Technical University Of Denmark Researchers Create Novel Tools To Prevent Internet Hacker Attacks
Our love affair with smart devices has led to an explosive growth in the number of devices we surround ourselves with. But whereas they allow us to keep an eye on our homes when we are away or help us track the expiry date of items stored in our fridges, they also leave us vulnerable to intruders, who can use them to hack their way into our homes.
For instance, if we choose weak passwords for our internet-connected smart devices or fail to update their security systems, we risk creating access points for hackers.
Once a malicious mind has entered your network via devices such as security cameras or fridges, they can try to exploit you by taking charge of your computer and encrypting files until you pay a ransom to have them decrypted. Or they could use your network as a gateway to harm others by orchestrating attacks from hundreds of thousands of hacked devices simultaneously.
Identifying digital ghost ships
In a new project, DTU Associate Professor Emmanouil Vasilomanolakis aims to develop a method that can detect such ‘digital ghost ships’—devices in the sea of smart electronics that have been neglected and pose a security threat. As he explains: Knowing where they are is crucial to alerting the owner so they can either make them safe to use or disable them.
“We believe that digital ghost ships are a real security threat,” he says.
Emmanouil Vasilomanolakis coined the term digital ghost ship, which references the ghost ships of the seas—vessels that have no crew on board to safely steer them.
It’s not just in people’s homes that gadgets with poorly maintained security features pose a problem. In fact, the stakes are often much higher for businesses and organizations that use and rely on smart devices if an intruder gets through and creates havoc.
Emmanouil Vasilomanolakis points out that the healthcare industry is a good example: “Hospitals use more and more devices that need internet connectivity. If these devices are hacked and stop functioning, we may have a life and death situation.”
He explains that even cheap devices such as surveillance cameras for your home that can’t do much can be powerful tools for hackers – especially if they gain access to a large number of devices at the same time and use them to stage an attack on another target:
“If you can access only one device, it’s not a very powerful attack. But of course, if you can use one million devices, that creates a serious security threat.”
Such attacks can be used to e.g., force authorities’ websites offline, as was seen when Chinese hackers managed to temporarily force Taiwanese government websites offline during the visit of US speaker of the House of Representatives, Nancy Pelosi, to Taiwan in August. Hackers can also use it to cause significant disruption to commercial sites, effectively blocking actual customers from purchasing goods for periods of time.
A more finely meshed safety net
Commercial services are already available that allow users to scan the internet and identify internet-connected devices. Emmanouil Vasilomanolakis aims to create a much more finely meshed safety net that scans and detects only actual digital ghost ships while omitting properly maintained gadgets.
The system will also be trained to avoid so-called honeypots and other false positives. A honeypot is a detection system that developers create to attract attackers to a secure system to study their behaviour.
The researchers will investigate novel ways of creating network signatures of digital ghost ships. A network signature is a footprint that has been left following unauthorized access. The aim is to enrich these signatures with device fingerprinting capabilities. Collecting such fingerprints provides information about the software and hardware of the device in question, making it easier to identify its type.
DTU will collaborate with the University of Cambridge for this part of the project.
FACTS
Billions of devices in operation
Forecasts have estimated that by the end of 2022, there would be approx. 14.4 billion internet-connected devices globally. According to projections, that number will grow to approximately 27 billion by 2025 as the supply shortage of, e.g., chips eases and growth in sales accelerates.
Source: IoT Analytics
Humans – the weakest link
An essential component in creating the best method for detecting digital ghost ships is getting inside the minds of those who use smart devices to understand how they use them.
“People in cyber security have said for years that it’s one thing that we can improve the technology and keep updating devices and create more secure software and devices. But on the other hand, you have the humans themselves, and many experts would agree that humans are usually the weakest link,” Emmanouil Vasilomanolakis says.
Therefore, an important project partner is the University of Colorado, where researchers have extensive expertise in cyber security psychology. Research in this field aims to understand the usual pitfalls that both administrators and ordinary people fall into when dealing with smart devices.
“The more we understand about how humans think and behave, the more we can see how we as researchers can find solutions that are easier for ordinary people to use instead of creating very technical things that work theoretically but practically don’t make much sense,” Emmanouil Vasilomanolakis explains.
Take the example of an influential YouTuber with millions of followers. “If we find a tutorial for a device they have posted where they say: ‘Just set up the device with this password and change it later’ – it would be interesting to find out whether there are actually millions of devices set up with such a password,” he says.
FACTS
Consumer perception of security risks
Despite the proliferation of internet-connected devices, many people are unaware of the risks associated with using them. A 2017 survey of 2,000 UK-based consumers conducted by tech firm Canonical revealed that 48% did not know that hackers might be able to hijack their internet-connected devices–potentially to launch wide-scale attacks on other targets.
The EU Commission has proposed a Cyber Resilience Act, which among other things, will require that such internet-connected devices meet certain cybersecurity standards or risk being banned from the European market.
Making the method widely available
Once the method is developed, it will be freely available for all to use. Obvious users are internet service providers who can alert customers to the presence of digital ghost ships within their networks.
In fact, Danish internet service provider Telenor is a project partner. The company will run tests to ensure that the method can actually do what it is set up to do in a real-life setting.
“The digital ghost ship project can potentially enable Telenor to detect which customers are at increased risk of becoming victims of cyber security threats. Telenor can use this knowledge to contact and warn those customers about the possible threat,” says Martin Fejrskov Andersen, Solution Architect with Telenor Denmark.
“As Telenor’s customer base consists of both consumers, businesses and public authorities, the results of the project could improve not only the security of individuals, but also society as a whole.”
The three-year project has received DKK 2.8 million in funding from the Independent Research Fund Denmark.