Threats for online gamers

--Originally published at Information Security A01229898

Hi everyone, While I was searching about video games I found about this threats that could happen for gamers, I took this information from a post of we live security esset, so let’s start this.

The first popular threat is TeslaCrypt:

it was designed to encrypt game-play data for dozens of video games, prompting the user to pay a ransom to decrypt those files. Targeting some well-known games including Call of Duty and Minecraft, Teslacrypt blocks access to saved game files, configuration files or game items.

 

Second one is Password Stealers:

Just as there are types of spyware called keyloggers, which capture keyboard events and try to steal access credentials, there are also pieces of malicious code that attempt to steal access credentials for online games or platforms, such as Steam or Origin. This type of malware is heavily based on social engineering or deceit in order to infect its victims. One of the most popular scams is when a player – the victim – receives a chat message from another player offering him to join his team. This unknown player is usually very friendly and praises the victim for his gaming skills, telling him that he should join this team of great players.

At some point, the victim is prompted to download and install an application – for example, a voice communication program. The attacker will be very insistent on the fact that the victim cannot become part of the team if he does not have that application. And of course, the downloaded executable is not really a chat client, but a malicious software capable of stealing account credentials.

The third one is Fake Game Cracks

This is another social engineering technique, regardless of the kind of threat installed in the end. The deceit in this case has to do Continue reading "Threats for online gamers"

Security and Videogames

--Originally published at Information Security A01229898

Hi everyone, On this post I will talk about Security and videogames, yes, finally something about software, so let’s start this.

 

On this post as I mention I will talk about videogames, I was searching on internet and I found a post from welivesecurity esset and they talk about this topic, they interview Andres Rossi the CEO of an Argentine company that develops videogames for social networks, so I grab some information of that post so you can know a little of what they talk and at the end of the post I will put the link so you can check all the post of esset

Andres told that with his experience he has seen a lot of incidents related with security like payment-card frauds, cyberattacks targeting gamers and the subsequent claim of prizes, to exploitation of servers just for the sake of playing, but he says that the most common problem is that players leave their accounts open in machines that do not belong to them. He said that there is a lot of ignorance among video games developers regarding security implementation and one example is that the online Playstation platform was compromised a few years ago, the problem is that there are so many games that, as is to be expected, the challenge is still only focused on the largest and most famous game companies.

At last, I want to say that the security problems that the video game industry it’s because on the past, the industry didn’t need to take care for security, because all games were offline, so, it was not possible to extract information of other players, but with the online games the problem started but is difficult to try to secure all games.

 

Link of the interview: https://www.welivesecurity.com/2016/08/16/security-transversal-issue-video-games-development/

I2C

--Originally published at Information Security A01229898

Hi everyone, on the other post I talk a little about some protocols, but I want to talk more about I2C, so let’s start.

As I explained on the other post I2C means  Inter-Integrated Circuit and it is a synchronous, multi-master, multi-slave, packet switched, single-ended, serial computer bus invented in 1982 by Philips Semiconductor (now NXP Semiconductors). It is widely used for attaching lower-speed peripheral Integrated Circuits to processors and microcontrollers in short-distance, intra-board communication.

 

I2C uses only two bidirectional open-drain lines, Serial Data Line (SDA) and Serial Clock Line (SCL), on the SDA the master and the slave will send and receive information and the SCL is the clock that the master provides, that clock will determine the velocity of the the transmission.

The bus has two roles for nodes: master and slave:

  • Master node – node that generates the clock and initiates communication with slaves.
  • Slave node – node that receives the clock and responds when addressed by the master.

The bus is a multi-master bus, which means that any number of master nodes can be present. Additionally, master and slave roles may be changed between messages (after a STOP is sent).

There may be four potential modes of operation for a given bus device, although most devices only use a single role and its two modes:

  • master transmit – master node is sending data to a slave,
  • master receive – master node is receiving data from a slave,
  • slave transmit – slave node is sending data to the master,
  • slave receive – slave node is receiving data from the master.

 

So this is a little of I2C, but the real question on this post is, WHY ARE YOU TALKING ABOUT COMMUNICATION PROTOCOLS ON MICROCONTROLLERS IF THIS A INFORMATION SECURITY POST?

The answer is easy, I’m an electronic engineer and I have more knwoledge of microcontrollers, I don’t work too much with software and don’t Continue reading "I2C"

Communication protocols

--Originally published at Information Security A01229898

Hi everyone, on this topic I will talk a little about Communication protocols, this topic is related with microcontrollers, because I’m talking about the communications protocols that microcontrollers use, I’m not going to talk about all the communications protocols, so let’s start.

-CAN: I know that I talk about CAN in other post, in fact, I have a post that talks only talks about CAN, but it is a important protocol and I think that I should mention it.

CAN is a protocol that in short words, is a bus, it has two cables and that’s it, it doesn’t have any security, so once your are in, you can know everything and technically you can interfer the system, if you want to know more about CAN protocol you can check my post of CAN and there I explain more and there’s a video that explains more.

-UART: Universal Asynchronous Receivert Transmitter (UART)  is a computer hardware device for asynchronous serial communication in which the data format and transmission speeds are configurable. The electric signaling levels and methods are handled by a driver circuit external to the UART. A UART is usually an individual integrated circuit used for serial communications over a computer or peripheral device serial port. One or more UART peripherals are commonly integrated in microcontroller chips.

-I2C: Inter-Integrated Circuit (I2C) is a synchronous, multi-master, multi-slave, packet switched, single-ended, serial computer bus invented in 1982 by Philips Semiconductor (now NXP Semiconductors). It is widely used for attaching lower-speed peripheral Integrated Circuits to processors and microcontrollers in short-distance, intra-board communication.

-LIN: Local Interconnect Network (LIN) is a serial network protocol used for communication between components in vehicles. The need for a cheap serial network arose as the technologies and the facilities implemented in the car grew, while the CAN bus was too expensive to implement for every component in the car. European car manufacturers started using different serial communication topologies, which led to compatibility problems.

 

There are other protocols that I could Continue reading "Communication protocols"

Microcontrollers and security

--Originally published at Information Security A01229898

Hi everyone, This time I will talk a little about Microcontrollers and security, I talk about that topic on class a few classes ago and I realize it could be a good topic for my blog, I think that microcontrollers will need to get upgrades on security, since all this thing of IoT started the quantity of microcontrollers connected to the world has increased and will increase more, a lot of products and projects related with IoT are using microcontrollers and with that we have the problem that they are not secure and maybe they aren’t secure because normally a microcontroller won’t need that security, because no one cared about getting information of a microcontroller, but now,  I think that security is becoming a must have, because maybe it will be easier to try to get information from the microcontroller than trying to hack other thing.

 

This post is related with the other posts because most of the security problems that we have and we will have are going to be related with IoT, having everything connected to the net is really usefull for the users, but is a two-edged knife, having everything connected means that people could access to your personal information and that could be problematic, now with the microcontrollers getting directly connected to the for the Internet of Things could be really dangerous, microcontrollers don’t have that security with the data they transfer, it’s relatively easy to get the data of a microcontroller, for example, in some classes, to know that what we are sending is ok, we check with a oscilloscope what we are sending, and that is just connecting the oscilloscope to the transmit of the microcontroller, so, if we can get that information that easy, imagine if that kind of security could be Continue reading "Microcontrollers and security"

Self-driving car accident

--Originally published at Information Security A01229898

On my last post I talked about the dangers of IoT and cars and a few weeks ago an accident occur involving a self-driving car, yes, I’m talking about the self-driving car of uber that killed a person, even though, it isn’t a problem of the car been hacked, is a problem with security.

 

The first question that we should ask is, who will be blamed, Uber?, the woman inside the car?, the person that was killed?, or who?. I discuss that on one of my classes and I heard a lot of comments of my friends, there was a comment that took my attention, one of my classmates said that there have to be sacrifices, that is true, some people would think that’s cruel, but it’s true, when the moon race occur, a lot of people died and does deaths didn’t stop the moon race and let me be honest, the moon race was something that didn’t have sense, they wanted to put a person on the moon, so what we get from that, all those deaths were for something????

I think that the race for the self-driving car has more sense that the moon race had at that moment, but maybe they aren’t doing it in a good way, maybe they should start little by little, instead of creating a full self-driving car, they should install little by little things that will create the self-driving car and when they have tested everything very well then you start to tested it all those parts together.

 

However those are my thoughs you don’t need to think the same as me, I would love to see what others think, I would love if we discuss the topic, I will give you a link of the video Continue reading "Self-driving car accident"

CAN protocol and IoT [3/3] #TC2027

--Originally published at Information Security A01229898

 

Finally, this is the last part of CAN protocol an IoT topic, as you already know, on the first part we talk a little bit about CAN protocol, on the second part we talk about IoT and its dangers and on this last part I will talk about how CAN protocol and IoT are related, what I personally thing about and more, So let’s start.

 

When I started all these posts about CAN protocol and IoT I used to think that all the security problem are caused by CAN, but after we talked about this on class, I saw that we can’t blame for everything to CAN, it’s true that is just a BUS and when you are inside of the bus, technically you can do whatever you want inside, so we can blame CAN, there should be more security on the ports that are connected to the bus, that’s what I think.

 

Now, I’m freaking out that with the IoT, cars would be connected to the network, think about it, currently,cars aren’t that connected to the network and they can be Hacked, I have some videos with examples at the end.

 

So to finish, I think that if we want cars connected to the network with IoT in the future, a lot of improvement need to be made on security.

 

 

CAN protocol and IoT [2/3] #TC2027

--Originally published at Information Security A01229898

Hi everyone, I will talk about the part 2 of this CAN protocol and IoT posts, on this one, I will talk a little about IoT, so let’s start this.

 

The Internet of Things hasn’t been around for very long, but, there have been visions of this idea since the early 1800’s, one of the first examples of IoT is from the earlies 1980’s, and it was a Coca Cola machine on the Carnegie Melon University. Some students would connect by Internet to the refrigerated appliance, and check to see if there was a drink available and if it was cold, before making the trip.

But Internet of Things as a concept wasn’t officially named until 1999, by Kevin Ashton, the Executive Director of Auto-ID Labs at MIT, while making a presentation for Procter & Gambler, at that time, Kevin Ashton believed that Radio Frecuency Identification (RFID) was a prerequisite for the Internet of Things, He concluded if all devices were “tagged”, computer could manage, track, track and inventory them.

 

So…. What is Internet of Things????????

What I understand as Internet of Things is, all the devices that have an On, off option, can be connected to the net and can give information on real-time, is sounds good, but is too risky, having a lot of devices connected to the net demmands too much security and maybe does devices don’t have it, so they have to implement it.

 

On this video is explained what is IoT:

CAN protocol and IoT [1/3] #TC2027

--Originally published at Information Security A01229898

Internet of Things or IoT is something really popular nowadays, IoT for me in a few words is a lot of thing all connected so you can know all the information you want at every moment, so the cars will be conected too, on the next three post (incluiding this) I will talk a little about what I think of IoT with cars, first I will talk a little about the Controller Area  Network (CAN) protocol.

The Controller Area Network (CAN) protocol, is a serial communication protocol created at the 80’s by Bosch, at the beggining it was for the communication between controllers inside an automobile.

bosch

The information is transmitted between the control units through a data frame with a length and structure defined with braided cable, on the image below you can see how it looks.

 

can

 

The characteristics of the CAN protocol are:

-Message priority.

– Guaranteed latency times.

– Flexibility in the configuration.

– Multicast reception with time synchronization.

– Multimaster System: all the control units can transmit and receive, any control unit introduce a message inside the bus with the condition that the bus is free, if two control units try to send a message at the same time, the message with more priority will be sended first.

etc.

Just to finish this blog, the CAN protocol is supposed to be the same since the 1980’s, so I think that something that works for so long can be so trustworthy, because it means that people haved a lot of time to see how can be affected, but if the industry still use this protocol is because it can be secure and even though is that old, they have make updates of that protocol.

If you want to know more about the CAN bus you can see Continue reading "CAN protocol and IoT [1/3] #TC2027"