Opening Pandora’s Box: Effective Techniques for Reverse Engineering IoT Devices

Shwartz, Omer; Mathov, Yael; Bohadana, Michael; Elovici, Yuval; Oren, Yossi

doi:10.1007/978-3-319-75208-2_1

Cited by 19 publications

(14 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Medical devices, however, are known to be more sensitive to malware and lowquality code than other connected devices, owing to the lengthy compliance process that makes in-the-field upgrades very difficult [12]. Finally, embedded device firmware has been shown to suffer often from poor security mechanisms and thus is more susceptible to various forms of attacks than traditional computer systems [23]. The various factors described above lead us to believe that this attack scenario is highly probable.…”

Section: Malicious Hardware/firmware Implantmentioning

confidence: 99%

Cyber security threats in the microbial genomics era: implications for public health

et al. 2020

Self Cite

View full text Add to dashboard Cite

Next generation sequencing (NGS) is becoming the new gold standard in public health microbiology. Like any disruptive technology, its growing popularity inevitably attracts cyber security actors, for whom the health sector is attractive because it combines mission-critical infrastructure and high-value data with cybersecurity vulnerabilities. In this Perspective, we explore cyber security aspects of microbial NGS. We discuss the motivations and objectives for such attack, its feasibility and implications, and highlight policy considerations aimed at threat mitigation. Particular focus is placed on the attack vectors, where the entire process of NGS, from sample to result, could be vulnerable, and a risk assessment based on probability and impact for representative attack vectors is presented. Cyber attacks on microbial NGS could result in loss of confidentiality (leakage of personal or institutional data), integrity (misdetection of pathogens) and availability (denial of sequencing services). NGS platforms are also at risk of being used as propagation vectors, compromising an entire system or network. Owing to the rapid evolution of microbial NGS and its applications, and in light of the dynamics of the cyber security domain, frequent risk assessments should be carried out in order to identify new threats and underpin constantly updated public health policies.

show abstract

Section: Malicious Hardware/firmware Implantmentioning

confidence: 99%

Cyber security threats in the microbial genomics era: implications for public health

et al. 2020

Self Cite

View full text Add to dashboard Cite

show abstract

“…Generic hardware components are often produced overseas, which is cost effective but leads to insecurities and a lack of hardening for specific end-use purposes. Hardware vulnerabilities could be exploited on-site, or they can be implanted during manufacturing and supply-chain processes for widespread and unknown security issues (Fayans et al, 2020;Ender et al, 2020;Shwartz et al, 2017;Anderson and Kuhn, 1997). Such hardware issues are unpatchable and will remain with devices forever until newer devices can be manufactured to replace older versions.…”

Section: Laboratories and Equipmentmentioning

confidence: 99%

“…Third-party manufacturers and device vendors implement firmware in these hardware components. Embedded device firmware has been shown to be more susceptible to cyber-attacks than other forms of software (Shwartz et al, 2017). In-field upgrades are difficult to implement, and like hardware, firmware and operating systems of sequencing systems can be maliciously altered within the supply chain (Fayans et al, 2020).…”

Section: Laboratories and Equipmentmentioning

confidence: 99%

Genetic information insecurity as state of the art

Schumacher

Sawaya²,

Nelson³

et al. 2020

Preprint

View full text Add to dashboard Cite

Genetic information is being generated at an increasingly rapid pace, offering advances in science and medicine that are paralleled only by the threats and risk present within the responsible ecosystem. Human genetic information is identifiable and contains sensitive information, but genetic data security is only recently gaining attention. Genetic data is generated in an evolving and distributed cyber-physical ecosystem, with multiple systems that handle data and multiple partners that utilize the data. This paper defines security classifications of genetic information and discusses the threats, vulnerabilities, and risk found throughout the entire genetic information ecosystem. Laboratory security was found to be especially challenging, primarily due to devices and protocols that were not designed with security in mind. Likewise, other industry standards and best practices threaten the security of the ecosystem. A breach or exposure anywhere in the ecosystem can compromise sensitive information. Extensive development will be required to realize the potential of this emerging field while protecting the bioeconomy and all of its stakeholders.

show abstract

“…Generic hardware components are often produced in various countries, which is cost effective but leads to insecurities and a lack of hardening for specific end-use purposes. Hardware vulnerabilities could be exploited on-site, or they can be implanted during manufacturing and supply-chain processes for widespread and unknown security issues ( Anderson and Kuhn, 1997 ; Shwartz et al, 2017 ; Ender et al, 2020 ; Fayans et al, 2020 ). Such hardware issues are unpatchable and will remain with devices forever until newer devices can be manufactured to replace older versions.…”

Section: The Genetic Information Threat Landscapementioning

confidence: 99%

Genetic Information Insecurity as State of the Art

Schumacher

Sawaya²,

Nelson³

et al. 2020

Front. Bioeng. Biotechnol.

View full text Add to dashboard Cite

Genetic information is being generated at an increasingly rapid pace, offering advances in science and medicine that are paralleled only by the threats and risk present within the responsible systems. Human genetic information is identifiable and contains sensitive information, but genetic information security is only recently gaining attention. Genetic data is generated in an evolving and distributed cyber-physical system, with multiple subsystems that handle information and multiple partners that rely and influence the whole ecosystem. This paper characterizes a general genetic information system from the point of biological material collection through long-term data sharing, storage and application in the security context. While all biotechnology stakeholders and ecosystems are valuable assets to the bioeconomy, genetic information systems are particularly vulnerable with great potential for harm and misuse. The security of post-analysis phases of data dissemination and storage have been focused on by others, but the security of wet and dry laboratories is also challenging due to distributed devices and systems that are not designed nor implemented with security in mind. Consequently, industry standards and best operational practices threaten the security of genetic information systems. Extensive development of laboratory security will be required to realize the potential of this emerging field while protecting the bioeconomy and all of its stakeholders.

show abstract

Opening Pandora’s Box: Effective Techniques for Reverse Engineering IoT Devices

Cited by 19 publications

References 20 publications

Cyber security threats in the microbial genomics era: implications for public health

Cyber security threats in the microbial genomics era: implications for public health

Genetic information insecurity as state of the art

Genetic Information Insecurity as State of the Art

Contact Info

Product

Resources

About