The Risk of Too Many Smart Devices

it happens to all of us

those sudden moments that we realize we

forgot to bring our phones

in those moments we panic and we quickly

try to find them

as if our life depends on them moments

such as those

prove heart dependent we have become to

technology

and electronic devices

we rely on electronic devices with all

aspects of our lives but has it occurred

to you that these

smart devices could spying on us

24 or 7 believe it or not they are

monitoring us

constantly and they know all our secrets

we have become dependent more than ever

on electronic devices and unfortunately

covert error has contributed to it even

we are using our smartphones and

personal computers for

literally everything these days starting

from

attending school classes or work

meetings

to hanging out and mingling

with our friends online says using

applications such as clubhouse or a

skype

or even shopping online and

our lives are tied up with so many

smart devices such as fitness trackers

autonomous vehicles smart appliances or

even

smart tattoos a collection of these

smart devices

forms the internet of things or in short

iit

iit brings new opportunities

and in iit every device is

connected to to the internet and they

can potentially be connected to each

other

it opens the door to a smarter homes and

smarter cities and it

it enables us to having as such more

capabilities that

each of these individual devices cannot

provide us by their own

however iot increases the attack

surfaces due to the increased

connectivity

and their huge connect

complexity and because of that

complexity the risk of cyber attacks

has increased more than ever

there are by end of 2021 there are

more than 47 billion

iit devices around the world

and you can relate to it by looking at

your own devices

you can see that that we can easily have

seven or eight

uh devices and this is not an

exaggeration that huge number

so these devices are collecting

monitoring analyzing and communicating

our most intimate data

such as health related data or financial

data to be able to provide

real-time aid on daily basis

but have you ever thought that this

information

collected by these users by these

devices

can be misused or even sent to

bad guys it’s not an urban myth

and the reality is that every time that

you

choose to add a smart device in your

daily life

you are losing more and more privacy let

me talk about something that happened

for myself

and i think that several of you have

come across the similar scenarios

a few months ago i was talking to my

friends regarding

purchasing a new laptop we were talking

about different brands such as

apple hv lenovo it was a small talk that

can happen

every day but later that day

i actually

got some relevant recommendations and

on my facebook and amazon accounts and

i believe it kind of made me to really

think that maybe

these infrastructures are they can see

what we say

and they can use it for personalized

advertisements

there are several of these scenarios

reported actually around the world

the first example is about the fitness

tracker

called straw in this fitness

in 2018 they decided to release the heat

map of

the running traces of their most active

users

it was a commercial act but somehow

it disclosed some of our nation’s

secrets

so it happened that using these heat

maps

we can find some of the location of some

of our military bases

so the soldier involved they had higher

exercise requirements so they made

them most active users of this fitness

tracker and later on

google map satellites could be used to

go and see what are the roads and

buildings that they

these soldiers use more frequently

another example is about a security

camera

that has been designed and manufactured

in china

there was a security bug in these

security cameras that

it actually direct the video of

this direct data stream of the videos

uh in uh collected by these security

cameras and it

just sent them to somebody else randomly

and in this figure you can see that

the video of a baby

has been directed to somebody’s else

ipad

randomly another very similar

and very recent example was about

security camera

called vercado this this

startup the security cameras that they

have developed they had

some kind of security bars that

attackers could use the underlying

vulnerability

and they could access to the video of

customers in this figure you can see

that they actually access to the video

tesla in one of the warehouses in

shanghai

the main motivation behind most of these

attacks is either to

steal or expose data to

create a target financial assets

or to be able to access to user accounts

every day there are three millions

attacks happening around divorce

most of these cyber attacks they are

targeting the vulnerabilities at the

software level

for example a bug in your facebook

application

or in the windows operating system

could enable attackers to overthrow your

device or your icon to be able to take

over it

however these software vulnerabilities

can be

patched using some updates for probably

you have seen

a set of security update notification

with

when you wanted to turn off your laptop

and whenever you install those update

your system will be immune toward these

relevant attacks however you may not

know that all of the iit and iit devices

are built on top of a set of hardware

like integrated circuits including

processors and memory chips

these hardwares are acting as a brain of

these

integrated circuits and they

are storing a set of our digital

information such as

passcode texts photos and you know our

user credentials

and they are acting as a root of trust

the question is that what if the

vulnerability

actually exists in the hardware

so previously hardware components and

you know digital chips were believed

that they are

static secure and trust force

and we were focused more on software

attacks

however research has shown that these

hardware components are not invincible

to security active flaws and design bugs

and they can be used to launch

more and more attacks research has shown

that if the security vulnerabilities

at the hardware levels are blocked the

whole

system vulnerability will be reduced by

43 percent

which means that a big portion of cyber

attacks will be blocked

if we are addressing security

vulnerabilities

at the hardware however security

vulnerabilities at hardware

are more

critical than software vulnerabilities

the reason is that they are

fixed and when you are building them we

cannot

change them in that case so we

do not have the option of installing

updates and patching those

vulnerabilities

an attack that targets a vulnerability

at hardware level

can be successfully repeated on

every instance of that chip that it

is that is being used or deployed in

different iot devices and we cannot do

anything because we

there is no updates to be patched to

prevent these attacks

so let us talk about how these

vulnerabilities are going to be

introduced in hardware designs

a company in united states will design a

product but

not all aspects of the design happens

in-house

as you can see here the

supply chain of integrated circuits

are highly dispersed and globally

distributed so

several countries and companies around

the world

are involved in designing a hardware

therefore

this long and globally distributed

supply chain

make these hardware chips vulnerable to

an array of

security and integrity attacks

so for example due to

time to market and cost a

constraint a company united states may

decide to outsource fabrication

and send its design offshore to some

asian countries such

as such as china and korea

but not everybody in this fabrication

facilities they are necessarily trusted

so they have access to whole design so

they

can steal the design they can claim it

as their own

they can over

produce more than the numbers that are

ordered and they

create some products over their own

brands and sell them in black market

but worse than anything they can

insert malicious functionalities in the

design

and this is a real concern last month we

heard the news that the shortage of

computer chips reach to the crisis

level shortage of chips means

that we need to rely on the chips

that they are fabricated and designed

in some other countries so it means that

not only we do not have any control

over fabrication process we do not have

any control on the design process and we

do not

know what kind of malicious

functionality may exist in these chips

and it may create some security and

integrity and confidentiality

issues for us further

it’s extremely difficult to distinguish

between an authentic

and counterfeit cheap it’s been a very

one of the most challenging problems

that we wanted to address to be able to

guarantee that we are using an authentic

chip

the market of a counterfeits is sizable

and growing such as in 2019

that market size was 75 billion devices

and traces of this counterfeit

components

was confirmed in 169 billion devices

such as airport landing lives

lights or network routers

so the consequence and risk of using

these counterfeits range

from generating incumbents

inconvenience to injury or loss of life

there are a lot of recycled ips also

they can be used

in and deployed in iit devices

using recycle ips makes the iit devices

less and less reliable and more

vulnerable toward security attacks

it has been always a kind of battle

between providing better security

and having the best performance the

performance

always there have been several efforts

that we wanted to just

make the best performance with minimum

overhead on

some requirements of the design such as

battery

life time however addressing the

security

always comes with

overheads and the big issue is that

how we can balance and find a sweetest

spot

between these two important parameters

and

not only that we can have the best

performance but at the same time we can

have less overhead and security

and we make sure that because of

performance we do not create security

vulnerabilities in the systems

so what can we do i here i present one

of the possible solutions

for example for counterfeits we can use

microscopes

or x-ray machines to be able to identify

whether a design is authentic or is a

counterfeit

we can also use advanced artificial

intelligence algorithm to be able to

distinguish these devices

so in short we need to develop a set of

metrics

to be able to evaluate hardware design

see that how vulnerable they are we need

to create a set of

tools that those tools are

can be able to address this

vulnerability

automatically at the same time we need

to create

a set of awareness between the

users of these potentially vulnerable

iot devices

i believe the government academia and

industry

they need to work hand in hand to be

able to

create an ecosystem that delivers these

secure hardware designs from the design

to consumer market

this is the only way and this is the

only and only way that

we can make sure that we have secure

devices and we can use iot and smart

devices with ease of

mind without being worried

about being a spy

or bridge of our security and privacy

in university of florida my team

and i we are trying to address these

challenging questions here is the list

of my phd

students that they are dedicated to find

answers for these challenges and help us

to have

more and more secure smart devices

thank you

发生在我们所有人身上的那些突然的时刻，我们意识到我们

在惊慌失措的时刻忘记带手机了，我们迅速

试图找到它们

，好像我们的生活依赖于它们的时刻，

例如那些

证明心脏依赖的时刻，我们已经变得对

技术

和电子设备

我们在生活的方方面面都依赖电子设备，

但您有没有

想过这些

智能设备可以监视我们

24 或 7 信不信由你，他们一直在

监视我们

，他们知道我们所有的秘密，

我们变得更加依赖在电子设备上比以往任何时候都多

，不幸的是，

隐蔽的错误导致了这种情况甚至

更多，

从

参加学校课程或工作

会议

到在网上闲逛和

与我们的朋友交流，我们现在更多地使用我们的智能手机和个人电脑来处理所有事情，

比如使用应用程序，例如会所或

Skype

，甚至在线购物，

我们的生活都被许多智能设备所束缚，

例如健身车 ckers

自动驾驶汽车智能设备甚至

智能纹身这些智能设备的集合

形成了物联网，或者简而言之，

iit

iit 带来了新的机会，

并且在 iit 中，每个设备都

连接到互联网，并且它们

可以潜在地相互连接

它打开通向更智能的家庭和

更智能的城市的大门，

它使我们能够拥有更多的

功能

，而这些单独的设备中的每一个都无法单独

提供给我们，

但是

由于连接性的增加

和巨大的连接

复杂性，物联网增加了攻击面，并且因为在这种

复杂性中，网络攻击

的风险比以往任何时候都增加了到

2021 年底，全球有

超过 470 亿台

iit 设备

，您可以通过查看自己的设备与它联系起来，

您可以看到我们可以轻松有

七八个

呃设备，这并不

夸张，

所以这些设备正在收集

监控肛门浏览和交流

我们最私密的数据，

例如健康相关数据或财务

数据，以便能够每天提供

实时帮助，

但您有没有想过

这些用户通过这些设备收集的这些信息

可能会被滥用甚至发送给

坏人伙计们，这不是一个城市神话

，现实是每次

您

选择在日常生活中添加智能设备时，

您都会失去越来越多的隐私让

我谈谈发生

在我自己身上的事情

，我想你们中的一些人已经

来了几个月前，在类似的情况下

，我和我的朋友谈论

购买一台新笔记本电脑，我们在

谈论不同的品牌，例如

苹果 hv 联想，这是一个每天都可能发生的闲聊，

但那天晚些时候，

我实际上

得到了一些相关的建议和

我的 Facebook 和亚马逊账户上的广告，

我相信这让我真的

认为，也许

这些基础设施是他们可以

看到我们所说的

他们可以将其用于个性化

世界各地实际上报道了其中的几个场景

第一个例子是关于

名为稻草的健身追踪

器 2018 年他们决定发布

他们最活跃用户的跑步轨迹的热图

这是一项商业行为，但不知何故，

它泄露了我们国家的一些

秘密，

所以碰巧使用这些热

图，

我们可以找到我们一些军事基地的一些位置，

所以涉及的士兵对他们有更高的

运动要求，所以他们让

他们最活跃这个健身

追踪器的用户以及后来在

谷歌地图卫星上的用户可以用来

查看这些士兵更频繁使用的道路和

建筑物

另一个例子是关于在中国设计和制造的安全

摄像头

有一个安全这些

安全摄像头中的错误，

它实际上引导视频的

这个直接数据流的视频

uh in u h 由这些安全

摄像头收集，它

只是将它们随机发送给其他人

，在此图中，您可以看到

婴儿的视频

已随机定向到其他人的

ipad

另一个非常相似

且最近的例子是关于

名为 vercado 的安全摄像头这家

初创公司他们开发的安全摄像头

他们有

某种安全栏

攻击者可以利用底层

漏洞他们可以访问

该图中的客户视频您可以

看到他们实际上访问了

其中一个中的特斯拉视频

上海

的仓库大多数攻击背后的主要动机

是

窃取或暴露数据以

创建目标金融资产

或能够访问用户帐户

每天发生 300 万

次攻击正在

针对

软件级别

的漏洞，例如您的 facebook

应用程序

或 Windows 操作系统

可能使攻击者能够推翻您的

设备或您的图标以

接管它，

但是

可以

使用一些更新来修补这些软件漏洞，因为

您可能在想要关闭笔记本电脑时看到

了一组安全更新通知

并且无论何时安装这些更新，

您的系统都将免受这些