20. Vulnerability Eradication Efforts at Panasonic
20
Base Knowledge
(Awareness/Education)
Base foundation of knowledge regarding product security
Two pillars supporting Product Security
Minimize Risk
Incident Response
Minimize Risk Incident Response
Product Security
Improving security of products including house hold appliances
is an important requirement for Panasonic
Network Home Appliances,
Embedded Systems, Services
21. Response based on product lifecycles.
21
ShippingProduct Lifecycle
Contamination Prevention
(Avoid building vulnerabilities into)
Inspection/Removal
(Detect vulnerability and
remove)
Maintain/Improve
(Response after
shipping)
Response
Table
Top Risk
Analysis
(Vulnerability
Analysis)
Security Design
・Secure
Coding
・Static
Analysis
・Vulnerability analysis
(Security Inspection)
・Incident response
The need to respond throughout the product lifecycles
Sale/ServiceTestImplementDesignPlan
Disposal
Minimize Risks Incident Response
22. Response based on product lifecycles.
22
ShippingProduct Lifecycle
Contamination Prevention
(Avoid building vulnerabilities into)
Inspection/Removal
(Detect vulnerability and
remove)
Maintain/Improve
(Response after
shipping)
Response
Table
Top Risk
Analysis
(Vulnerability
Analysis)
Security Design
・Secure
Coding
・Static
Analysis
・Vulnerability analysis
(Security Inspection)
・Incident response
The need to respond throughout the product lifecycles
Sale/ServiceTestImplementDesignPlan
Disposal
Minimize Risks Incident Response
23. Vulnerability Analysis for Panasonic House hold appliances and embedded
systems
23
The number and details for the vulnerability are for
vulnerabilities found “pre shipping”
The detected vulnerabilities were patched prior to
shipping
These vulnerabilities do not exist in current
products available in the general market.
Actual results I will present
30. Agenda
30
Changes in the feature of connected CE
products
The risks to connect
Performance and trends in the Vulnerability
Assessment for connected CE products
Security functions required for CE
products in the time of IoT
Closing
31. Historical Overview of Function and Data Information of Networked Home
Appliances(2010~:Mature Phase)
31
Internet(Household)
Cellphones
Digital TV
Recorder
Audio System/Music
Digital
Camera/Camcorder
Health Care Appliances
Cooking Appliance
Home Related
201220102008200620042002
ADSL
FTTH(光回線)
GSM(cHTML)
広帯域CDMA(HTML/Java)
Smartphone
ブラウザ
宅外操作
CDDB
機器連携
(DLNA)
VOD
状態通知
Security Operational Info
ドアホン 来客通知
Apps
HEMS
スマホ
連携
エアコン
遠隔操作
画像アップロード
Cloud Integration allows the information linkage to include
everything including smartphones.
ID/Passworr
Recording history
Email Address
Device Operation Info
Access History
CD Ownership
List
Payment Info
Viewing History
Vacancy Info
Operational Info
of each device
Image Info
Blog/UL Service
account info
Visitor Info
Email address
Content Ownership
Device Ownership
Operational Info of
each device.
Power Usage Info
Payment Info
Purchase History
住所氏名
ブログ/SNSアカウント
Physical
Information
Service Account
Operation Info
Service Account
Cloud
Integration
Address Book
Video/Image
Account info
32. The Evolution of Networked Home Appliances Functionality and Information
(Near Future)
Home Appliances(Audio Visual,House hold,Cosmetic)
PC,Game Terminal,Information Terminals
Smartphone,Cellphones,Landlines
Housing Equipment( Single Family, Complexes)
Medical Devices (Individual , Institutional)
Public Services(Municipal offices, schools)
Public Transportations(Bus、Trains)
Cars/Automotive equipment
Infrastructure(Power、Gas、Water)
Retail(Large scale, individual)
32
Is the era when household appliances , home and
public,commercial services are all connected near?
Everything
is
connected
Inside the
home
connecting
33. Future prediction
Spread to the whole of human life
Rapid increase of device
Connect to the various industries
33
34. Spread to the whole of human life
34
Risk of Serious accident Higher reliability
Fire due to incorrect control of CE product
Invalidation of electric lock security
Accident and runaway of automotive
Connect to various device of various manufacturer
We want to guarantee at least minimum level security
Will you need the standard like Industry standard ?
it is not the problem of one company
Entire House, Linkage to automotive, home security and gas app…
Information assets = life of customer
The minimum level security ?
35. Spread to the whole of human life
35
The risk due to share of authentication information
Adoption of SSO is also being investigated in CE products
Influence of vulnerability will spread to other services that share
authentication information
it is not the problem of one provider or one vendor
Constantly connected communications, share of authentication
information Useful …
Authentication
provider
CE
Smart
phone
application
Web
service
Automotive
HEMS
game
CE
Share of
authentication
information
What must we do to make product secure ?
SNS
application
36. Rapid increase of device
36
Lighting, switch, sensor, electric socket, etc.
Maintenance of various and huge amount of devices
After vulnerability is reported, software must be updated
Lighting, sensor, electric socket…update all ?
How to update ?
Service engineers ?
Automatic update ?
Disclaimer of firmware update
Lifetime of CE product is long (over 10 years)
Up to when ?
The update method, the period to continue to care security ?
37. Connect to the various industries
37
Diversification of I/F, protocol
ECHONET Lite, CAN, DLNA…
Bluetooth, NFC, TransferJet, ZigBee, Z-Wave…
Original communication protocol, 920MHz…
Security verification technology must catch up
Only knowledge of the IP network is not enough
Knowledge other than the IP network is necessary
Knowledge of Non-IT engineers will be needed
Think tank beyond the type of industry?
Diversification of I/F of the linkage to infrastructure, automotive
and healthcare, security technology catch up
The structure which takes in knowledge of various fields?
38. Agenda
38
Changes in the feature of connected CE
products
The risks to connect
Performance and trends in the Vulnerability
Assessment for connected CE products
Security functions required for CE products in
the time of IoT
Closing
39. Closing
39
Several billion of IoT(Internet of Things) will be connected
It is difficult to guarantee security by one company
The approach beyond the industry/type of industry
/position must be needed
Unite for the IoT security !
Internet
Store
Social
infrastructure
Public Service Housing
equipment
Automotive
in-car device
Smart phone
Information device
PC
Connected
CE product
41. Contact
41
Analysis Center Panasonic Corporation
http://www2.panasonic.co.jp/aec/ns/index.html
Sorry, Japanese Only…
Panasonic-PSIRT
http://panasonic.co.jp/info/psirt/en/
product-security@gg.jp.panasonic.com