Forensic Blogs

An aggregator for digital forensics blogs

by

The Vermont Privacy Project

As the internet ties in more and more with our daily lives, internet privacy has become a big concern. The Vermont Privacy Breach project at the Leahy Center is a team of students working with a Champlain student supervisor and a Leahy Center Fellow Judy Boyd to try and tackle this growing issue. Our goal is to reduce the number of privacy incidents on residents of the State of Vermont. We plan to accomplish this by providing simple resources. Small businesses, local governments, and nonprofits can then use these to make themselves more secure. 

What We Have Accomplished?

Over the course of the semester, the team has been hard at work researching privacy breaches and other data. The plan is to use this data to create simple presentations that can be given to businesses and people alike. Our team extensively researched what a data privacy breach is, who it affects, and how to prevent them. We all put our research into a shared Google Drive folder and refined the scope of the project. We focused on teaching and presenting to others what privacy breaches were and how to prevent them. Phase One of this project encompassed common risks, the impact of breaches on individuals and organizations, and measures to prevent or mitigate risk. At this point, we are currently in the process of creating an initial presentation outlining Phase One of this project.

What is a Data Breach? A laptop with a skull and crossbones over it

A data breach is any unauthorized access into a business, state agency, or individual’s digital systems. These attacks can come in a large variety of ways, and each come with their own challenges. For example, phishing attacks will look like messages sent from a company but trick you into putting in your info so the attacker can use it themselves. Ransomware and malware are other forms of attacks. These are programs that are downloaded onto the machine that can read files, edit them, or even lock out the entire computer. Then there are attacks that try to overload your connection to the internet, called DDoS attacks, which flood your connection with junk information. 

These are all incredibly dangerous and serious issues for anybody with a computer, and as technology advances, we’re finding those computers in everyday objects. If you have any sort of wireless surveillance in your home, that could become a risk. But, by limiting who has access to your devices and watching what you download, you bring that risk down considerably. The steps to better computer safety are simple, anybody can do them, it’s just a matter of spreading that information. Therefore, we’re excited to have the opportunity to work on that goal and help those in our community and elsewhere.

What’s Next?

The next steps of our project are to finalize and practice our Phase One Presentation and prepare for our first presentation. We are really looking forward to collaborating with the Burlington Sunrise Rotary Club. It’s exciting to see the progress we have made with this project and we hope to see a glimpse of what may come next. For Phase Two of this project, we will be looking at privacy risks related to Local Government agencies, non-profits, and small businesses. For example, we’re interested in how we can bring this to more people.

Stay up to date with the Leahy Center by following us on LinkedIn, Twitter, Instagram, and Facebook!

The post The Vermont Privacy Project appeared first on The Leahy Center for Digital Forensics & Cybersecurity.

by

Researching IoT Devices

Art depicting the connectivity of common devices Introduction

It is safe to say that everyone is constantly connected, through our smartphones, social media accounts, and even smart homes. Every day, more and more innovative devices are released to the public. Any device that is able to have a relationship with another is part of Internet of Things (IoT). Forbes goes so far as to state that “the relationship will be between people-people, people-things, and things-things”. While these devices offer easy-to-use functionality and instant access to information, how secure are they? In this blog, students at the Leahy Center will review some common devices and discuss some of their vulnerabilities.

IoT Smart Locks

Smart locks are great for remote access to your home’s doors. They’re a faster way to open them, as well as allow a user to keep a record of each action. However, Katie Hopkins, part of the IoT research team, is in the midst of a deep dive into smart lock vulnerabilities—discovering how to make a device that is supposed to keep your home secure vulnerable to hackers. Her research was specifically on Kwikset Kevo Smart Lock devices. Despite how secure one may think these devices are, Katie found that these vulnerabilities may subvert that expectation.

Image of a smart lock

Some vulnerabilities are very simple, such as a denial of service attack using a smartphone. The InfoSec Handbook, a guide to network security concepts, offers a useful definition. A denial of service attack is one that limits or rejects access due to an overflow of data from an outside device. In this case, an attacker can use the Kevo app to send large amounts of open/close requests to the lock. This confuses the device and causes it to not react to a physical key that comes with the device. Another vulnerability is that the lock’s batteries only last about two weeks. This leaves a window of opportunity for an attacker to gain control of the lock.

Some companies also claim that they encrypt passwords for these devices but end up not doing so; great information for a hacker, bad news for you! There are many more ways to exploit these devices, but these are just a few of the simpler ones. NewSky Security wrote a blog post that breaks down more exploits in detail.

Overall, these locks may be useful for securing your home, but their functionality causes new problems.

Google Home

One of the landmark accomplishments in smart devices has to be the creation of personal assistants. One of the more sophisticated virtual helpers is Google Assistant, a competitor to Apple’s Siri and Amazon’s Alexa personal assistants. This software can exist on most devices with a microphone and a speaker since Google Assistant interacts through voice. The user may give the device commands such as, “set an alarm”, or “open my garage door”.

Google Assistant can also interact with your other smart devices in a smart home. To do this, one can purchase a Google Home. Home runs the Google Assistant software and serves as a hub for all your smart devices. 

Image of a Google Home

IoT team member, Joe McCormack, has been doing research on the Google Home and did not find as many vulnerabilities with the software or hardware as Katie found in her research of the smart locks. But, just like the Kevo Smart Locks, there is always a flaw. Discovered by a group at the University of Michigan, the process which utilizes the microphone and translates it so the Google Assistant can execute those commands can be exploited. By using a low-powered laser, an attacker can shine different frequencies into the Google Home’s microphone and execute commands without a sound. This means a criminal can use this to do things like disarm smart home security systems and open smart locks without a sound. The technology required to do this is fairly complex but can be done by anyone with the proper knowledge.

D-Link WiFi Camera

The best way to catch a criminal is to actually see them in the act of a crime. It is also common for parents to keep an eye on their children while they are working or are left with a babysitter. Security cameras are a great way to automatically record the happenings of an area. Most come with motion detection, night vision, and the ability to record entire days worth of footage. One camera that the IoT Security team has been researching is from D-Link, a reputable manufacturer that specializes in network devices, including security cameras. The D-Link WiFi Camera model (DCS-5030L) is a cheap and effective way to monitor your home or office, but if the user does not update the camera regularly, there can be trouble.

Image of a D-Link wifi camera

Someone who is familiar with code can find specific files online that allow unauthorized access to the camera. That means that a person can gain control of the camera, look at recordings saved in the memory, and even move the position of the camera. However, it is actually pretty easy to prevent an attack. All you have to do is keep your firmware updated as D-Link has fixed many security issues over the lifespan of the device. This is normally the case for many devices.

Conclusion

There are vulnerabilities to most, if not all, of the IoT devices that you might use in your home. A capable hacker can exploit devices that you use every day; from your smart door lock to your smart refrigerator. We must be more aware of the issues that are present with new and exciting technology or our personal data could be compromised. It is always good to keep the device’s firmware up to date and have strong network security. By fortifying your devices and the network it resides on, you can prevent the possibility of an attacker taking control of your smart home, smart camera, or any other smart device. For the sake of your personal information, physical security, as well as privacy, remember that the convenience that smart devices offer might not be worth the risk.

The post Researching IoT Devices appeared first on The Leahy Center for Digital Forensics & Cybersecurity.

by

Intrusion into the IoT: The Final Blog

D-Link intrusion footage screenshot Recap: Intrusion Blogs 1/2

In last month’s blog, the IoT Intrusion team hit a major roadblock with the TP-Link Kasa camera, but were able to overcome it through research into Man in the Middle Attacks. Now, armed with more knowledge than before, our team pressed on to new devices. We moved much faster this month than last. We started investigations into the intrusion of two devices, one of which we completed. These devices proved to be good subjects for investigation, but there are so many at the LCDI that we would have liked to look into. Hopefully, the end of the year does not bring the end of the project.

Picture of the D-Link DCS 5030L

D-Link DCS 5030L

After our struggles with the TP-Link, the team decided to work on a different IoT security camera: the D-Link DCS 5030L. We were originally attracted to this device by a statement that the FTC put out saying that D-Link needs to increase their security in order to market themselves as offering, “advanced network security.” This gave us hope that the device might not be secure. This proved to be true, as we were able to exploit features letting users control their camera from a browser. We were able to gain access to all elements of the camera. We were able to change the password as well as view a live feed.

Malicious Intrusion Opportunity

Through this, we were able to brainstorm all the ways a malicious hacker could use this intrusion to their advantage. They could hold the device for ransom and require the owner to pay in order to regain access. An attacker could physically break into a room that had one of these cameras in it and then upon leaving erase the camera footage from the SD card. The quick success that our team had the D-Link camera allowed us to move on to another device this month. 

picture of the WeMo Insight Switch

WeMo Insight Switch 

The next device we decided to work on was the WeMo Insight Switch from Belkin. This device showed up on our radar as a potential subject back in our initial research phase of the project. A serious issue with the device was reported by Bitdefender saying that they had discovered a vulnerability that the switch leaks out wifi passwords. This was based on research done by McAfee that found a vulnerability in the UPnP ports listening on the local network in the device. Our team wants to see what we can do with this information on the device. We have it all set up and ready to test.

The Future of IoT Intrusion

Although this may be the team’s final blog post, this is not the end of our project. We still have a few more weeks scheduled at the Leahy Center. After we attempt our intrusion on the WeMo Insight Switch, we will complete our final report. Make sure to look out for that here when it is published. As our project comes to a close, we ponder what the future may hold. We were only able to scratch the surface of this very in depth and involved line of research. That said, we hope this project laid the groundwork for future research.

Stay up to date with Twitter @ChampForensics, Instagram @ChampForensics, and Facebook @ChamplainLCDI so you always know what we’re up to!

The post Intrusion into the IoT: The Final Blog appeared first on The Leahy Center for Digital Forensics & Cybersecurity.