اشترك بالحزمة الذهبية واحصل على وصول غير محدود شمرا أكاديميا
تسجيل مستخدم جديدTrojan of Things: Embedding Malicious NFC Tags into Common Objects
60
0
0.0
(
0
)
اسأل ChatGPT حول البحث
ﻻ يوجد ملخص باللغة العربية
We present a novel proof-of-concept attack named Trojan of Things (ToT), which aims to attack NFC- enabled mobile devices such as smartphones. The key idea of ToT attacks is to covertly embed maliciously programmed NFC tags into common objects routinely encountered in daily life such as banknotes, clothing, or furniture, which are not considered as NFC touchpoints. To fully explore the threat of ToT, we develop two striking techniques named ToT device and Phantom touch generator. These techniques enable an attacker to carry out various severe and sophisticated attacks unbeknownst to the device owner who unintentionally puts the device close to a ToT. We discuss the feasibility of the attack as well as the possible countermeasures against the threats of ToT attacks.
قيم البحث
اقرأ أيضاً
Near-Field Communication (NFC) is a modern technology for short range communication with a variety of applications ranging from physical access control to contactless payments. These applications are often heralded as being more secure, as they requi
re close physical proximity and do not involve Wi-Fi or mobile networks. However, these systems are still vulnerable to security attacks at the time of transaction, as they require little to no additional authentication from the users end. In this paper, we propose a method to attack mobile-based NFC payment methods and make payments at locations far away from where the attack occurs. We evaluate our methods on our personal Apple and Google Pay accounts and demonstrate two successful attacks on these NFC payment systems.
Register Files (RFs) are the most frequently accessed memories in a microprocessor for fast and efficient computation and control logic. Segment registers and control registers are especially critical for maintaining the CPU mode of execution that de
terminesthe access privileges. In this work, we explore the vulnerabilities in RF and propose a class of hardware Trojans which can inject faults during read or retention mode. The Trojan trigger is activated if one pre-selected address of L1 data-cache is hammered for certain number of times. The trigger evades post-silicon test since the required number of hammering to trigger is significantly high even under process and temperature variation. Once activated, the trigger can deliver payloads to cause Bitcell Corruption (BC) and inject read error by Read Port (RP) and Local Bitline (LBL). We model the Trojan in GEM5 architectural simulator performing a privilege escalation. We propose countermeasures such as read verification leveraging multiport feature, securing control and segment registers by hashing and L1 address obfuscation.
Imagine when you line up in a store, the person in front of you can make you pay her bill by using a passive wearable device that forces a scan of your credit card without your awareness. An important assumption of todays Near-field Communication (NF
C) enabled cards is the limited communication range between the commercial reader and the NFC cards -- a distance below 5~cm. Previous approaches to attacking this assumption effectively use mobile phones and active relays to enlarge the communication range, in order to attack the NFC cards. However, these approaches require a power supply at the adversary side, and can be easily localized when mobile phones or active relays transmit NFC signals. We propose ReCoil, a system that uses wearable passive relays to attack NFC cards by expanding the communication range to 49.6 centimeters, a ten-fold improvement over its intended commercial distance. ReCoil is a magnetically coupled resonant wireless power transfer system, which optimizes the energy transfer by searching the optimal geometry parameters. Specifically, we first narrow down the feasible area reasonably and design the ReCoil-Ant Colony Algorithm such that the relays absorb the maximum energy from the reader. In order to reroute the signal to pass over the surface of human body, we then design a half waist band by carefully analyzing the impact of the distance and orientation between two coils on the mutual inductance. Then, three more coils are added to the system to keep enlarging the communication range. Finally, extensive experiment results validate our analysis, showing that our passive relays composed of common copper wires and tunable capacitors expand the range of NFC attacks to 49.6 centimeters.
URLs are central to a myriad of cyber-security threats, from phishing to the distribution of malware. Their inherent ease of use and familiarity is continuously abused by attackers to evade defences and deceive end-users. Seemingly dissimilar URLs ar
e being used in an organized way to perform phishing attacks and distribute malware. We refer to such behaviours as campaigns, with the hypothesis being that attacks are often coordinated to maximize success rates and develop evasion tactics. The aim is to gain better insights into campaigns, bolster our grasp of their characteristics, and thus aid the community devise more robust solutions. To this end, we performed extensive research and analysis into 311M records containing 77M unique real-world URLs that were submitted to VirusTotal from Dec 2019 to Jan 2020. From this dataset, 2.6M suspicious campaigns were identified based on their attached metadata, of which 77,810 were doubly verified as malicious. Using the 38.1M records and 9.9M URLs within these malicious campaigns, we provide varied insights such as their targeted victim brands as well as URL sizes and heterogeneity. Some surprising findings were observed, such as detection rates falling to just 13.27% for campaigns that employ more than 100 unique URLs. The paper concludes with several case-studies that illustrate the common malicious techniques employed by attackers to imperil users and circumvent defences.
We present a new vision for smart objects and the Internet of Things wherein mobile robots interact with wirelessly-powered, long-range, ultra-high frequency radio frequency identification (UHF RFID) tags outfitted with sensing capabilities. We explo
re the technology innovations driving this vision by examining recently-commercialized sensor tags that could be affixed-to or embedded-in objects or the environment to yield true embodied intelligence. Using a pair of autonomous mobile robots outfitted with UHF RFID readers, we explore several potential applications where mobile robots interact with sensor tags to perform tasks such as: soil moisture sensing, remote crop monitoring, infrastructure monitoring, water quality monitoring, and remote sensor deployment.
سجل دخول لتتمكن من نشر تعليقات
التعليقات
جاري جلب التعليقات
سجل دخول لتتمكن من متابعة معايير البحث التي قمت باختيارها
