Faircloth, Christopher, Hartzell, Gavin, Callahan, Nathan, Bhunia, Suman.
2022.
A Study on Brute Force Attack on T-Mobile Leading to SIM-Hijacking and Identity-Theft. 2022 IEEE World AI IoT Congress (AIIoT). :501–507.
The 2021 T-Mobile breach conducted by John Erin Binns resulted in the theft of 54 million customers' personal data. The attacker gained entry into T-Mobile's systems through an unprotected router and used brute force techniques to access the sensitive information stored on the internal servers. The data stolen included names, addresses, Social Security Numbers, birthdays, driver's license numbers, ID information, IMEIs, and IMSIs. We analyze the data breach and how it opens the door to identity theft and many other forms of hacking such as SIM Hijacking. SIM Hijacking is a form of hacking in which bad actors can take control of a victim's phone number allowing them means to bypass additional safety measures currently in place to prevent fraud. This paper thoroughly reviews the attack methodology, impact, and attempts to provide an understanding of important measures and possible defense solutions against future attacks. We also detail other social engineering attacks that can be incurred from releasing the leaked data.
Hossain Faruk, Md Jobair, Tasnim, Masrura, Shahriar, Hossain, Valero, Maria, Rahman, Akond, Wu, Fan.
2022.
Investigating Novel Approaches to Defend Software Supply Chain Attacks. 2022 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW). :283–288.
Software supply chain attacks occur during the processes of producing software is compromised, resulting in vulnerabilities that target downstream customers. While the number of successful exploits is limited, the impact of these attacks is significant. Despite increased awareness and research into software supply chain attacks, there is limited information available on mitigating or architecting for these risks, and existing information is focused on singular and independent elements of the supply chain. In this paper, we extensively review software supply chain security using software development tools and infrastructure. We investigate the path that attackers find is least resistant followed by adapting and finding the next best way to complete an attack. We also provide a thorough discussion on how common software supply chain attacks can be prevented, preventing malicious hackers from gaining access to an organization's development tools and infrastructure including the development environment. We considered various SSC attacks on stolen code-sign certificates by malicious attackers and prevented unnoticed malware from passing by security scanners. We are aiming to extend our research to contribute to preventing software supply chain attacks by proposing novel techniques and frameworks.
Umar, Mohammad, Ayyub, Shaheen.
2022.
Intrinsic Decision based Situation Reaction CAPTCHA for Better Turing Test. 2022 International Conference on Industry 4.0 Technology (I4Tech). :1–6.
In this modern era, web security is often required to beware from fraudulent activities. There are several hackers try to build a program that can interact with web pages automatically and try to breach the data or make several junk entries due to that web servers get hanged. To stop the junk entries; CAPTCHA is a solution through which bots can be identified and denied the machine based program to intervene with. CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart. In the progression of CAPTCHA; there are several methods available such as distorted text, picture recognition, math solving and gaming based CAPTCHA. Game based turing test is very much popular now a day but there are several methods through which game can be cracked because game is not intellectual. So, there is a required of intrinsic CAPTCHA. The proposed system is based on Intrinsic Decision based Situation Reaction Challenge. The proposed system is able to better classify the humans and bots by its intrinsic problem. It has been considered as human is more capable to deal with the real life problems and machine is bit poor to understand the situation or how the problem can be solved. So, proposed system challenges with simple situations which is easier for human but almost impossible for bots. Human is required to use his common sense only and problem can be solved with few seconds.
Raut, Yash, Pote, Shreyash, Boricha, Harshank, Gunjgur, Prathmesh.
2022.
A Robust Captcha Scheme for Web Security. 2022 6th International Conference On Computing, Communication, Control And Automation (ICCUBEA. :1–6.
The internet has grown increasingly important in everyone's everyday lives due to the availability of numerous web services such as email, cloud storage, video streaming, music streaming, and search engines. On the other hand, attacks by computer programmes such as bots are a common hazard to these internet services. Captcha is a computer program that helps a server-side company determine whether or not a real user is requesting access. Captcha is a security feature that prevents unauthorised access to a user's account by protecting restricted areas from automated programmes, bots, or hackers. Many websites utilise Captcha to prevent spam and other hazardous assaults when visitors log in. However, in recent years, the complexity of Captcha solving has become difficult for humans too, making it less user friendly. To solve this, we propose creating a Captcha that is both simple and engaging for people while also robust enough to protect sensitive data from bots and hackers on the internet. The suggested captcha scheme employs animated artifacts, rotation, and variable fonts as resistance techniques. The proposed captcha technique proves successful against OCR bots with less than 15% accuracy while being easier to solve for human users with more than 98% accuracy.
ISSN: 2771-1358