Page 3 of 6

Real time body camera system – Camera Device – part 2

In the last part, we finished the description of our network protocol and its advantages over other encrypted video streaming protocols. In this part, we shall discuss how we created our hardware prototype for the body camera system and what performance problems we had to resolve when we implemented the software part of it. At the end of the article, we shall show you how much our prototype costs and a sample budget for doing something similar.

But before that, let’s first see what our competition was and what features they had for their cameras.

Axon Body 2

The Axon Body 2 is a camera system incorporating an audio and video recording device. This camera is designed for use in harsh environmental conditions encountered in law enforcement, corrections, military, and security activities. The Axon Body 2 camera is designed to record events for secure storage, retrieval, and analysis via Evidence.com services. The recorded events are transferred to your storage solution via the Axon Dock or by using Evidence Sync software installed on a Windows computer.

  • HD Video and Dual Audio Channels: Record in low-light and HD, and make voices more distinct with automatic tuning and noise reduction.
  • Wireless Activation: Axon Signal reports events, like when you open the car door or activate the light bar, so your camera can start recording.
  • Wi-Fi & Bluetooth Connectivity: Use Wi-Fi to stream videos and Bluetooth to assign metadata.
  • Mobile App: Connect with Axon View to stream, tag, and replay videos from your phone.
  • Unmatched Durability: Handle in extreme weather and brutal conditions.
  • Full-Shift Battery: Record for more than 12 hours.
  • Axon RapidLock Mounts: Keep your shot steady with versatile mounts.

Motorola V300 Body Camera

This camera is built specifically for law enforcement. The V300 continuous-operation body-worn camera is ready to go when you are with its detachable battery, 128GB of storage space, wireless uploading, and Record-after-the-Fact® technology. Integrated with the technology you use daily to enhance your focus and combined with powerful device and evidence management software, the V300 body-worn video solution enables you to capture every encounter. 

  • Detachable Battery: Easily change the V300’s rechargeable battery while on the go. Keep an extra battery at the ready for unexpectedly long shifts, extra shifts, or part-time jobs where a body-worn camera is required.
  • Natural Field of View: Eliminate the fisheye effect from wide-angle lenses that warps video footage. Our distortion-correction technology provides clear and complete video evidence.
  • Built-in Display: A clear LCD on the top of the camera allows easy viewing of device status.
  • Absolute Encryption: Elevate your data security with encryption at rest and in transit. The V300 guards your data and your reputation.
  • Rugged & Durable: Tested ruthlessly to survive in a public safety environment, the V300 is shockproof and waterproof to IP67.
  • Automatic Wireless Upload: Send critical video back to headquarters while still in the field. When docked in the car, the V300 body camera uploads to cloud-based or on-premise evidence management systems via wireless networks like LTE and FirstNet, anytime, anywhere.

During the time of development, these were the two main competitions. Both of them lacked the real-time streaming support we wanted. However, both of them had pretty exciting features, without which our solution would not have enough commercial traction. 

After a good amount of market analysis and tests of different technologies, we decided our body camera system to have the following features:

  • Full-Shift Battery: Record for more than 12 hours.
  • Automatic Upload: Send critical video back to headquarters while still in the field.
  • LTE Real-Time Streaming: With adaptive bitrate, we could make our camera system send data during the whole shift.
  • Rugged & Durable: Tested ruthlessly to survive in a public safety environment
  • Built-in Display: A clear LCD in the camera system to allow easy viewing of system status.
  • Absolute Encryption: We wanted data security with encryption at rest and in transit.
  • Fisheye Field Of View: We wanted our camera system to support more than 100 degrees field of view.
  • Low Light Vision: Having in mind that most of the crimes happen during the night, we wanted this feature.

But we had a problem. Being a small, underfunded team located in Burgas, we did not have access to many hardware vendors, nor did we have the hardware team who could implement a body camera system from scratch. We had to take another approach. After a couple of weeks of analysis, we decided to implement a pluggable system using manufactured customer devices. The final system design consisted of the following components:

Hardware

  • Android-based hardware device: For the last decade, almost all Android devices have supported USB On-The-Go. USB On-The-Go (USB OTG or just OTG) is a specification first used in late 2001 that allows USB devices, such as tablets or smartphones, to act as a host, allowing other USB devices, such as USB flash drives, digital cameras, mouse or keyboards, to be attached to them. USB OTG allows those devices to switch back and forth between the roles of Host and Device. A mobile phone may read from removable media as the Host but present itself as a (USB Mass Storage) Device when connected to a host computer. In short, we could attach a standard USB web camera to a typical smartphone.
  • Body mounted USB camera: Here, we had quite an interesting problem. Standard USB web cameras are not tailored for body mounting, neither are they durable enough. We spent a good amount of time checking how to solve this issue, and finally, we managed to find a suitable USB camera vendor using Sony-based camera sensors. The vendor could mount any lens to the camera sensor, and the whole board came with a good amount of mounting holes. After that, one of our hardware people designed a custom mountable case for our USB camera and 3d printed it.
  • New extended battery: The standard battery of our Android device was around 4100mah. Unfortunately, after multiple tests, we saw that with every needed hardware capability activated, aka LTE, USB OTG, GPS, and microphone, the Android device was taking around 800-900mah per hour. And this was not enough for the whole 12 hours shift. So we took the extraordinary decision of creating our battery. Finally, we managed to produce a proof of concept 12400 mah battery replacement for our Android device. And indeed, it took 12 hours to recharge.
  •  Mount for cars and bicycles: We wanted our system to support multiple different mounting points. So, to allow this to happen, we bought standard multi-camera mounts for vehicles and bikes and created adapters for our 3d printed camera to enable attachment to the stock mounts. 

Software

On the diagram, you can see a sample architecture diagram of the solution. With that architecture, we managed to achieve 22 frames per second with streaming and encryption.
  • UDP streamer module: This module’s main functionality was sending UDP packets and receiving answers for these UDP packets. It sent analytics data to the Adaptive bitrate control module to decide how to switch between different formats and resolutions.
  • Encryption module: This module was highly optimized to perform hybrid encryption and decryption of byte objects. We managed to optimize the performance, so the module supported encryption and decryption of real-time h.264 frames coming from the USB module.
  • Network protocol module: Main functionality here was to construct and decode UDP datagrams messages. It used the encryption module to encrypt the data before sending it to the UDP streamer.
  • Adaptive bitrate and codec control module: This module controlled what type of compression strategy to use to ensure that the headquarters will receive data no matter the LTE signal. 
  • Objects pool module: The idea of the module was to reuse different bytes arrays during the lifecycle of the h.264 packets. With around 24 frames streamed per second, creating and destroying many bytes arrays would entirely kill our application.
  • USB camera module: This module wrapped the communication and handling of the USB video camera bus. The idea was to support multiple different cameras and formats here.
  • Telemetry module: In this module, we collected all the additional data we had – current battery consumption, remaining battery time, GPS coordinates, sd card storage, etc.
  • h.264 decoding module: This module’s main functionality was to transfer video frame data in a different format. For example, we supported h.264 frames, png, and jpeg formats. The application was intelligent enough to decide when to switch between the different formats.

We used Java and C++ programming languages for the implementation of all the modules. The only C++ part was the USB camera module because of the low-level communication with the USB bus. 

Let me share some notes on why we decided to use an Android device. We could implement our body camera system using an ARM-based board with Linux installed on top of it. It would dramatically reduce our software efforts. However, from a hardware point of view, most ARM-based boards lacked good CPUs, battery support, and housing. Not to mention, the development of a custom ARM board was entirely outside of our budget. Fortunately, our software was designed this way, so we could easily switch the hardware platform in case of investment or more considerable client interest.

In conclusion, our body camera system managed to fulfill our initial requirements for MVP. It worked well, and we made multiple videos and streams testing it in various environments and locations. Our system even managed to send data through 3G mobile cells in areas where LTE/4G was not supported.

A sample video of how the system works could be found here

Cybersecurity tactics for small teams – Hardware Device Security – part 2

As you can see from the previous paragraphs, there are multiple ways to penetrate your devices. In the following sections, I shall list some methods of making your devices more secure. You can find the previous part – here.

Hardware Security

There are multiple options for physically securing your laptop and smartphone. At the end of the article, I shall give multiple variants for your budget, but ideally, the essential hardware security upgrades are:

  • Secured Notebook Backpack: There are multiple hardware vendors for securing your laptop backpack. It is essential to know the standard branded bags do not offer enough security options. For example, most backpacks do not provide RFID protection and proper locking mechanism.
  • USB Port Lockers: Port lockers can keep your laptop safe from Rubber Ducky-based attacks. At the same time, port lockers are pretty interesting because they make attackers’ lives more complicated in case of steal. To access the USB port of the device, they have to break the locker, which can damage the USB port and make it unusable.
  • Hardware Tokens: Bussines series laptops usually come with internal TPM chips, which can encrypt your entire hard drive. It is terrific, but if you want better security, it is advisable to encrypt your most critical files using external USB hardware tokens.

Antivirus Software

The average number of new malware programs per day is around 450 000. It is an astonishing number and almost destroys the necessity of antivirus software. Still, it is crucial to understand that the goal of your Antivirus Software is to stop the most critical pieces of malware, but not all of them. Let me list some of the mechanisms your Antivirus Software uses to keep you safe.

  • Malware Database: Every Antivirus program comes with a malware database with different strains of already analyzed computer malware. As we already understood, there are around 450 000 new strains per day. Antivirus companies’ teams keep only the most dangerous strains in the database to keep with the speed of making new strains.
  • Malware Scanner: Usually, every malware tries to gain access to resources, which are not part of its resources pool. Antivirus software can monitor your operating system for such activities and can block them and finally notify you.
  • Operating System Files Hash Check: Some antivirus software can check whether there are changes in your operating systems and notify you and revert the system files for the previous state. It is especially true with Red Hat-based Linux distros.

Open Source

One of the reasons people choose Open Source is the level of security it offers. You can perfectly set up your business to use an open-source stack from the beginning. And this is not only the applications but the operating system and even your hardware. Especially Linux is a beautiful example of how an Open Source ecosystem can increase its security by being open. Instead of using pirated software, you download it from a free repo, which has the source code of the app already reviewed. Every major Linux distro has all of its packages signed, and the repo can verify them. But let me list the different advantages an open-source operating system has.



On the diagram, you can see a sample architecture of a Linux system. Usually, SELinux and AppArmor are working on the Kernel level. After version 4.4, Android has SELinux enabled by default.
  • SELinux and AppArmor: SELinux and AppArmor are kernel modifications and user-space tools added to various Linux distributions. Its architecture strives to separate enforcement of security decisions from the security policy and streamlines the amount of software involved with security policy enforcement. Significantly, the fundamental concepts underlying SELinux can be traced to several earlier projects by the United States National Security Agency (NSA).
  • Open Source Repos: All the packages are part of the software repos, maintained by the distro authors. Bigger Linux distros such as Red Hat and SUSE support big security teams to find and patch holes.
  • Open Source Hardware: There are multiple open-source hardware initiatives, including PowerPC and ARM-based processors. It is essential to know those hardware devices attached to your PC come with drivers, and sometimes these drivers can be an entire operating system. For example, server-based Intel Xeon processors come with network-based remote access control.

Budget:

So after we have listed most of the penetration vectors which an attacker can take, we can finish the topic by creating a budget. We will focus the funding towards underfunded organizations with a limited budget for their cybersecurity program. The budget will be per employee.

  • Pacsafe Backpack (190$):  Pacsafe is a brand of travel equipment emphasizing anti-theft features. The company’s products include adventure backpacks, urban and leisure bags, women’s bags, photography bags, luggage, and travel accessories such as straps, cables, and locks. Their middle-end backpacks offer a pretty good level of security.
  • Business Series Laptop (1000$): For this one, I would choose Lenovo Thinkpad-based laptop. It supports TPM and will offer a good level of harddrive encryption. It is essential to mention here that you have to encrypt all of your storage drives, no matter SSD or HDD ones.
  • Laptop Operating System(0$): Here, we shall go with either CentOS or OpenSUSE. I would personally go with CentOS here because of the native SELinux support. If you want to use the Ubuntu operating system, you should live with AppArmor or set yourself SELinux. CentOS additionally support free Antivirus Sofware supporting all the listed features in the previous paragraphs.
  • Smartphone(200$): Here, we shall use any device, which supports LineageOS. LineageOS is an operating system for smartphones, tablet computers, and set-top boxes, based on Android with primarily free and open-source software. It is the successor to the custom ROM CyanogenMod, from which the devs forked it in December 2016. It offers a good level of privacy, including the complete removal of the Google Play Store for the most paranoid ones. Most of the devices officially supported are in the 200$ range.

With a total budget of around 1390$, we achieved a pretty good level of security. Still, a determined attacker can penetrate this setup, but it will take him more time and resources. If you want to improve this setup further, you can add USB locks and hardware tokens. But, again, the improvement will not be much because, in case of hardware steal, hackers would have to break your TPM module, and the TPM modules are designed to resist this kind of attack.

To be continued

Start-Ups: Endgame

After the two weeks-long enforced COVID pause I had to endure, now I am back with the last part of the StartUp Lifecycle series. In this part, we shall speak about what happens after the Start-Up has multiple rounds of bank loans and the usual working strategy after the Start-Up has reached the IPO. Previous parts of the series you can find here and here.

Now, once the Start-Up reaches the IPO status, the modus operandi has to change a bit. The company has to prove itself as a leader in the field and acquire as many clients as possible. Usually, the founders try to balance between too many bank loans and enough income to pay for the developed infrastructure and employees. At that phase, the Start-Up is no longer “categorized” as a Start-Up but usually as a mature and more giant company. Better and more mature processes are established, and usually, the management has to find a way to delegate and distribute the management power and duties.

On the diagram, you can see the standard lifecycle of the given company after IPO. A merger is the most common exit these days.

On the economic side of things, we could not expect new investments and fundings. Usually, the board of directors is trying to survive on IPO and profits. As a rule of thumb, we could expect the company to operate at a loss and cover this loss using IPO profits or bank loans. This way of operation usually gives a good long run of business execution. With this strategy, the company can survive for around 10-15 years, and during this lifespan, the company owners have three options:

  • To find another company for merger or acquisition: At this stage, the company usually has enough assets and IP, which could interest another company. Mergers and acquisitions are typically categorized as successful exits and will leave founders’ reputations intact.
  • To make the company run on profit: Some owners could decide to stop the company’s growth and focus on getting enough clients to keep the company on profit. That was not a rare choice in the past. However, many company owners will pursue option one because it gives them less risk in the long term.
  • To fill bankrupt: As everything in our world, companies could come to an end. Balancing between shares, bank loans, and profit could be tricky sometimes and lead to erroneous results. Significantly, the share price is sometimes quite volatile and could be affected by the CEO’s matters and life choices.

In conclusion, at that stage, companies rarely fall bankrupt. Most owners and major shareholders would prefer to sell the company and its assets instead of bankrupting. At least this way, the employees usually retain their jobs and can be moved to more successful projects in the new company/structure.

Attack of the cables

In last week’s article, I spent some time discussing the disadvantages of penetration testing. The main limiting factor for every red team is the client’s engagement policy. Usually, it is not comparable to a real-life attack. However, at the same time, some of the latest developments in the field are pretty disturbing and could be used by hackers for malicious activities.

One such gadget manufactured by Hak5 looks like an ordinary USB charging/data cable, but it comes equipped with the latest keylogging capabilities. Additionally, the cable supports the following features – Keystroke Injection with DuckyScript™, Keylogging (650,000 key storage), USB-C Smartphone & Tablet Keystroke Injection, Remote Access by WiFi, Customizable Self-Destruct, Multiple storage slots for large payloads, On-Boot payloads, Remote Trigger by WiFi (Geofencing), Long Range WiFi Trigger (2 KM+), Control from any Web Browser and Scriptable WebSocket. In short, that cable is a fully working micro-computer with remote access capabilities for loading payloads and executing them without the victim’s knowledge. As a bonus, it looks exactly like the standard USB to USB-C cable. They either offer versions for Macs.

A creative attacker can think of many uses of these cables. For example, they could ask you to lend them your cable and switch it with the malicious one. They can break into your home/office and swap the cables. They can load the whole supply of a computer shop with these cables and sell you one. The options are almost limitless. With that gadget, you virtually can not trust any cable or flash drive you buy from your hardware equipment supplier, neither your friends nor your family’s equipment.

On the diagram, you can see a sample diagram of how the cable works. It simply cheats the computer using it that it is an ordinary cable. Meanwhile, the hacker sends the payload using Wi-Fi and activates it

We could imagine that the next step for companies such as Hak5 is to embed a fully blown ADB build into the cable and enable remote penetration attacks versus smartphone devices. Such cable will be quite an exciting gadget and could encourage even more attack scenarios.

I have wondered why such equipment is not treated the same way as weapons for a long time. The relative easiness of manufacture and use of such gadgets make them more and more dangerous. Without regulations or even government-based permissions, more and more people will have access to them. What is the guarantee that they will not end in the hands of black hat hackers or criminals? Not to mention that every white or gray hat hacker could potentially go rogue and become a black one. What is the guarantee that such gadgets will not be used for malicious purposes even by licensed professionals?

In conclusion, penetration testing’s land space has become more and more concerning. Without a good set of regulations, we could soon see many people using military-grade hacking gadgets, turning the defensive part of cybersecurity into a terrible nightmare. In any case, many defenders will not be fascinated by the idea of wrapping their USB cables and flash drives with aluminum tape[1] every time they buy new hardware. Sure, it is a cheap way of blocking radio waves, but the aesthetics will not be on a high level.

[1] – https://emfacademy.com/aluminum-foil-emf-radiation/

Red team that

Red team exercises and penetration testing became our new reality. Especially with COVID-19 and the additional boost to digital transformation, we are more and more digitally dependant. Many countries have started legally enforcing business and governmental organizations to ensure better their cyber security defenses. And the best way to do that is to have regular penetration testing drills once or twice per year.

However, we should ask ourselves how effective is this practice and whether it provides a good level of security for our data and assets. To do that, let’s analyze what the usual workflow of doing a penetration test is. Every engagement in cybersecurity starts with a legal contract, which defines the rules of engagement. In this legal contract, the defending side, the client, negotiates the regulations with the attacking side, aka the penetration testing company. In the case of 3rd party requirements such as governmental and corporation integrations, the rules are defined by the 3rd party. They can even give you a list of “trusted” penetration testing companies from which you have to choose. For example, when we had to do a security audit for Google and Microsoft to allow our integrations, they provided the list of auditing partners we had to use.

On the diagram, you can see a standard Red Team drill workflow. The rules are usually not set by the attacking team

And here is one of the main problems with penetration testing – there are rules of engagement. In the Real Word scenario, there is no such thing as a set of rules. The dedicated attacker can do whatever is necessary to penetrate your defenses, and he/she will not abide by the law. Comparison to conventional military drills is not practical but could even be harmful to your team’s attitude. It is much better to compare the attacker modus operandi to what guerilla fighters do, such as asymmetric warfare, without rules, requirements, etc. Attackers will do what is necessary to penetrate you no more or less.

The second problem with penetration tests is that the attacking team usually has limited time to penetrate your organization. The whole economy around red teaming is based on projects between two weeks and two months long. After that, the attacking team must go to the next assignment. In comparison, real-world hacker teams are usually part of criminal syndicates, and these criminal syndicates have other sources of income such as human trafficking, prostitution, drugs, and weapons. They can happily try to hack one organization for a year or more, especially if it is a big enough target.

And last, but not least – different motivation. In the red team case, the motivation is to abide by a requirement or by law. It means that the penetration team will ensure that the system passes the requirements and rarely will do more. When we speak about real hacker groups, usually we have a pretty limited set of motivation types – money and personal vendetta. Both of these are much higher on the motivation scale than a simple requirement fulfillment.

In conclusion, penetration testing is a helpful activity; however, it is not a panacea. The results coming from it gives a piece of information for your organization’s current cybersecurity state. Unfortunately, the limited scope of every penetration test will not give you a 100% guarantee that attackers can not destroy your defenses. It is much better to treat the red teaming as part of our cybersecurity strategy and valuable security tools.

Game of loans

In my article on start-up unicorns, I already presented how most start-ups finance their operations and how efficient this way of work is. This article will show how companies and wealthy individuals finance their operations once they reach unicorn status and have already managed to execute a successful IPO or ICO.

But before explaining the financial workflow, let’s analyze what an IPO is and how it integrates with the standard capitalism-based system. At its core, IPO operates the same way as every ordinary bank. People trust the company doing IPO and are willing to buy common stocks of this company. Additionally, let’s analyze a little bit how banks evaluate a given company to calculate its value. Usually, it is a combination of all of its assets, including the common stocks from the stock exchange. So far, so good; however, the stock exchange evaluation rules are pretty exciting. More specifically, the rule of how the end-of-day price calculation is done. It is based on the amount of money an individual is willing to pay for a given stock. And here is the part that must bother us – one big chunk of a given company evaluation is entirely based on people’s trust in the company. It is not based on any real-life assets such as gold, art, or real estate. It is entirely based on faith. We can even safely assume that we ll are living in a trust-based economy.

On the diagram, you can see a standard way of how wealthy individuals finance their operations. They use the IPO/ICO to increase their liquidity and apply for a loan after that

But let’s go back to loans – how do we calculate the personal wealth of people. The answer is a simple one. The same way banks calculate the evaluation of a company – aka based on all personal assets, including stocks. When wealthy individuals decide to buy something or invest in something, they have two ways of doing that – to sell assets or to get a loan.

Usually, most of them are willing to get a loan based on the current evaluation of their stocks and payback later. However, to give the loan, the bank does the review based on the willingness of someone to buy the stocks at a given price. In traditional banking, this usually triggers the central banks to issue a new amount of the local currency to provide the bank with the amount of money necessary to give the loan. So, in short, every time the bank provides a loan based on stocks, we pump new money into the system and lower down the buying power of everyone attached to the local currency.

In conclusion, most wealthy individuals prefer to finance their operations using loans instead of selling stocks at the current value. However, getting a loan increases inflation because the central banks have to issue new money to fund these loans. Another question is how much is the buying power of our modern billionaires compared to the ones in the past. For sure, most of them can not afford to finance the operations of over 1000 public libraries with their own money.

Five mistakes to avoid when building your startup

For almost 18 years, I have been working in product-based Start-Ups. During this time, I have seen a fantastic range of mistakes made during virtually every stage of their lifecycle. This range starts with something small, such as wrong employees’ computer equipment and massive investments in expensive server equipment or shady marketing agencies. However, I can categorize five mistakes as showstoppers for every Start-Up. They can instantly kill your company:

  • No business need: Unfortunately, many companies start developing a product without proper business research. I have done that at least five times in my professional journey. However, creating a technical product without adequate business verification is the number one reason for a Start-Up failure.
  • Erroneous business team: As we speak about business, many entrepreneurs and investors follow the “A player” hiring mantra. The business development teams in the Start-Ups I was part of were with quite mixed backgrounds (including people from Harvard and St. Gallen). And still, the results were mixed. You will need the team, which can do the job for you, but not the team with the flashiest CVs.
On the diagram, you can see a standard distribution of the mistakes made in one start-up. The most significant percentage is always for no business need
  • Erroneous technical team: Absolutely the same as the previous point, but for your technical team structure. I have worked with people from different backgrounds (including people from companies such as Google, Facebook, Twitter, Amazon, etc.). Again the results were quite mixed. I cannot deduce a trend where the more prominent the background is, the better. The only trend I could figure was that your team needs the right attitude.
  • Not enough team compensation: Many entrepreneurs think they must take a big part of the equity pie after giving the money and the idea. However, this kind of thinking is wrong. Ideas and money are nothing without proper execution. And if you cannot motivate your team to execute, this is quite an excellent way to shoot yourself in the foot.
  • Aiming too high: Many Start-Ups aim too high in terms of customers. However, this is quite a harmful strategy, bearing in mind that big companies’ decision-making process is notoriously slow. Better start small and acquire a pool of smaller customers and then scale (ideally, you can bootstrap this part and take funding only for marketing and scaling). Using this strategy, you achieve two things – traction and early verification. Hunting deers and elephants[1][2] can come on the next iteration.

In conclusion, building Start-Ups is hard. Almost 95%[3][4] of the Start-Ups fail during the first 2-3 years of their lifeline. Keeping in mind that people around the World start over 100M new Start-Ups every year, this is a sad statement. The listed five mistakes and given that the average Start-Up founder comes with a huge ego are a recipe for trouble. Leaving you with a thought  – you can print new money, but you cannot issue new brains. Please treat your team well.

[1] – https://www.slideshare.net/theproductguy/elephants-deer-rabbits-choosing-the-right-customer-for-your-products

[2] – https://kimtasso.com/selling-basics-targeting-with-rabbits-deer-and-elephants-video/

[3] – https://www.investopedia.com/articles/personal-finance/040915/how-many-startups-fail-and-why.asp

[4] – https://medium.com/journal-of-empirical-entrepreneurship/dissecting-startup-failure-by-stage-34bb70354a36

Cybersecurity tactics for small teams – Hardware Device Security – part 1

Please check the previous part – here.

After we already discussed how to assure your physical security and your network perimeter. The topic for the following two parts is the security of your hardware devices. And especially, I shall give you some ideas on how to secure your personal computer and your mobile phone. I shall provide a sample budget for a security-oriented personal computer, laptop, and mobile phone at the end of the parts. In the budget, I shall put the software appliances as well.

But before doing this, let’s have a short discussion of what a computer is and how we use it. The formal definition of a computer is:

A computer is a machine that can be programmed to carry out sequences of arithmetic or logical operations automatically. Modern computers can perform generic sets of operations known as programs. These programs enable computers to perform a wide range of tasks.

In other words, we have a machine, which works with data and can perform operations on it. It is similar to what our brains do for us but in a different way. In terms of computer security, it is essential to understand that your computer is a data carrier and data generator. The goal of your security awareness model is to protect the data and the generator logic. So we have to treat our computers the same way we treat our brains when we don’t want to share data. Aka by making sure we took all the necessary steps to secure access to our information.

So let’s do it. We start with:

Personal Computer/Laptop

We shall discuss the security of laptop computer because it has a more significant amount of attack vectors. We can apply the same list of attacks to workstations.

By definition – A laptop, laptop computer, or notebook computer is a small, portable personal computer (PC) with a screen and alphanumeric keyboard. It is important to note that a laptop is a total nightmare for your computer security policy in the physical security realm. It inherits the traits of all the hardware devices, including the ones related to garbage. Securing laptops is almost impossible, and a dedicated attacker most probably will manage to penetrate the defenses of your laptop one way or another. But let’s list the different attack vectors your laptop has.

On the diagram, you can see a standard data exfiltration workflow. The attacker makes the victim network sending data to a malicious service and, after that, reroute the data to his/her infrastructure
  • Theft: By being mobile, any laptop is a mobile data carrier similar to your paper documents and USB flash sticks. And by that, a dedicated attacker can steal the computer and gain access to your data. It is essential to mention that any encryption mechanism can slow down your attacker, but you can not determine whether it will stop him.
  • Location-based attacks: Companies such as Hak5 promote an exciting set of tools used for location-based attacks. They can penetrate your WiFi network, and even there are devices named RubberDucky. They look like a standard USB flash, but essentially they are cheating your computer that they are keyboard devices and execute a penetration script.
  • Malware: There are many types of malware, but these are most dangerous in terms of cybersecurity: trojan horses and ransomware. Both of them steal your data. In case of ransomware, you have to pay, and at least you receive notification that something wrong happened. In the case of trojan horses, you have no idea what is going on with your data.
  • Misconfiguration: Most of the laptops do not come with proper security configuration by default. Users without formal training can not configure the system, and it remains unsafe until a hacker penetrates it.
  • Pirated Software: Torrent trackers are a terrible place to download software. Usually, the cracked versions of the popular software come with already preinstalled malware. It is highly advisable to use open source or paid products.

Listed threats are only part of a long list of attack vectors an organization must take care of. Still, they are a good starting point, and if your small team manages to stop them, it can reach a good cybersecurity level.

Smartphones

After the introduction of IBM Simon, the smartphone industry had rapid growth. These days, devices are as powerful as a ten-year-old computer and can perform various tasks, which people kept only for computers for a long time. It is fantastic, but they are even worse in terms of cybersecurity than your laptop. They inherit all of your laptop’s problems with even smaller size and limited control over the hardware. They are a nightmare in terms of computer security. But let me list the different attack vectors which your smartphone can introduce:

  • Outdated Operating System: To further push technical progress, hardware vendors usually discount older than four years old devices. And by discount, it means that these devices do not receive security patches and the latest version of their operating system. This approach leaves thousand of people without proper cybersecurity defenses.
  • Laptop Attack Vectors: As a less powerful computer, every smartphone inherits a laptop’s security problems. Even worse, once you store your data in your smartphone’s internal memory, it is almost impossible to erase it securely.
  • Conversation Sniffing: Hackers can use your smartphone to sniff your daily conversations by being constantly held near to you. Many hardware vendors implement security measures versus this kind of attack, but people must still be aware that such an attack is possible.

Next part is here

Is Artificial Intelligence the solution for cybersecurity – Part 2?

So, let me go back to cybersecurity. Sorry for the long, boring mathematical-based explanation in the last part, but if one wants to use a given tool, he/she must understand how it works and, more essentially, its limits. And I shall give you my list of concerns why believing in the current cybersecurity hype can be dangerous for you and your organization:

  • We must not compare a Machine Learning model to the human brain: We have no idea how the human brain works, and more especially how ideas creation and generalization work. Additionally, the pure power consumption of a machine learning model is times bigger than a human brain. Sure it is faster but much more expensive. The average power consumption of a typical adult is 100 Watts, and the brain consumes 20% of this, making the brain’s power consumption around 20 W. For comparison, Google’s DeepMind project uses a whole data center to achieve the same result, which a two-year-old kid does with 20 W.
On the diagram, you can see what kind of problems Machine Learning algorithms can solve in the cybersecurity field. All of the activities listed in the last row are some form of categorization used for detection. No prevention is mentioned.
  • Machine learning is weak in generalization: The primary purpose of polynomial generation is to solve the so-named categorization problem. We have a set of objects with characteristics, and we want to put them in different categories. Machine learning is good at that. However, if we add a new category or dramatically change the set of objects, it fails miserably. In comparison, the human brain is excellent in generalization or, in social words – improvisation. If we transfer this to cybersecurity – ML is good in detection, but weak in prevention.
  • Machine Learning offers nothing new in Cybersecurity: For a long time, antivirus and anti-spam software have used rule engines to categorize whether the incoming file or email is malicious or not. Essentially, this method is just a simple categorization, where we mark the incoming data as harmful or not. All of the currently advertised AI-based cybersecurity platforms do that – instead of making the rule engine manually, they use Machine Learning to train their detection abilities. 

In conclusion, cybersecurity Machine Learning models are good in detection but not in prevention. Marketing them as the panacea for all your cybersecurity problems could be harmful for organizations. A much better presentation of these methods is to call them another tool in the cybersecurity suite and use them appropriately. A good cybersecurity awareness course will undoubtedly increase your chances of prevention rather than the current level of Artificial Intelligence systems.

Is Artificial Intelligence the solution for cybersecurity – Part 1?

Lately, we see a trend in cybersecurity solutions advertising themselves as Artificial Intelligence systems, and they claim to detect and prevent your organization from cyber threats. Many people do not understand what stands behind modern Machine Learning methods and problems they can solve. And more importantly, that these methods do not provide a full range of tools to achieve the wet dream of every Machine Learning specialist – aka general Artificial Intelligence or, in other words – a perfect copy of the human brain.

But how Machine Learning works? Essentially, almost every algorithm in Machine Learning uses the following paradigms. First, we have a set of data, which we call training data. We divide this data into input and output data. The input data is the data our Machine Learning model will use to generate an output. We compare this generated output with the output of the training data and decide whether this result is good. During my learnings in Machine Learning, I was amazed how many training materials could not explain how we create these models. Many authors just started giving the readers mathematical formulas and even highly complex explanations comparing the models to the human brain. In this article, I am trying to provide a simple high-level description of how they work.

On the diagram you can see a standard Deep Learning Machine Learning model. The Conv/Relu and SoftMax parts are actually polynomials sending data from one algebraic space to another

So how do these Machine Learning algorithms do their job? A powerful mathematics branch is learning the properties of algebraic structures (in my university, it was called Abstract Algebra). The whole idea behind this branch is to define algebraic vector spaces, study their properties, and define operations over the created algebraic space. But let’s go back to Machine Learning, essentially our training data represents an algebraic space, and our input and output data is a set of vectors in that space. Luckily, some algebraic spaces can perform the standard polynomial operations, and we even can generate a polynomial rendering the input and output data. And voila, a Machine Learning model is, in many cases, a generated polynomial, which by given input data produces an output data similar to what we expect.

The modern Deep Learning approach is using a heavily modified version of this idea. In addition, it tries to train its models using mathematical analysis over the generated polynomial and, more essentially, its first derivative. And this method is not new. The only reason it has raised its usage lately is that NVidia managed to expose its GPU API to the host system via CUDA and make matrices calculation way faster than on the standard CPUs. And yeah, the definition of a matrix is a set of vectors. Surprisingly, the list of operations supported by a modern GPU is the same set used in Abstract Algebra.

In the next part, we shall discuss how these methods are used in Cybersecurity.