ID 10 T

Tag: security

  • Malicious Tampering of 3D Medical Imagery Using Deep Learning

    Malicious Tampering of 3D Medical Imagery Using Deep Learning

    Source: Mirsky, Y., Mahler, T., Shelef, I., & Elovici, Y. (2019). CT-GAN: Malicious Tampering of 3D Medical Imagery using Deep Learning. In 28th USENIX Security Symposium (USENIX Security 2019).

    Main Themes:

    • Vulnerability of Medical Imaging Systems: The research highlights the concerning vulnerability of Picture Archiving and Communication Systems (PACS) and medical imaging devices to cyber attacks. These vulnerabilities, coupled with the reliance on 3D medical scans for diagnosis and treatment, create a serious threat to patient safety and healthcare integrity.
    • Deep Learning Enabled Attack: The authors present CT-GAN, a framework utilizing Conditional Generative Adversarial Networks (cGANs) to manipulate 3D medical imagery, specifically by adding or removing evidence of medical conditions like lung cancer in CT scans. This represents a novel and potent attack vector exploiting the advancements in deep learning.
    • Effectiveness and Implications: CT-GAN demonstrates remarkable effectiveness in deceiving expert radiologists and state-of-the-art AI cancer screening tools, highlighting the significant potential for misdiagnosis and manipulation. This raises profound ethical and security concerns within the healthcare domain.

    Most Important Ideas/Facts:

    1. PACS Security Gaps:
    • Healthcare systems lag behind in security standards, focusing primarily on data privacy over data integrity and availability.
    • Exposed PACS: “A quick search on Shodan.io reveals 1,849 medical image (DICOM) servers and 842 PACS servers exposed to the Internet.”
    • Vulnerable to various attacks: Social engineering, physical access, insider threats, and exploitation of software vulnerabilities.
    1. CT-GAN Attack Framework:
    • Leverages two cGANs: One for injecting and one for removing medical conditions (e.g., lung cancer) from 3D CT scans.
    • Employs in-painting techniques for realistic modification: “To make the process efficient and the output anatomically realistic, we perform the following steps: (1) locate where the evidence should be inject/removed, (2) cut out a rectangular cuboid from the location, (3) interpolate (scale) the cuboid, (4) modify the cuboid with the cGAN, (5) rescale, and (6) paste it back into the original scan.”
    • Automated process: Facilitates deployment within air-gapped systems and real-time manipulation via infected DICOM viewers.
    1. Attack Effectiveness:
    • Deceives radiologists: “The radiologists diagnosed 99% of the injected patients with malign cancer, and 94% of cancer removed patients as being healthy.” Even with awareness of the attack, misdiagnosis rates remained high.
    • Fools AI: State-of-the-art lung cancer screening model misdiagnosed 100% of tampered scans.
    • Implications beyond immediate treatment: Psychological impact on patients, disruption of research, insurance fraud, and potential for political manipulation.
    1. Attack Vectors:
    • Remote Infiltration: Exploiting vulnerabilities in internet-facing elements, social engineering attacks (phishing, spear phishing).
    • Local Infiltration: Physical access with false pretexts, insider threats, hacking Wi-Fi access points.
    • Pen-test demonstration: Successful man-in-the-middle attack on a hospital’s CT scanner highlights real-world feasibility.
    1. Countermeasures:
    • Data Security: Enabling encryption for data-in-motion, robust access control, and up-to-date security measures for PACS and connected devices.
    • Digital Signatures: Utilizing DICOM’s digital signature feature for verifying scan integrity.
    • Digital Watermarking: Embedding hidden signals to detect tampering.
    • Machine Learning Detection: Employing supervised and unsupervised methods to identify anomalies or inconsistencies within scans.

    Key Takeaways:

    • The research exposes a critical cybersecurity threat within the healthcare domain, demonstrating the potential for deep learning to be weaponized against medical imaging systems.
    • CT-GAN highlights the need for enhanced security measures and awareness within healthcare organizations to protect the integrity of medical diagnoses and patient safety.
    • Further research is required to develop robust countermeasures against AI-powered attacks targeting medical imagery.

    Quotes:

    • On PACS vulnerability: “The security of health-care systems has been lagging behind modern standards… This is partially because health-care security policies mostly address data privacy (access-control) but not data security (availability/integrity).”
    • On CT-GAN capabilities: “By dealing with a small portion of the scan, the problem complexity is reduced by focusing the GAN on the relevant area of the body… This results in fast execution and high anatomical realism.”
    • On attack effectiveness: “This attack is a concern because infiltration of healthcare networks has become common, and internal network security is often poor. Moreover, for injection, the attacker is still likely to succeed even if medical treatment is not performed.”
    CT-GAN- Malicious Tampering of 3D Medical Imagery using Deep LearningDownload
  • Analyzing the Current Landscape of NAS for Home Use: A Cybersecurity Perspective

    Analyzing the Current Landscape of NAS for Home Use: A Cybersecurity Perspective

    Network-Attached Storage (NAS) devices have become an integral part of modern households. They offer centralized storage, media streaming, and even remote access, making them a favorite for tech enthusiasts and families alike. However, as with any internet-connected device, NAS devices are not immune to cybersecurity threats. This post analyzes the current NAS options for home use from a cybersecurity standpoint, helping you make an informed choice.

    Key Cybersecurity Criteria for Evaluating NAS Devices

    1. Operating System Security: A secure operating system is fundamental to a NAS device. Regular updates, patch management, and a hardened kernel are critical.
    2. Access Controls: Robust user authentication and permission systems help restrict unauthorized access.
    3. Remote Access Security: Features like end-to-end encryption, VPN support, and two-factor authentication (2FA) are vital for safe remote access.
    4. Data Encryption: Encryption, both at rest and in transit, ensures data confidentiality even if the device is compromised.
    5. Network Security: Integration with firewall rules, support for intrusion detection/prevention systems (IDS/IPS), and strong default settings.
    6. Incident Response: The ability to detect, log, and alert users of suspicious activities.

    Top NAS Brands and Their Cybersecurity Features

    1. Synology
      • Strengths: Synology DSM (DiskStation Manager) is frequently updated with security patches. Built-in 2FA, comprehensive user permission controls, and integrated VPN server support make it a strong contender.
      • Weaknesses: While the interface is user-friendly, advanced configurations might require expertise to fully harden against threats.
    2. QNAP
      • Strengths: QNAP’s QTS system offers AES-256 encryption, SSL certificate management, and IP whitelisting/blacklisting. Frequent firmware updates address vulnerabilities promptly.
      • Weaknesses: QNAP devices have been targets for ransomware attacks, highlighting the importance of diligent patching and proper configuration.
    3. Western Digital (WD)
      • Strengths: My Cloud devices include basic security features like HTTPS support and password-protected access.
      • Weaknesses: Compared to Synology and QNAP, WD often lags in proactive updates and advanced security features, leaving them more vulnerable to attacks.
    4. Asustor
      • Strengths: Asustor ADM includes snapshot backup technology, strong encryption options, and frequent updates.
      • Weaknesses: While security features are robust, the interface can be less intuitive, potentially leading to misconfigurations.

    Best Practices for Securing Your NAS

    1. Update Regularly: Ensure your NAS firmware and apps are always up-to-date.
    2. Harden Remote Access: Disable remote access features if not needed. If used, rely on VPNs and enable 2FA.
    3. Strong Passwords: Use complex passwords and avoid default credentials.
    4. Backup Strategically: Use 3-2-1 backup principles (3 copies of data, 2 different media, 1 offsite copy).
    5. Monitor and Log Activities: Enable logging and set up alerts for suspicious activity.
    6. Isolate on the Network: Place your NAS on a dedicated VLAN or subnet to reduce exposure.

    The cybersecurity of NAS devices largely depends on the manufacturer’s diligence and the user’s awareness. Synology and QNAP stand out for their comprehensive feature sets and commitment to updates, but no device is entirely foolproof. By selecting a NAS with strong cybersecurity features and following best practices, you can ensure that your data remains safe and accessible.

  • Tracking and Privacy in Over-the-Top (OTT) Streaming Devices

    Tracking and Privacy in Over-the-Top (OTT) Streaming Devices

    Source: Watching You Watch: The Tracking Ecosystem of Over-the-Top TV Streaming Devices by Mohajeri Moghaddam et al. (CCS ‘19)

    Main Themes:

    • Pervasive Tracking in OTT Streaming Devices: The study reveals widespread tracking practices within Over-the-Top (OTT) streaming devices like Roku and Amazon Fire TV. Trackers collect and transmit user data, often without explicit consent or effective countermeasures.
    • Identifier and Information Leakage: OTT channels leak sensitive user information, including persistent identifiers like MAC addresses, serial numbers, and WiFi SSIDs, as well as video viewing preferences, to numerous tracking domains.
    • Ineffectiveness of Privacy Controls: Built-in privacy controls like “Limit Ad Tracking” (Roku) and “Disable Interest-based Ads” (Amazon) are largely ineffective in preventing data collection and transmission to tracking domains.
    • Security Vulnerabilities in Remote Control APIs: Vulnerabilities in local remote control APIs expose OTT devices to attacks by malicious web scripts, potentially allowing unauthorized access to device information and control over functionalities.

    Key Findings:

    • Prevalence of Trackers: Tracking domains were found in 69% of Roku channels and 89% of Amazon Fire TV channels studied. Google and Facebook tracking services are highly prevalent, mirroring similar findings on web and mobile platforms.
    • Top Trackers: The most prevalent trackers included doubleclick.net (Google) and google-analytics.com on Roku, and amazon-adsystem.com and crashlytics.com on Amazon Fire TV.
    • Leakage of Persistent Identifiers: A significant number of channels were found to leak persistent identifiers like AD IDs, MAC addresses, and serial numbers, undermining the effectiveness of resetting advertising IDs as a privacy measure. Quote: “Moreover, widespread collection of persistent device identifiers like MAC addresses and serial numbers disables one of the few defenses available to users: resetting their advertising IDs.”
    • Video Title Leakage: Tracking domains were observed receiving information about the titles of videos being watched, revealing user viewing habits. Quote: “We found 9 channels on Roku and 14 channels on the Fire TV … that leaked the title of the video to a tracking domain.”
    • Ineffective Privacy Settings: While “Limit Ad Tracking” on Roku eliminated AD ID leaks, it did not reduce the number of trackers contacted. Similarly, “Disable Interest-based Ads” on Amazon only reduced data collection by Amazon’s own advertising system. Quote: “Our data, however, reveals that even when the privacy option is enabled, there are a number of other identifiers that can be used to track users, bypassing the privacy protections built into these platforms”
    • DNS Rebinding Vulnerability (Roku): Roku’s External Control API was found to be vulnerable to DNS rebinding attacks, allowing malicious web scripts to collect sensitive data, install/uninstall channels, and even geolocate users.

    Recommendations:

    • Implement stronger privacy controls, akin to “Incognito Mode” in web browsers, to limit data collection and prevent cross-profile tracking.
    • Provide mechanisms for users to monitor their network traffic, enabling transparency and analysis of channel behavior.
    • Enhance security of local APIs to mitigate risks of unauthorized access and control.
    • Regulators should use the tools developed in this study to inspect channels and enforce privacy regulations in the OTT ecosystem.

    Conclusion:

    This research underscores the urgent need for improved privacy and security measures within the OTT streaming device ecosystem. Current practices expose users to extensive tracking and data leakage, often without their knowledge or consent. Stronger privacy controls, transparent data collection practices, and robust security measures are crucial to protect user privacy and build trust in these platforms.

    tv-tracking-ccs19Download
  • Securing Your Home Router

    Securing Your Home Router

    In today’s hyper-connected world, your home router is the gateway to the digital realm. It connects all your devices to the internet, making it a critical piece of your home’s cybersecurity puzzle. Unfortunately, it’s often overlooked, leaving a door wide open for cyber threats. Below, I’ll explore some essential steps to secure your router and safeguard your home network.

    1. Use a Strong, Unique Password

    The default admin passwords that come with routers are easy targets for attackers. Changing your router’s admin credentials to a strong, unique password is your first line of defense. Consider using a mix of uppercase and lowercase letters, numbers, and special characters. Password managers can help generate and store secure passwords if needed.

    2. Disable Remote Management

    Remote management allows you to access your router from anywhere, but it also opens the door for attackers. Unless you absolutely need this feature (and most home users don’t), it’s best to disable it. This minimizes the attack surface of your network.

    3. Segregate IoT Devices

    The Internet of Things (IoT) has revolutionized our lives, but many IoT devices lack robust security measures. Segregate these devices by setting up a separate network for them. Many modern routers, like the Synology routers I use, allow you to create multiple SSIDs, ensuring your primary devices are shielded from potential IoT vulnerabilities.

    4. Avoid Universal Plug and Play (uPNP)

    While uPNP is convenient for gaming consoles and other devices to automatically configure port forwarding, it’s also a security risk. uPNP can allow malware to manipulate your router’s settings. Disabling this feature adds another layer of security to your network.

    5. Skip WPS (Wi-Fi Protected Setup)

    WPS was designed to simplify device connections, but it has known vulnerabilities that can be exploited by attackers. Disable WPS and stick to manually connecting devices to your network with a strong password.

    6. Keep Firmware Updated

    Router manufacturers regularly release firmware updates to patch security vulnerabilities and enhance functionality. Check for updates frequently or enable automatic updates if your router supports it. Staying updated ensures you’re protected against the latest threats.

    7. Use a Guest Network

    Instead of sharing your primary network password with visitors, set up a guest network. This keeps their devices isolated from your main devices and prevents accidental access to sensitive resources. Most routers make it easy to create and manage guest networks, adding convenience and security.

    Final Thoughts

    Your router is more than just a device that connects you to the internet—it’s the gatekeeper of your digital life. By taking proactive steps to secure it, you can significantly reduce your risk of cyber threats. Whether it’s changing passwords, disabling risky features, or updating firmware, every action contributes to a safer home network.

    Remember, the strength of your network’s security starts with you. Don’t wait until it’s too late—secure your router today and enjoy peace of mind in the digital age.