-
8/8/2019 Attacks on Mobile and Embedded Systems: Current Trends
1/18
Attacks on Mobile and
Embedded Systems:Current Trends
Introduction
A Brief History of Hacking
Hackings Dangerous Third Wave
Conclusion
References and Further Reading
Revised April 30, 2009
350 Sansome Street
Suite 1010
San Francisco, CA 94104
415-617-0055 Phone
866-213-1273 Toll Free
www.mocana.com
Copyright 2009Mocana Corp.
-
8/8/2019 Attacks on Mobile and Embedded Systems: Current Trends
2/18
Attacks on Mobile and Embedded Systems: Current Trends Free evaluation code at www.mocana.com/evaluate.html
Introduction
In todays world of ubiquitous computing, cyberattacks are becoming morevirulent, costlier, and larger in scope than ever before. Unlike previous
incarnations of hacking, current attacks on computer systems are professionally
coordinated, multifaceted, and motivated by the promise of profits on a massive
scale.
With millions of new electronic devices connecting to the internet every day,
hackers are increasingly focused on a new type of target: mobile and embedded
systems. Such systems include point-of-sale terminals, wireless routers, smart
phones, networked office machines such as printers, and even the utility
infrastructure.
In March 2008, European authorities uncovered a credit card data siphoning
operation using point-of-sale terminals manufactured in China. The scam involved
conspirators in several countries, including workers at the Chinese factory.
Before the point-of-sale readers were sent to Europe, they were hacked with
a tiny, extra chip behind the motherboard. Once the machines were installed,
their specially programmed chips siphoned off customers credit card dataat
unpredictable and nearly undetectable intervalsand relayed it from Europe to
Pakistan. The thieves made off with at least $50 million before the scheme was
discovered [H4].
Cutting-edge hackers are acutely aware that many of the security procedures
and applications in use today have been designed for PC workstations, and are
thus unable to thwart attacks on mobile and embedded systems. Smartphones,
for example, remain notoriously insecure, yet they are gaining popularity as
platforms for exchanging confidential data and conducting financial transactions.
Billions of dollars are at risk as people do more and more of their everyday
banking and shopping on mobile and wireless devices. Even heart pacemakers
have joined the networked world and are now vulnerable to hacking.
Perhaps most ominous of the new hacking trends is the upsurge in cyberattacks
against our utility infrastructure. If hackers continue to attack the so-called smart
grid, which connects sensors and control systems with sophisticated computers
and networks, they could bring our nations commerce to a standstill, endanger
lives, and put our national security at risk.
.last year[2008] now
appears to have
been a turning
point in the
professionalism
of cyber crime.
The software
development
skills anddata mining
capabilities of
organized crime
are believed
to be second
to none. They
(whoever that
is) are stealingvast amounts of
our data, though
no-one really
understands
the logic in their
targets.David Lacy, Computer Weekly, March 4,
2009 (http://www.computerweekly.com/
blogs/david_lacey/2009/03/apocalypse_
soon.html)
-
8/8/2019 Attacks on Mobile and Embedded Systems: Current Trends
3/18
Attacks on Mobile and Embedded Systems: Current Trends Free evaluation code at www.mocana.com/evaluate.html
In this dangerous new interconnected world, we need to take a serious look
at what types of hacking strategies are being employed today, and implement
security solutions that are designed specifically for mobile and embeddeddevices. This paper attempts to highlight some of the latest attacks against
embedded systems, including mobile phones, medical devices, and the nations
electric infrastructure.
A Brief History of Hacking
Years ago, hacking was an amateur, underground activity, commonly associated
with thrill-seeking pranksters whose main intent was showing off their
computing prowess or expressing their anti-authoritarian sentiments. To be a
hacker was to have street credat least among the technologically savvy.
Although hackers activity was often illegal it was rarely malicious, and they
usually didnt fit the profile of career criminals.
Phone
Phreaking
1970 1982 1988 1993 2005 2009
TCP/IP
Internet Protocol /
amateur hackers /
BBSes
Paris Hiltons
T-Mobile USA
Sidekick hacked
Kevin Mitnick /
Increase in attacks
on commercial
enterprises
Increase in attacks
on mobile devices, em-
bedded systems, the
internet of things
FIRST WAVE SECOND WAVE THIRD WAVE
Hacking group
414s break into
Los Alamos Natl
Lab. computers
U.S. House of
Rep. begins hear-
ings on computer
security hacking
Morris
worm /
CERT
established
1977
Federal Computer Systems
Protection Act, defining
computer crimes & recom-mended penalties, fails to pass
2000
ILOVEYOU
worm infects
millions
within hours
Dmitry Sklyarov becomes 1st
person charged with violating
the Digital Millenium CopyrightAct (DCMA) at DEFCON
First DEFCON
hacking conference
held; becomesan annual event
U.S. GAO reports that in 1995,
hackers tried to break into
Defense Dept. files 250,000 times;
~65% of tries were successful
First RSA
Conference
held
Some of the early hackers of the 1970s focused on the telephone system.
Calling themselves [phone] phreaks, or phreakers, they helped themselves to
free long distance by simulating the sounds of phone signals. In the 1980s, when
personal computers became widely available, phone phreaks and other hackers
-
8/8/2019 Attacks on Mobile and Embedded Systems: Current Trends
4/18
Attacks on Mobile and Embedded Systems: Current Trends Free evaluation code at www.mocana.com/evaluate.html
began using modems to connect to Bulletin Board Systems (BBSes), where they
exchanged messages about how to break into computers, steal passwords, and
wreak other kinds of electronic havoc. By 1986, hackers had threatened enough
government and corporate computer systems to prompt the U.S. Government
to make hacking a crime. In 1988, foreshadowing the types of attacks that lay
ahead, ArpaNET, the U.S. governments precursor to the internet, was brought
to a standstill by a hackers experimental, self-replicating worm program that
spread to 6000 of the networks computers.
Around the dawn of the commercial internet in the 1990s, a second wave of
hacking, which took on a more overtly criminal sensibility, began to emerge. One
of the most famous of these second-wave attacks was traced to the notorious
serial hacker, Kevin Mitnick, who was eventually arrested for stealing 20,000
credit card numbers.
Also in the 1990s, a group of hackers broke into Citibanks computers and
siphoned off $10 million to their overseas bank accounts [H5].
Since the early 1990s, hackers have developed a rapidly mutating and
increasingly clever repertoire of attack strategies: embedding rogue programs
in legitimate applications, installing keystroke recorders on unwitting users
computers, spoofing legitimate websites to phish for personal data, hijacking
database information through SQL injection attacks, and even enlisting massive
armies of zombie computers (botnets) to spew out phishing emails and spam.
Today, all classes of cybercrooks, from small-time con artists out to make a quickbuck to international crime syndicates, are logging into the global cybercrime
marketplace to buy and sell malware kits, stolen credit card numbers, how-to-
hack manuals, and criminalized software development services, in a shadow
economy worth over $750 million in 2007 [H2].
Hackings Dangerous Third Wave
Now, with the advent of what some technologists call the internet of
things (see Figure 3), we are encountering a third wave of hackingone that
encompasses not only wired computers and networks, but intelligent devices:
wireless phones, routers and switches, printers, SCADA (Supervisory Control
And Data Acquisition) systems, and even medical devices. This new hacking
wave is poised to bypass the amateur street-cred phase and move directly to
well-honed, massively coordinated, sophisticated attacks. It is now becoming
clear that hackings third wave will almost certainly include terrorist cyberstrikes
-
8/8/2019 Attacks on Mobile and Embedded Systems: Current Trends
5/18
Attacks on Mobile and Embedded Systems: Current Trends Free evaluation code at www.mocana.com/evaluate.html
against the utility and industrial infrastructure (the smart grid)a danger we
can no longer dismiss as a spy movie scenario.
Electric Toothbrush:Automatically reordersbrush heads, sharesbrushing habitswith your dentist
Automobile:Maps traffic in realtime; others cantrack your location
Computer:Centralized control forremote interface toany other device
Media Player:Remotely ordersnew songs & video
Microwave:Automatically setscook cycle withRFID recognition
Printer:Automaticallyreorders toner andpaper as needed
VoIP phone:Automatic updates,integration andforwarding
Refrigerator:RFID tags reordersgroceries asneeded, andsuggests recipes
Alarm Clock:Remote programs,custom tones, turnson coffee maker
Coffee Maker:Custom setting foreach coffee type,starts when alarmgoes off
Oven: Ovensettings fromcomputer or phoneif running late
HVAC: Controlstemperature &lights for maximumefficiency
Television:Immediate one-clickordering of productsseen on commercials
Exercise Equipment:Recognizes individualuser and tracksworkout schedule
Vending:Automaticallyreorders suppliesbefore its empty
Cell Phone:Secure performs
identification &verification forpayments
Smart Scale:Measures andsends weight info forprogress tracking
Building Security:Security camerasinteract with facialrecognition database
Home / Bed Workplace Home / Bed
COMMUTE COMMUTE
Figure 3. The Internet of Things
This paper discusses several of these new attack trends:
Growing attacks on soft infrastructure targets
Long-predicted threats to cellular network & smartphones manifesting
themselves
The rush to network medical devices outpaces security
Ubiquity of easily-hacked RFID technology threatening privacy, driving the
growth of sophisticated identity thefts
Everyday home and office deviceshackers gateway to your network
-
8/8/2019 Attacks on Mobile and Embedded Systems: Current Trends
6/18
-
8/8/2019 Attacks on Mobile and Embedded Systems: Current Trends
7/18
-
8/8/2019 Attacks on Mobile and Embedded Systems: Current Trends
8/18
Attacks on Mobile and Embedded Systems: Current Trends Free evaluation code at www.mocana.com/evaluate.html
not want any information about SCADA breaches to fall into the wrong hands, so
they fail to share information freely. According to Alan Paller, Director of Research
for the SANS Institute, A careful statistical analysis of validated control
system incidents at 22 major corporations indicates that the incidents are
far more widespread than commonly believed, the targets more wide ranging
and the attackers are not who we think they are. Even more ominous, the data
shows that getting into most control systems is surprisingly easy [S11]. For
example, in March of 2008, a nuclear power plant was accidentally shut down
because a computer used to monitor chemical and diagnostic data rebooted after
a software update. In another incident in 2008, a teenager in Poland rigged a TV
remote control to control the switch tracks of trams. There were four derailments
and twelve resultant injuries [S4].
Most frighteningly, attacks against SCADA devices are being carried out byenemy nations as part of a greater cyberwarfare strategy to sabotage the
U.S. economy and infrastructure. In the U.K., government agencies report that
attacks against infrastructure targets have increased dramatically. In June 2008,
the UKs National Infrastructure Security Co-Ordination Centre issued a public
advisory about a series of targeted attacks against the UK central government
and commercial organizations for the purpose of gathering and transmitting
otherwise privileged information[H8].
Trend #2: Long-Predicted Threats
to Cellular Network & Smartphones
Manifesting Themselves
Researchers are predicting that 2009 will be a significant year for mobile attacks
[H10]. With the rise of unlimited data plans, open networks, readily downloadable
applications, and the lack of strong security, hackers, spammers, and phishers
are now beginning to recognize the profit potential of mobile phones [M4].
Adding to the allure of mobile hacking for cybercriminals are the fraud
opportunities presented by the burgeoning mobile financial services market.
The number of active users of mobile banking and related financial servicesworldwide is expected to rise from 20 million in 2008 to 913 million in 2014 [M4].
The latest mobile phones are also the most vulnerable to attack. Smartphones,
such as the Apple iPhone and the Google Android phone, now come with
real browsers with JavaScript engines, exposing them to traditional browser
attacks, such as Cross-Site Scripting (XSS), Clickjacking, phishing, and other
A careful
statistical
analysis ofvalidated control
system incidents
at 22 major
corporations
indicates that
the incidents
are far more
widespread
than commonly
believed, the
targets more
wide ranging
and the attackers
are not who we
think they are.Alan Paller, Director of Research for the
SANS Institute
-
8/8/2019 Attacks on Mobile and Embedded Systems: Current Trends
9/18
Attacks on Mobile and Embedded Systems: Current Trends Free evaluation code at www.mocana.com/evaluate.html
malicious techniques. These phones are also vulnerable to man-in-the-middle
attacks, in which a hacker could come between the phone and a web server and
offer malware in the guise of a legitimate update to one of the users trusted
applications. Other vectors for smartphone attacks include email, attachments,
web pages, MMS, Facebook, WiFi, and Bluetooth [M3].
As the iPhone and other smart phones continue to gain market share at a rapid
rate, hackers will increasingly focus their efforts on mobile devices. However,
it is doubtful that this new wave of hacking will go through an extended phase
of nuisance hacking as was the case with PCs, instead skipping straight to
for-profit hacking. Although the first iPhone or Android malware writers might
be motivated by street cred like earlier hackers, professional criminals are sure
to follow quickly. According to researchers, the newest of the 420 smartphone
viruses identified since 2004 have reached a state of sophistication that tookcomputer viruses about two decades to achieve [M6]. Figure 6, from McAfee
[M2], illustrates how mobile security threats have been increasing since the
introduction of popular smartphones.
2008
2007
2006
2008
2007
2006
2008
2007
2006
2008
2007
2006
2008
2007
2006
2008
2007
2006
2008
2007
2006
2008
2007
2006
60%
50%
40%
30%
20%
10%
0%
Networkorservice
capacityissues
Virus/spyware
infections
Voiceo
rtext
spama
ttacks
Third
party
application/co
ntent
problems
Lossofuse
rdata
fromd
evices
Phishinga
ttacks
inany
form
Privac
yand
regulatoryissues
Denialof
servicea
ttacks
Figure 6. The increase in security issues experienced by mobile device usersfrom 2006 to 2008; % of respondents. McAfee Mobile Security Report 2009
-
8/8/2019 Attacks on Mobile and Embedded Systems: Current Trends
10/18
-
8/8/2019 Attacks on Mobile and Embedded Systems: Current Trends
11/18
Attacks on Mobile and Embedded Systems: Current Trends Free evaluation code at www.mocana.com/evaluate.html
Trend #3: The Rush to Network Medical
Devices Outpaces Security
One truly scary attack trend is the growing offensive against medical devices.
A large number of medical devices, such as heart pacemakers, implantable
cardioverter-defibrillators (ICDs), bedside monitors, MRI machines, and portable
drug-delivery pumps, have a CPU and an IP address that enable them to transmit
and receive information, but also expose them to attacks.
Medical devices, which far outnumber hospital PC workstations, are usually
the softest targets on a hospital network, lacking firewalls, malware protection,
strong encryption, or even recent security or OS updates. Medical devices are
increasingly leveraging IP and common OS platforms that enable them to utilize
large libraries of software and communicate more easily. But in the rush toestablish common platforms and network these devices, security concerns have
been poorly addressed.
Mocanas CEO, Adrian Turner, says, The same types of attacks that have
traditionally targeted sectors such as consumer electronics are being directed at
medical devices, with potentially fatal consequences. Attacks were beginning to
see directed at medical devices include:
Sniffing (also called snooping) or eavesdropping.
Theft of sensitive information.
Data destruction.
Zombification. A zombie is a device attached to the Internet that has been
compromised by a hacker, virus, or Trojan horse, and can be remotely used,
without the owners knowledge, to perform malicious tasks [D4].
Bricking. This usually refers to damage to system software or firmware, which
would require a complete system wipe and reinstall in order to regain use
of the device. In the case of medical devices, this could entail sending the
product back to the manufacturer.
In a paper published last year by the Medical Device Security center about
pacemakers and ICDs, researchers described how they were able to hack into an
ICD and intercept private data transmissions [D3]. They revealed that ICDs could
be hacked to alter patient data or reset how shocks are administered. Tadayoshi
Kohno, a lead researcher on the project at the University of Washington, who has
studied vulnerability to hacking of networked computers and voting machines,
says that the risks to patients now are very low, but I worry that they could
increase in the future [D1].
-
8/8/2019 Attacks on Mobile and Embedded Systems: Current Trends
12/18
Attacks on Mobile and Embedded Systems: Current Trends Free evaluation code at www.mocana.com/evaluate.html
Trend #4: Ubiquity of Easily-Hacked RFID
Technology Threatening Privacy, Driving the
Growth of Sophisticated Identity Thefts
One of the most common attacks on wireless networks is war driving, in which
hackers drive around a neighborhood, hunting for unsecured wireless nodes.
In the latest twist on war driving, a security expert cruised around Fishermans
Wharf, armed with a cheap RFID scanner and a low-profile antenna, and
managed to clone half a dozen electronic, wallet-sized passports in an hour.
This war cloning experiment was so successful, says the researcher, because
the type of RFID in the Homeland Securitys version of a passport emits a real
radio signal, which could conceivably be tracked from a couple of miles away.
Although no criminal hacks of passports or e-licenses have been detected to
date, this insecure technology poses a strong risk for identity theft and invasion
of privacy [R1].
In another RFID hack, anyone with $8 worth of equipment bought on EBay can
sniff the credit card number, cardholder name, and other personal information off
an RFID-equipped, smart credit cardwithout physically coming into contact
with the card. The problem with these contactless credit cards, says inventor
Pablos Herman, is that the data is decrypted at the point of sale by a machine
rather than at the card companys secure data center [R3].
Trend #5: Everyday Home and Office Devices
Hackers Gateway to your Network
In todays hypernetworked corporate environment, more and more office
machines are equipped with an IP addresswhich means that even a seemingly
harmless and mundane peripheral, such as a shared printer, can pose a
dangerous security risk. Hackers are increasingly exploiting long-forgotten
or ignored printers, faxes, and scanners to bypass firewalls and penetrate a
network. If, as one amateur hacker has shown, its possible to gain access to an
unsecured printer using just Google and a web browser, imagine what a hacker
could do with access to a fax machine and an outside phone line. [P1] No matter
how ordinary, every device on a network needs good security!
-
8/8/2019 Attacks on Mobile and Embedded Systems: Current Trends
13/18
Attacks on Mobile and Embedded Systems: Current Trends Free evaluation code at www.mocana.com/evaluate.html
ConclusionClearly, weve come a long way from the days of phone phreaks and Kevin
Mitnick. The latest attack trends threaten not only our privacy, our data, and
our money, but our national security and even our lives. When the possibility
of hackers controlling peoples pacemakers is a topic of serious research, we
know were in a new world, one that holds the great promise of connectivity and
ubiquitous computing, but also the potential for criminality and disruption on a
grand scale.
To defend against the new wave of attacks, we need a strategy that is equal
to the adversarymultilayered, complex, and well-organizedand is focused
on the mobile and embedded devices that make up the internet of things.
The alternative to protecting these devices (mobile botnets and compromisedwater systems; out-of-sync heart pacemakers and stolen identities) presents an
unacceptably high risk.
-
8/8/2019 Attacks on Mobile and Embedded Systems: Current Trends
14/18
Attacks on Mobile and Embedded Systems: Current Trends Free evaluation code at www.mocana.com/evaluate.html
References and Further Reading
[H1] Cisco, Inc. Cisco 2008 Annual Security Report, December 2008, URL: http://www.
cisco.com/go/securityreport.
[H2] Marc Fossi, Eric Johnson, Dean Turner, et al., Symantec report on the underground
economy, November 2008, URL: http://eval.symantec.com/mktginfo/enterprise/
white_papers/b-whitepaper_underground_economy_report_11-2008-14525717.
en-us.pdf, accessed: 2009-4-6. (Archived by WebCite at http://www.webcitation.
org/5gELyrFgr)
[H3] Merrick Furst, Richard M. George, George Heron, et al., Georgia Tech Information
Security Center Emerging Cyber Threats Report for 2009, October, 2008.
[H4] Siobhan Gorman, Fraud Ring Funnels Data From Cards to Pakistan
Wall Street Journal, October 11, 2008, URL: http://online.wsj.com/article/
SB122366999999723871.html, accessed 2009-3-20. (Archived by WebCite at
http://www.webcitation.org/5gF1zAfd1 )
[H5] Is Hacking Always Bad? Hacking Alert.com, URL: http://www.hackingalert.
com/hacking-articles/history-of-hacking.php, accessed 2009-3-20. (Archived by
WebCite at http://www.webcitation.org/5gELyrFhH )
[H6] Malware Trends: What Will Attack Us in 2009? H-Desk.com, Nov 25, 2008,
URL: http://www.h-desk.com/articles/Malware_Trends__What_Will_Attack_Us_
in_2009__a45_f0.html, accessed: 2009-4-6. (Archived by WebCite at http://www.
webcitation.org/5gELyrFhl)
[H7] Networking and Information Technology Research and Development Program
(NITRDP), Networking and Information Technology Research and Development,
Supplement to the Presidents Budget for Fiscal Year 2009, February 2008.
[H8] Pinsent Masons LLP, Hack Attacks Shift to Applications, November 23, 2005,
URL: http://www.out-law.com/page-6374, accessed: 2009-4-6. (Archived by
WebCite at http://www.webcitation.org/5gELyrFhS )
[H9] Sophos, Sophos Security Threat Report: 2009, 2008.
[H10] Trend Micro, Inc., Trend Micro 2008 Annual Threat Roundup and 2009 Forecast,
2008.
[H11] ZScaler, 2009 Web Security Predictions, January 6, 2009. URL: http://research.
zscaler.com/2009/01/web-security-predictions.html , accessed: 2009-4-6. (Archived
by WebCite at http://www.webcitation.org/5gELyrFhc )
-
8/8/2019 Attacks on Mobile and Embedded Systems: Current Trends
15/18
Attacks on Mobile and Embedded Systems: Current Trends Free evaluation code at www.mocana.com/evaluate.html
[M1] Bill Brenner, Mobile Malware: What Happens Next? CSO, November 13, 2008,
URL: http://www.cso.com.au/article/267157/mobile_malware_what_happens_
next?pp=1, accessed: 2009-4-6. (Archived by WebCite at http://www.webcitation.
org/5gELyrFij)
[M2] McAfee and Informa Telecoms and Media, Mobile Security Report 2009, 2009,
URL: http://www.mcafee.com/us/local_content/reports/mobile_security_
report_2009.pdf, accessed: 2009-4-2 (Archived by WebCite at http://www.
webcitation.org/5gExlvgs2)
[M3] Elinor Mills, Mobile: The holy grail at security conference, CNet News, March
20, 2009, URL: http://news.cnet.com/security/?keyword=smartphones , accessed
2009-3-20. (Archived by WebCite at http://www.webcitation.org/5gELyrFi4 )
[M4] Mobile hackers cash in on lack of protection offered by networks, SC Magazine,
April 2, 2009, URL: http://www.scmagazineuk.com/Mobile-hackers-cash-in-on-lack-of-protection-offered-by-networks/article/129941/, accessed 2009-3-20. (Archived
by WebCite at http://www.webcitation.org/5gELyrFiZ )
[M5] Sarah Perez, First Came Geo-Awareness, Then Came Geo-Aware Malware,
ReadWriteWeb, March 17, 2009, URL: http://www.readwriteweb.com/archives/
first_came_geo-awareness_then_came_geo-aware_malware.php , accessed 2009-
3-20. (Archived by WebCite at http://www.webcitation.org/5gELyrFiE )
[M6] Pu Wang, Marta C. Gonzlez, Csar A. Hidalgo, Albert-Lszl Barabsi,
Understanding the Spreading Patterns of Mobile Phone Viruses, ScienceExpress
Report, April 2, 2009, URL: http://www.sciencexpress.org, accessed 2009-3-20.
(Archived by WebCite at http://www.webcitation.org/5gELyrFiO )
[D1] Barnaby J. Feder, A Heart Device Is Found Vulnerable to Hacker Attacks,
New York Times, March 12, 2008, URL: http://www.nytimes.com/2008/03/12/
business/12heart-web.html, accessed: 2009-4-6. (Archived by WebCite at http://
www.webcitation.org/5gExlvgsU )
[D2] Maria Fontenazza, Hackers May Prey on Medical Devices, Medical Device Link,
Medical Device and Diagnostic Industry, URL: http://www.devicelink.com/mddi/
archive/09/03/011.html , accessed: 2009-4-6. (Archived by WebCite at http://www.
devicelink.com/mddi/archive/09/03/011.html)
[D3] Daniel Halperin, Thomas S. Heydt-Benjamin, Benjamin Ransford, et al. Pacemakersand Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power
Defenses, May 2008, URL: http://www.secure-medicine.org/icd-study/icd-study.
pdf, accessed: 2009-4-6. (Archived by WebCite at http://www.webcitation.
org/5gELyrFit)
-
8/8/2019 Attacks on Mobile and Embedded Systems: Current Trends
16/18
Attacks on Mobile and Embedded Systems: Current Trends Free evaluation code at www.mocana.com/evaluate.html
[D4] Ryan Singel, WiFi Pacemaker Hack Leads to Real Life Zombie Armies? Wired,
March 12, 2008, URL: http://blog.wired.com/27bstroke6/2008/03/wifi-pacemaker.
html, accessed: 2009-4-6. (Archived by WebCite at http://www.webcitation.
org/5gExlvgsg)
[S1] Ted Bridis, CIA: Hackers demanding cash disrupted power - Electrical utilities in
multiple overseas cities affected MSNBC.com, January 18, 2008, URL: http://
www.msnbc.msn.com/id/22734229/, accessed: 2009-4-6. (Archived by WebCite
at http://www.webcitation.org/5gExlvgt2 )
[S2] Eric Byres, David Leversage, and Nate Kube, Security incidents and trends in
SCADA and process industries, May 2007, URL: http://www.mtl-inst.com/images/
uploads/datasheets/IEBook_May_07_SCADA_Security_Trends.pdf .
[S3] Alvaro A. Crdenas, Saurabh Amin, Shankar Sastry, UC Berkeley, ResearchChallenges for the Security of Control Systems, 1999. URL: http://www.usenix.
org/event/hotsec08/tech/full_papers/cardenas/cardenas_html/, accessed: 2009-4-6.
(Archived by WebCite at http://www.webcitation.org/5gExlvgtK )
[S4] Glenn Derene, How Vulnerable is U.S. Infrastructure to a Major Cyber Attack?
Popular Mechanics, April, 2009, URL: http://www.popularmechanics.com/
technology/military_law/4307521.html , accessed: 2009-4-6. (Archived by WebCite
at http://www.webcitation.org/5gExlvgtT )
[S5] Grant Gross, Expert: Hackers penetrating control systems, InfoWorld Security
Central, March 19, 2009, URL: http://www.infoworld.com/d/security-central/
expert-hackers-penetrating-control-systems-084, accessed: 2009-4-6. (Archived by
WebCite at http://www.webcitation.org/5gELyrFjb )
[S6] Wes Iverson, Hackers Step Up SCADA Attacks, Automation World, November
1, 2004, URL: http://www.automationworld.com/news-957, accessed: 2009-4-6
(Archived by WebCite at http://www.webcitation.org/5gExlvgsq )
[S7] David Lacy, Apocalypse Soon? Computer Weekly, March 4, 2009, URL: http://
www.computerweekly.com/blogs/david_lacey/2009/03/apocalypse_soon.
html, accessed: 2009-4-6. (Archived by WebCite at http://www.webcitation.
org/5gELyrFjm)
[S8] Nathan McFeters, Hacking SCADA for terrorism and destruction, Zero Day
(ZDNet), June 12, 2008, URL: http://blogs.zdnet.com/security/?p=1268, accessed:
2009-4-6. (Archived by WebCite at http://www.webcitation.org/5gELyrFjS )
[S9] National Cyber Security Research and Development Challenges, Institute for
Information Infrastructure Protection (I3P), A Report to the Senate Committee on
Homeland Security and Governmental Affairs, 2009.
[S10] The Return of SCADA vulnerability, Industrial IT, February 9, 2008, URL:
http://www.industrialit.com.au/Article/The-return-of-the-SCADA-security-
-
8/8/2019 Attacks on Mobile and Embedded Systems: Current Trends
17/18
Attacks on Mobile and Embedded Systems: Current Trends Free evaluation code at www.mocana.com/evaluate.html
vulnerability/437404.aspx , accessed: 2009-4-6. (Archived by WebCite at http://
www.webcitation.org/5gELyrFjw)
[S11] SANS Institute, Special Webcast: Cyber Attacks Against SCADA and Control
SystemsReal World Trends and Real World Solutions, September 7, 2008,
URL: https://www.sans.org/webcasts/show.php?webcastid=90748. (Archived by
WebCite at http://www.webcitation.org/5gExlvgtB )
[R1] Kelly Jackson Higgins, Drive-By War Cloning Attack Hacks Electronic Passports,
Drivers Licenses: researcher demonstrates the ease of scanning and cloning new
Homeland Security-issued ID cards, Dark Reading, February 2, 2009, URL: http://
www.darkreading.com/security/privacy/showArticle.jhtml?articleID=213000321,
accessed 2009-4-6. (Archived by WebCite at http://www.webcitation.
org/5gELyrFkE)
[R2] Joel Hruska, Internet tubes dripping with raw sewage of DDoS attacks, Ars
Technica, April 3, 2008 http://arstechnica.com/news.ars/post/20080403-internet-
tubes-dripping-with-raw-sewage-of-ddos-attacks.html , accessed 2009-3-20.
(Archived by WebCite at http://www.webcitation.org/5gELyrFkW )
[R3] Joanne Kelleher, Another RFID HackContactless Credit Cards, RFID Security,
March 25, 2008, URL: http://www.securerf.com/RFID-Security-blog/?p=47,
accessed 2009-4-22. (Archived by WebCite at http://www.webcitation.
org/5gExlvgtc)
[P1] David Strom, Beware of Network Printer Hacks, David Stroms Web Informant,
May 30, 2008, URL: http://strom.wordpress.com/2008/05/30/beware-of-network-
printer-hacks/, accessed 2009-4-22. (Archived by WebCite at http://www.
webcitation.org/5gExlvgt)
-
8/8/2019 Attacks on Mobile and Embedded Systems: Current Trends
18/18
Attacks on Mobile and Embedded Systems: Current Trends Free evaluation code at www.mocana.com/evaluate.html
Tech
Choice2008
VPNCCERTIFIED
Basic
Interop
AES
Interop
IKEv2 BasicInterop
IPv6Interop
About MocanaMocana secures the Internet of Things: the ubiquitous devices of our lives,
our infrastructure, and the enterprise networks to which they connect. As
connected devices proliferatethey already outnumber workstations on the
Internet by about 5 to 1attacks on these soft targets are rising exponentially.
Mocanas solutions ensure that wired and wireless devices, servers, networks,
and their services all scale securely. Customers include Dell, Cisco, Avaya,
Nortel Networks, Harris, Honeywell, Symbol, and Radvision, among others. The
company was recently named one of Red Herrings GLOBAL 100one of the
Top 100 Privately-Held Companies in the World for 2008, and also won Frost
& Sullivans Technology Innovation of the Year award. For more information, visit
www.mocana.com.
Downloads and Contacts
For details about the Mocana Device Security Framework, visit http://www.
mocana.com/device-security-framework.html.
For your 90-day free trial, visit www.mocana.com/evaluate.html .
For pricing and purchase information, email [email protected] or call
866-213-1273.
Mocana Solutions
NanoBoot
Secure preboot verification
for firmware
NanoUpdate
Secure firmware updates
NanoWall
Embedded system firewall
NanoSSH
High-performance
SSH client and server
NanoSSL
Super-small SSL client and
server
NanoSec
Device-optimized IPsec,
IKEv1/v2, MOBIKE
NanoEAP
EAP supplicant and
802.11 extensions
NanoCert
Certificate management
for client devices
NanoDTLS
Embedded DTLS client
NanoDefender
Intrusion detection
for devicesDSF for Android
Quick-development
security toolkit for
Google Android handsets
http://www.mocana.com/device-security-framework.htmlhttp://www.mocana.com/device-security-framework.htmlhttp://www.mocana.com/evaluate.htmlmailto:[email protected]://www.mocana.com/evaluate.htmlhttp://www.mocana.com/device-security-framework.htmlhttp://www.mocana.com/device-security-framework.htmlmailto:[email protected]