Visible to the public Biblio

Filters: Author is Siboni, Shachar  [Clear All Filters]
2019-06-10
Siboni, Shachar, Shabtai, Asaf, Elovici, Yuval.  2018.  An Attack Scenario and Mitigation Mechanism for Enterprise BYOD Environments. SIGAPP Appl. Comput. Rev.. 18:5–21.

The recent proliferation of the Internet of Things (IoT) technology poses major security and privacy concerns. Specifically, the use of personal IoT devices, such as tablets, smartphones, and even smartwatches, as part of the Bring Your Own Device (BYOD) trend, may result in severe network security breaches in enterprise environments. Such devices increase the attack surface by weakening the digital perimeter of the enterprise network and opening new points of entry for malicious activities. In this paper we demonstrate a novel attack scenario in an enterprise environment by exploiting the smartwatch device of an innocent employee. Using a malicious application running on a suitable smartwatch, the device imitates a real Wi-Fi direct printer service in the network. Using this attack scenario, we illustrate how an advanced attacker located outside of the organization can leak/steal sensitive information from the organization by utilizing the compromised smartwatch as a means of attack. An attack mitigation process and countermeasures are suggested in order to limit the capability of the remote attacker to execute the attack on the network, thus minimizing the data leakage by the smartwatch.

2018-11-28
Sachidananda, Vinay, Siboni, Shachar, Shabtai, Asaf, Toh, Jinghui, Bhairav, Suhas, Elovici, Yuval.  2017.  Let the Cat Out of the Bag: A Holistic Approach Towards Security Analysis of the Internet of Things. Proceedings of the 3rd ACM International Workshop on IoT Privacy, Trust, and Security. :3–10.

The exponential increase of Internet of Things (IoT) devices have resulted in a range of new and unanticipated vulnerabilities associated with their use. IoT devices from smart homes to smart enterprises can easily be compromised. One of the major problems associated with the IoT is maintaining security; the vulnerable nature of IoT devices poses a challenge to many aspects of security, including security testing and analysis. It is trivial to perform the security analysis for IoT devices to understand the loop holes and very nature of the devices itself. Given these issues, there has been less emphasis on security testing and analysis of the IoT. In this paper, we show our preliminary efforts in the area of security analysis for IoT devices and introduce a security IoT testbed for performing security analysis. We also discuss the necessary design, requirements and the architecture to support our security analysis conducted via the proposed testbed.