The Experts below are selected from a list of 66 Experts worldwide ranked by ideXlab platform
Cotret Pascal - One of the best experts on this subject based on the ideXlab platform.
-
Hit the KeyJack: stealing data from your daily wireless devices incognito
HAL CCSD, 2016Co-Authors: Fournier Guillaume, Matoussowsky Pierre, Cotret PascalAbstract:National audienceInternet of Things (IoT) is one of the most fast-growing field in high technologies nowadays. Therefore, lots of electronic devices include wireless connections with several communication protocols (WiFi, ZigBee, Sigfox, LoRa and so on). Nevertheless, designers of such components do not take care of security features most of the time while focusing on communication reliability (speed, throughput and low power consumption). As a consequence, several wireless IoT devices transmit data in plaintext creating lots of security breaches for both eavesdropping and data injection attacks. This work introduces KeyJack, a preliminary proof-of-concept of a solution aiming to eavesdrop wireless devices and hopefully perform injection attacks afterwards. KeyJack operates on widely-used devices: our keyboards! This solution is based on low-cost embedded electronics and gives an attacker or a White Hat Hacker the possibility to retrieve data from John Doe's computer. This work also shows tHat this approach could be used to any wireless device using 2.4GHz radio chips like the NRF24L01 from Nordic Semiconductor
-
Hit the KeyJack: stealing data from your daily wireless devices incognito
2016Co-Authors: Fournier Guillaume, Matoussowsky Pierre, Cotret PascalAbstract:Internet of Things (IoT) is one of the most fast-growing field in high technologies nowadays. Therefore, lots of electronic devices include wireless connections with several communication protocols (WiFi, ZigBee, Sigfox, LoRa and so on). Nevertheless, designers of such components do not take care of security features most of the time while focusing on communication reliability (speed, throughput and low power consumption). As a consequence, several wireless IoT devices transmit data in plaintext creating lots of security breaches for both eavesdropping and data injection attacks. This work introduces KeyJack, a preliminary proof-of-concept of a solution aiming to eavesdrop wireless devices and hopefully perform injection attacks afterwards. KeyJack operates on widely-used devices: our keyboards! This solution is based on low-cost embedded electronics and gives an attacker or a White Hat Hacker the possibility to retrieve data from John Doe's computer. This work also shows tHat this approach could be used to any wireless device using 2.4GHz radio chips like the NRF24L01 from Nordic Semiconductor.Comment: Journ\'ees C&ESAR 2016 (https://www.cesar-conference.org/
Thomas J Holt - One of the best experts on this subject based on the ideXlab platform.
-
Don’t shoot the messenger! A criminological and computer science perspective on coordinated vulnerability disclosure
Crime Science, 2018Co-Authors: Marleen Weulen Kranenbarg, Thomas J Holt, Jeroen HamAbstract:In the computer science field coordinated vulnerability disclosure is a well-known practice for finding flaws in IT-systems and patching them. In this practice, a White-Hat Hacker who finds a vulnerability in an IT-system reports tHat vulnerability to the system’s owner. The owner will then resolve the problem, after which the vulnerability will be disclosed publicly. This practice generally does not focus on potential offenders or black-Hat Hackers who would likely exploit the vulnerability instead of reporting it. In this paper, we take an interdisciplinary approach and review the current coordinated vulnerability disclosure practice from both a computer science and criminological perspective. We discuss current issues in this practice tHat could influence the decision to use coordinated vulnerability disclosure versus exploiting a vulnerability. Based on different motives, a rational choice or cost–benefit analyses of the possible reactions after finding a vulnerability will be discussed. Subsequently, implications for practice and future research suggestions are included.
-
don t shoot the messenger a criminological and computer science perspective on coordinated vulnerability disclosure
Crime Science, 2018Co-Authors: Marleen Weulen Kranenbarg, Thomas J HoltAbstract:In the computer science field coordinated vulnerability disclosure is a well-known practice for finding flaws in IT-systems and patching them. In this practice, a White-Hat Hacker who finds a vulnerability in an IT-system reports tHat vulnerability to the system’s owner. The owner will then resolve the problem, after which the vulnerability will be disclosed publicly. This practice generally does not focus on potential offenders or black-Hat Hackers who would likely exploit the vulnerability instead of reporting it. In this paper, we take an interdisciplinary approach and review the current coordinated vulnerability disclosure practice from both a computer science and criminological perspective. We discuss current issues in this practice tHat could influence the decision to use coordinated vulnerability disclosure versus exploiting a vulnerability. Based on different motives, a rational choice or cost–benefit analyses of the possible reactions after finding a vulnerability will be discussed. Subsequently, implications for practice and future research suggestions are included.
Fournier Guillaume - One of the best experts on this subject based on the ideXlab platform.
-
Hit the KeyJack: stealing data from your daily wireless devices incognito
HAL CCSD, 2016Co-Authors: Fournier Guillaume, Matoussowsky Pierre, Cotret PascalAbstract:National audienceInternet of Things (IoT) is one of the most fast-growing field in high technologies nowadays. Therefore, lots of electronic devices include wireless connections with several communication protocols (WiFi, ZigBee, Sigfox, LoRa and so on). Nevertheless, designers of such components do not take care of security features most of the time while focusing on communication reliability (speed, throughput and low power consumption). As a consequence, several wireless IoT devices transmit data in plaintext creating lots of security breaches for both eavesdropping and data injection attacks. This work introduces KeyJack, a preliminary proof-of-concept of a solution aiming to eavesdrop wireless devices and hopefully perform injection attacks afterwards. KeyJack operates on widely-used devices: our keyboards! This solution is based on low-cost embedded electronics and gives an attacker or a White Hat Hacker the possibility to retrieve data from John Doe's computer. This work also shows tHat this approach could be used to any wireless device using 2.4GHz radio chips like the NRF24L01 from Nordic Semiconductor
-
Hit the KeyJack: stealing data from your daily wireless devices incognito
2016Co-Authors: Fournier Guillaume, Matoussowsky Pierre, Cotret PascalAbstract:Internet of Things (IoT) is one of the most fast-growing field in high technologies nowadays. Therefore, lots of electronic devices include wireless connections with several communication protocols (WiFi, ZigBee, Sigfox, LoRa and so on). Nevertheless, designers of such components do not take care of security features most of the time while focusing on communication reliability (speed, throughput and low power consumption). As a consequence, several wireless IoT devices transmit data in plaintext creating lots of security breaches for both eavesdropping and data injection attacks. This work introduces KeyJack, a preliminary proof-of-concept of a solution aiming to eavesdrop wireless devices and hopefully perform injection attacks afterwards. KeyJack operates on widely-used devices: our keyboards! This solution is based on low-cost embedded electronics and gives an attacker or a White Hat Hacker the possibility to retrieve data from John Doe's computer. This work also shows tHat this approach could be used to any wireless device using 2.4GHz radio chips like the NRF24L01 from Nordic Semiconductor.Comment: Journ\'ees C&ESAR 2016 (https://www.cesar-conference.org/
Jeroen Ham - One of the best experts on this subject based on the ideXlab platform.
-
Don’t shoot the messenger! A criminological and computer science perspective on coordinated vulnerability disclosure
Crime Science, 2018Co-Authors: Marleen Weulen Kranenbarg, Thomas J Holt, Jeroen HamAbstract:In the computer science field coordinated vulnerability disclosure is a well-known practice for finding flaws in IT-systems and patching them. In this practice, a White-Hat Hacker who finds a vulnerability in an IT-system reports tHat vulnerability to the system’s owner. The owner will then resolve the problem, after which the vulnerability will be disclosed publicly. This practice generally does not focus on potential offenders or black-Hat Hackers who would likely exploit the vulnerability instead of reporting it. In this paper, we take an interdisciplinary approach and review the current coordinated vulnerability disclosure practice from both a computer science and criminological perspective. We discuss current issues in this practice tHat could influence the decision to use coordinated vulnerability disclosure versus exploiting a vulnerability. Based on different motives, a rational choice or cost–benefit analyses of the possible reactions after finding a vulnerability will be discussed. Subsequently, implications for practice and future research suggestions are included.
Pascal Cotret - One of the best experts on this subject based on the ideXlab platform.
-
Hit the KeyJack: stealing data from your daily wireless devices incognito
2016Co-Authors: Guillaume Fournier, Pierre Matoussowsky, Pascal CotretAbstract:Internet of Things (IoT) is one of the most fast-growing field in high technologies nowadays. Therefore, lots of electronic devices include wireless connections with several communication protocols (WiFi, ZigBee, Sigfox, LoRa and so on). Nevertheless, designers of such components do not take care of security features most of the time while focusing on communication reliability (speed, throughput and low power consumption). As a consequence, several wireless IoT devices transmit data in plaintext creating lots of security breaches for both eavesdropping and data injection attacks. This work introduces KeyJack, a preliminary proof-of-concept of a solution aiming to eavesdrop wireless devices and hopefully perform injection attacks afterwards. KeyJack operates on widely-used devices: our keyboards! This solution is based on low-cost embedded electronics and gives an attacker or a White Hat Hacker the possibility to retrieve data from John Doe's computer. This work also shows tHat this approach could be used to any wireless device using 2.4GHz radio chips like the NRF24L01 from Nordic Semiconductor.