Digital forensics Archives

April 20, 2021 by LCDI

10 Cybersecurity Tips You Should Know!

Stay safe with your devices and while going online by using these cyber tips of the month! Practicing good habits with your devices and your activity online is crucial to keeping you and your information safe, along with others who might be connected to you in some way. Use these tips to put your best foot forward while navigating the digital world!

Don’t click on links without thinking; make sure to inspect links and know they are from a trusted source before clicking, since malicious links can do damage in many different ways to your devices.

Be sure to connect securely when connecting to different networks. Unsecured connections can have negative consequences, so only connect to private networks when you can, especially if you’ll be handling some private and sensitive information.

Make sure your mobile device is secure! A lot of us hold private information on these devices and bring them with us everywhere, so it is important that they are protected from others. A few protective measures to put in place include a strong password, turning off automatic connection to public Wi-Fi, turning your Bluetooth off, and downloading anything with caution.

Never leave your devices unattended! The security of your devices is not only important digitally, but also physically. Lock up any phones, laptops, or tablets so no one can access them. For desktops, lock them or shut them down completely when unattended.

Always be careful with what you plug into your computer. Never use something such as a USB drive if you don’t know where it came from, as it could potentially have malware on it.

Make sure that all of your online shopping is done safely! Don’t shop from a computer and a network that you don’t own, and make sure to be careful about which websites you shop at. It is also smart to make sure you are using a strong password, and that you aren’t saving your card’s details and information in an online account.

Keep your device clean! Regularly remove applications that you don’t use, making sure your device won’t have old, lingering apps that may provide vulnerabilities for criminals to use.

Make sure to use unique passwords for all of your different accounts and devices. The best and safest passwords are at least twelve to fifteen characters and have numbers, letters, and symbols in them. Avoid using common phrases to build your passwords, as well as any type of personal information.

Be careful with what you post online! Social media is a place where criminals can gather and learn a lot of information just from what you post. Consider what you put out there, and also consider who is able to see your page. You can always go in and change your privacy settings too!

Practice good habits online; what you do has the potential to impact others at work, at home, or even somewhere else around the world, so practicing good online habits benefits everyone.

STAY UP TO DATE WITH TWITTER, INSTAGRAM, FACEBOOK, AND LINKEDIN SO YOU ALWAYS KNOW WHAT WE’RE UP TO!

The post 10 Cybersecurity Tips You Should Know! appeared first on The Leahy Center for Digital Forensics & Cybersecurity.

March 25, 2021 by LCDI

Amy Keigwin On Being A Women In Tech And Her Past Intern Experience

Our next Women’s History Month worker spotlight is Amy Keigwin! Keigwin is a second-year Computer and Digital Forensics major from Franklin, Massachusetts. She is currently working on the SOC Tier 1 project and has been an Intern in Research in the past for the Leahy Center. Her other experiences outside of the Leahy Center include being a Conference Intern for the MAVA Connection for Success Conference, and a Data Entry Intern for CTS Services.

What made you choose to major within the information technology field?

I have always been interested in computers and technology from a very young age, so when I went to a vocational high school, that desire to learn computer science just intensified, and led me to pick an area, cybersecurity, and my specific degree.

What was your first experience with technology?

My first experience with technology was as a child using my family’s PC to play flash games, card games, and make drawings for my parents in MS Paint.

Are there any females in tech that you look up to?

Not really. My role models are usually my teachers, especially my high school networking and programming teacher. She worked really hard to make sure that all of her students understood the content, and was a big advocate for me and the other women in my class, always encouraging us to apply for scholarships, certifications, and awards. I was even nominated to go to a few conferences because of her!

What are the pros and cons of being a woman in tech?

A few pros of being a woman in tech are that my opinions about a certain task are taken seriously and that I am generally more marketable to companies, so finding a job isn’t as difficult. A few cons are that I am generally one of, if not the only, woman on my team, and it can be harder to integrate myself into a team that is male-dominated, especially if interests are not shared.

Is it daunting to be working in a male-dominated field?

It can definitely be daunting working in a male-dominated field, especially when I am the newcomer and the team I am joining is already well-established. However, I find that time can lessen a lot of that distance, and knowing a few people from classes before joining my team at the Leahy Center helped make things easier.

What advice would you give to younger women who are interested in getting into the tech field?

Develop a backbone, and learn to stand up for yourself. You’re going to encounter adversaries from colleagues and bosses alike, and learning to say “no” is an incredibly valuable skill. Along the same line, make contacts with people in different departments and learn the people in HR. Having a good reputation keeps your integrity from being as heavily questioned, and makes you a more valuable employee.

Why is it important to have women in the tech field?

I think it’s really important to have women in the tech field not only for the bridging of gender equality but also just for the fact that people have different perspectives based on life experiences. I think women stand to bring a lot of ideas and experience into any field, particularly the tech field, where being innovative is the name of the game. There’s also just the simple fact of giving young girls more female role models to help motivate them into going into fields they may have not previously considered because it doesn’t follow gender stereotypes.

What would you like to achieve in the tech field in the future?

Right now, I want to be a digital forensics examiner working in the public sector. As such, providing evidence to a court and that being integral to a conviction is something I want to achieve. Aside from that, just raising more awareness about women in tech is a goal I would like to work towards, especially if that means I get to work with organizations where I have participated in their competitions, like CyberPatriot.

STAY UP TO DATE WITH TWITTER, INSTAGRAM, FACEBOOK, AND LINKEDIN SO YOU ALWAYS KNOW WHAT WE’RE UP TO!

The post Amy Keigwin On Being A Women In Tech And Her Past Intern Experience appeared first on The Leahy Center for Digital Forensics & Cybersecurity.

April 30, 2020 by LCDI

Researching IoT Devices

Art depicting the connectivity of common devices

Introduction

It is safe to say that everyone is constantly connected, through our smartphones, social media accounts, and even smart homes. Every day, more and more innovative devices are released to the public. Any device that is able to have a relationship with another is part of Internet of Things (IoT). Forbes goes so far as to state that “the relationship will be between people-people, people-things, and things-things”. While these devices offer easy-to-use functionality and instant access to information, how secure are they? In this blog, students at the Leahy Center will review some common devices and discuss some of their vulnerabilities.

IoT Smart Locks

Smart locks are great for remote access to your home’s doors. They’re a faster way to open them, as well as allow a user to keep a record of each action. However, Katie Hopkins, part of the IoT research team, is in the midst of a deep dive into smart lock vulnerabilities—discovering how to make a device that is supposed to keep your home secure vulnerable to hackers. Her research was specifically on Kwikset Kevo Smart Lock devices. Despite how secure one may think these devices are, Katie found that these vulnerabilities may subvert that expectation.

Some vulnerabilities are very simple, such as a denial of service attack using a smartphone. The InfoSec Handbook, a guide to network security concepts, offers a useful definition. A denial of service attack is one that limits or rejects access due to an overflow of data from an outside device. In this case, an attacker can use the Kevo app to send large amounts of open/close requests to the lock. This confuses the device and causes it to not react to a physical key that comes with the device. Another vulnerability is that the lock’s batteries only last about two weeks. This leaves a window of opportunity for an attacker to gain control of the lock.

Some companies also claim that they encrypt passwords for these devices but end up not doing so; great information for a hacker, bad news for you! There are many more ways to exploit these devices, but these are just a few of the simpler ones. NewSky Security wrote a blog post that breaks down more exploits in detail.

Overall, these locks may be useful for securing your home, but their functionality causes new problems.

Google Home

One of the landmark accomplishments in smart devices has to be the creation of personal assistants. One of the more sophisticated virtual helpers is Google Assistant, a competitor to Apple’s Siri and Amazon’s Alexa personal assistants. This software can exist on most devices with a microphone and a speaker since Google Assistant interacts through voice. The user may give the device commands such as, “set an alarm”, or “open my garage door”.

Google Assistant can also interact with your other smart devices in a smart home. To do this, one can purchase a Google Home. Home runs the Google Assistant software and serves as a hub for all your smart devices.

IoT team member, Joe McCormack, has been doing research on the Google Home and did not find as many vulnerabilities with the software or hardware as Katie found in her research of the smart locks. But, just like the Kevo Smart Locks, there is always a flaw. Discovered by a group at the University of Michigan, the process which utilizes the microphone and translates it so the Google Assistant can execute those commands can be exploited. By using a low-powered laser, an attacker can shine different frequencies into the Google Home’s microphone and execute commands without a sound. This means a criminal can use this to do things like disarm smart home security systems and open smart locks without a sound. The technology required to do this is fairly complex but can be done by anyone with the proper knowledge.

D-Link WiFi Camera

The best way to catch a criminal is to actually see them in the act of a crime. It is also common for parents to keep an eye on their children while they are working or are left with a babysitter. Security cameras are a great way to automatically record the happenings of an area. Most come with motion detection, night vision, and the ability to record entire days worth of footage. One camera that the IoT Security team has been researching is from D-Link, a reputable manufacturer that specializes in network devices, including security cameras. The D-Link WiFi Camera model (DCS-5030L) is a cheap and effective way to monitor your home or office, but if the user does not update the camera regularly, there can be trouble.

Someone who is familiar with code can find specific files online that allow unauthorized access to the camera. That means that a person can gain control of the camera, look at recordings saved in the memory, and even move the position of the camera. However, it is actually pretty easy to prevent an attack. All you have to do is keep your firmware updated as D-Link has fixed many security issues over the lifespan of the device. This is normally the case for many devices.

Conclusion

There are vulnerabilities to most, if not all, of the IoT devices that you might use in your home. A capable hacker can exploit devices that you use every day; from your smart door lock to your smart refrigerator. We must be more aware of the issues that are present with new and exciting technology or our personal data could be compromised. It is always good to keep the device’s firmware up to date and have strong network security. By fortifying your devices and the network it resides on, you can prevent the possibility of an attacker taking control of your smart home, smart camera, or any other smart device. For the sake of your personal information, physical security, as well as privacy, remember that the convenience that smart devices offer might not be worth the risk.

The post Researching IoT Devices appeared first on The Leahy Center for Digital Forensics & Cybersecurity.