Last months entry was leaped ...staying true to the calendar month ! Leaping ahead another 4 years...we know rate of innovation wll create many hack attempts, however, how exactly are the current technologies expected to be used ? what are the future hacking threats we expect ? how will the CIA model be enhanced and used alongside other process mechanisms like Machine to Machine trust framework ? How will traditional hacks augment from enterprise client-server architecture and create new attack vectors?. The paper recommended that technology vectors are constantly monitored using a combination of automated tools, processes and constant research of evolving technology requirements to help mitigate against future hacking threats.
Introduction
The growing need for efficiency within the connected world promotes technology to progress faster than ever before. Technology is now more affordable and accessible to variety of enthusiasts from Raspberry Pi developers to crowd development projects [1]. With this fast paced adoption of innovation the possibility for compromise of any connected component is likely. For enterprises, the compromise can be typically aligned to business risk and often assessed using the CIA triage process [2]. Whether brand damage, customer data hacking or device control, a negative compromise that falls outside of business use creates the foundations of a hack. Today the technology world is created on the traditional client/server architecture that used perimeter based mitigation methods. The perimeter is now the user and its data interaction which requires proactive mitigation or identification. Role based access control models (RBAC) that include Bell–LaPadula Model [3] or profile authentication allows the interaction between cloud and hybrid borders to be defined and monitored. It is the ability to define a border and the application of CIA into the border (perimeter) that will affect the ability to monitor, detect and identify future hacking threats, specifically, the ingress points. With new technologies ready to embrace the world of IOT [4] like augmentation of biometrics and 3D gaming, the ability to protect data and anything of perceived value i.e. brand, requires robust detection solutions. This ensures that regardless of technology platform, future hacking threats can be anticipated.
Whilst standardisation of technology helping to calculate risk based scenarios, the use of new innovative technology requires application of simple concepts of protection that can scale the connectivity complexities with the ease of management. New modern platforms are connectable almost anywhere now, from smart-cars, RFID sensors, medical devices, home automation, smart grid interaction and entertainment, can now already be augmented into biological variations, such as animal Cyborgs [5] like the Roboroach [6] that uses micro-stimulation of the antenna nerve to control the insect or even the human-cyborg condition that has an symbiotic extension into the world of IOT or wearable technology requiring mitigation methods beyond the traditional client server architecture.
Hacking Threats
For a hack to be effective the trust relationship of an entity needs to be compromised. Increasingly, the client server architecture that uses TCP/IP allows business logic to be placed into applications to serve commercial functions. Each function has different levels of abstractions that can be compromised, thus hacking threats can go down to a granular levels i.e. privilege root level compromise to OSI Layer 7 OWASP concerns are increasingly seen across TCP/IP environments, including technology protocols and will continue down the TCIP/IP stack to lower levels [7]. Gabi Nakibly was able to prove that by manipulating the OSPF protocol an IP-table can be inserted into a router and thus traffic flow can be manipulated [8].
Figure 1: Network and Server Topology.
The growing need for efficiency within the connected world promotes technology to progress faster than ever before. Technology is now more affordable and accessible to variety of enthusiasts from Raspberry Pi developers to crowd development projects [1]. With this fast paced adoption of innovation the possibility for compromise of any connected component is likely. For enterprises, the compromise can be typically aligned to business risk and often assessed using the CIA triage process [2]. Whether brand damage, customer data hacking or device control, a negative compromise that falls outside of business use creates the foundations of a hack. Today the technology world is created on the traditional client/server architecture that used perimeter based mitigation methods. The perimeter is now the user and its data interaction which requires proactive mitigation or identification. Role based access control models (RBAC) that include Bell–LaPadula Model [3] or profile authentication allows the interaction between cloud and hybrid borders to be defined and monitored. It is the ability to define a border and the application of CIA into the border (perimeter) that will affect the ability to monitor, detect and identify future hacking threats, specifically, the ingress points. With new technologies ready to embrace the world of IOT [4] like augmentation of biometrics and 3D gaming, the ability to protect data and anything of perceived value i.e. brand, requires robust detection solutions. This ensures that regardless of technology platform, future hacking threats can be anticipated.
Whilst standardisation of technology helping to calculate risk based scenarios, the use of new innovative technology requires application of simple concepts of protection that can scale the connectivity complexities with the ease of management. New modern platforms are connectable almost anywhere now, from smart-cars, RFID sensors, medical devices, home automation, smart grid interaction and entertainment, can now already be augmented into biological variations, such as animal Cyborgs [5] like the Roboroach [6] that uses micro-stimulation of the antenna nerve to control the insect or even the human-cyborg condition that has an symbiotic extension into the world of IOT or wearable technology requiring mitigation methods beyond the traditional client server architecture.
Hacking Threats
For a hack to be effective the trust relationship of an entity needs to be compromised. Increasingly, the client server architecture that uses TCP/IP allows business logic to be placed into applications to serve commercial functions. Each function has different levels of abstractions that can be compromised, thus hacking threats can go down to a granular levels i.e. privilege root level compromise to OSI Layer 7 OWASP concerns are increasingly seen across TCP/IP environments, including technology protocols and will continue down the TCIP/IP stack to lower levels [7]. Gabi Nakibly was able to prove that by manipulating the OSPF protocol an IP-table can be inserted into a router and thus traffic flow can be manipulated [8].
Figure 1: Network and Server Topology.
- Browser Technology:
- Browsers are now supplied as part of OS builds and its operations are often interlocked within the OS, for example, google chrome cast mitigates against hacking effort as it comes with fewer lines of code that locally installed malware cannot easily exploit.
- It is now common to find companies using VPNs to encrypt communication channels between data-centers and email servers so ingress points like browsers or VPN clients have protection applied. Some vendors are now creating specific hardened consumer endpoints where the browser interaction takes place, for example, the BlackPhone [9] ensures the initial interaction point is done only when initiated with strong authentication methods further described by Mimesis Aegis [10]. The downside of browser maturity is the ability to manipulate the efficiencies, for example, Free wallpaper [11] and Self destruction texts [12] are designed to self-infect the host when opened.
- Network Technology:
- Social engineering or machine to machine exploits can be expected to develop as security on devices is expected to grow, they will be targeted by cyber criminals as a means for compromise into other connected environments like cloud. For example for BYOD, Mobile Device Management solutions like Good Technologies [65] can be used for cloud or hybrid environments. The rapid ability to scale is extremely important aspect of cloud technologies, however the fast changing nature provides opportunity for command-controllers to infect botnets such as using P2P that is difficult to trace and even still exploits the HTTP protocol as it is allowed past firewalls [13]. Manipulating the DNS records can also route traffic before presenting the user with a compromised site thus configuration on server features need to be reviewed this inclused Border Gateway Protocol (BGP), DNS, and Secure Sockets Layer (SSL) and can be demonstrated by prefix hijacking [14] methods.
- App Server Technology:
- Compiler developers are increasingly using more sophisticated auto-coding methods to ensure secure coding practices are used from a grass roots level making the barrier to entry more difficult. Malware are a popular method to target machines and are available for specific platforms and many breeds of malware today can detect if they are running within virtual machines to make auto-adjustments to evade detection and break into the host machine explains [15].
- Business services rendered by app servers also provide opportunity for future hacking threats. Third party app data stores with weak security metrics can allow or enhance fraud, such as premium text messaging or the use of adware campaigns can be enhanced to work with malware. This can be extended into internet services like music downloads programs like digital-rights-management system that can be infected with malware fingerprints specific to individual hosts [16] making it difficult to perform reverse engineering to create anti-virus signatures thus the need for behavioural-analysis protection, application port lock down and file reputation based systems are often required to mitigate against self adapting and injecting malwares [17].
- Increasingly, practitioners are now using tools like Wikto to identify flawed application scripts, misconfigurations, unpatched systems protocol fingerprinting and also are incorporating the latest Google Hacking Database for vulnerability list checking [18]. For monitoring app-service interaction, proxies like Paros Proxy record all HTTP requests, web spiders URL referral links to store cookies and hidden elements and even contains a hash calculator to perform decryption including performing SSL decryption from the app-traffic which extends out to Active X exploits which makes a more robust tool for practitioners to use [19].
- Server Technology:
- Tradition hardening methods like CIS Benchmarks [20] will refine, such as the need for two people to make changes for core process would be required i.e. assessing security and user needs as part of the design build. Traditional OS controls can be enhanced with tool like Winfingerprint that can analyse Microsoft components like AD, to include server logs, registry and local system variables and alongside heuristic efforts will make the tool more swifter to align itself for unknown threats.
- DB/SAN:
- The function of a storage database is often to store and retrieve data securely and efficiently. Asymmetric encryption will be more focused for safeguarding ciphers well beyond bio-ciphers like biometric authentication systems [21]. The need to harden unused vendor database services and functionality will be required to minimise any potential points of attacks. Often, if the business function is well defined then it is also possible to identify what database features are explicitly required and even for those, have mitigation steps introduced should a compromise occur. As a result of hardening, data base vulnerabilities like Ram scrapping breaches [22] will increase. Ram Scrapping allow a server to get an application less than 1MB in size on the server and capture all the data as it is written to RAM before it goes to a database [23]. It can capture data (such as credit card numbers) before being inserted into a database and thus very attractive method for hackers to exploit ie. Malvertiments [24].
- Increasingly processes for data handling will also gain complexity to match matrix storage patterns such as hybrid cloud models where data never needs to be stored and is processed on the fly by the transacting merchants only, so never lands onto on premise equipment thus avoiding the need store data.
Outside the corporate network
With the ability to acquire technology now possible through difference channels, hardware fraud hacks like ATM fraud [25] can increase as criminals can replace credit card terminals with hacked replacements that contain a 3G modem, that transmits payment details directly back to a control server.
Wireless hacks, like Radio frequency identification (RFID) provides opportunity for potential exploitation. Typically, these exploits target various uses of RFID in supply chain, retail transactions, counterfeiting/cloning, and the ability to defraud physical access such as public transportation [26]. Data is now valuable to a hacker and as the efficiencies of cloud storage is adopted data attacks targeting these environments will likely increase i.e. a move from device-base to cloud-based botnets or even hijacking distributed processing power will increase.
Wireless hacks can include bluetooth hacking and wifi war dialling that is already documented [27] and Wifi tools like wellenreiter can store wireless traffic and can listen for DHCP, ARP and MAC/IP details. For example, Near Field Communications ( NFC ) can be compromised for aggressive avatar-based attacks which rely on advanced digital creation assembled from stolen aspects of an individual’s identity [28]. The Wireless Aerial Surveillance Platform (WASP) [29] uses electronics that can decipher codes, manipulate cell signals to effecting attached mobile-phone signals to manipulate flight data whilst flying over a target host.
Figure 2: NFC Android Stack Bug
Mobile network hacks, like GSM-IMSI catchers [30] capture a phones ID data and content. It enables devices to spoof a legitimate GSM tower and trick cell phones to send them data by emitting a signal that is stronger than legitimate towers [31].
Bioweapons such as DNA hacking [32] through sequencing can have life threatening consequences for example a smart pacemakers that connect to the internet can have its functions overridden to provide an irregular heartbeat. Retrospectively, bioweapons can target cells in helping to fight cancer using for example, the open source DNA copy machine [33] that would make facial recognition, speech pattern identification, far more sophisticated allowing the biohacking of smart implants to be used for identification and authentication of individuals which include the ability to access buildings and activate devices or services in the home [34]. Jerome Radcliffe demonstrated how to inject the wrong amount of insulin by wifi hacking and inserting new lines of code [35].
To limit code manipulation, the efficiencies of quantum security can help encryption components of a system. Core data services that sit behind quantum technologies require significant resources to be hacked. MagiQ, sells a system that can use quantum technology to transmit encryption keys [36]. A Google system housed at NASA’s Ames Research Center uses quantum-computing equipment from D-Wave Systems that generates 512 qubits of processing power [37], and calculates that the number of qubits needed to achieve fast calculations is between 10 million and 100 million, which in the real world is decades from computation [39]. Researching quantum technology, Bloomberg [40] researched the device creates qubits by using a crystal to split a light beam into pairs of red photons, the smallest known amounts of light. The pairs move in tandem; if an intruding computer tries to read the pattern in the photons, it throws them out of sync, rendering the information unreadable, this would help create and maintain super-passwords.
Current security architectures will need to be updated to accommodate the manufacturing technology platforms required, for example, Figure 2 below shows the expected steps involved to create a quantum solution:
Figure 3: Layered Framework for Quantum Computing Architecture
The atomic level of innovation will also continue to adapt, Intelligent Energy [41] has created a hydrogen fuelled cell that fits into a regular iphone6, thus consumer adoption of this new technology will scale at multiple rates with this, creating scaling hacking efforts perhaps with chemical catalyst manipulation through phone signals to heat the battery to cause detrimental battery pack combustion.
The trust relationship is also subject to compromise as dependency increases. Hardware and software manufacturers who can introduce malicious code as firmware into the systems components is plausible [42]. Specifically, collaborative robotics based products will augment into home for symbiotic use to perform automated house hold activities like [43]. This combined with the need for IOT devices to be small requires extra precaution as most devices connected to the internet comes equipped with microphones, video cameras, gyroscopic feedback and GPS. The Swarmaniod project [44] uses polymorphic encryption making decryption difficult [45]. Thus small localised compromises will likely be seen in the future rather then domain wide ones like the historic slammer or Code Red [46]. However, whilst these historic attacks are domain wide, Botnet of Things [47] attacks can cause damage on minute components and replicate the attack aggressively that effect the domain to function and if undetected, they can be used to automate background fraud i.e. embedded web servers within photocopiers, printers and scanners have very little security controls where Michael Sutton, VP of research at Zscaler Labs was able to locate servers through created that identify web header fingerprints [48].
Expectation of Threat Technologies
Future of hacking threats will require constant baselining of environments to identify threats and new tools would be developed to automate the process, examples are:
- Vulnerability discovery models and digital footprint obfuscation can be achieved independently by modelling software for advanced threat analysis [50]. The need for smarter algorithms will increase as does the threat vector for example, Alessandro Acquisti researched face recognition algorithms for deducing numbers to obtain social security numbers [51]. To mitigate these attacks, Dynamorio by Google [64] provides a method of code detection framework that can analysis, thread, library, memory and system-call flow behaviours to ensure coding remains secure.
- Advanced persistent threat will likely evolve into mass infection-botnets using protocols like VOIP. Security Art [52] demonstrated a tool called Moshi Moshi which converts touch tones into commands the bots can understand and turns text into speech to capture information on compromised corporate computers and later read it into voicemail for the botmaster to pick up through via a corporate conference dial in number. To mitigate these attacks, code designs that use Program Shepherding [63] methods that analyse the codes flow starting at the originating point.
- Self-modifying mobile malwares like pandoras-box malwares [53] require defensive security execution methods [63] to mitigate against offensive are designed to destabilise, confuse and destroy critical electronic infrastructures [54]. BEBloh performed key logging and accesses remotes accounts to transfer funds [55], if augmented into a Pandora’s approach then its variant can cause fraud on high levels. To mitigate against these attacks Dynamorio [64] can help ensure core transactions are protected by a coding framework.
- Behavioural and anomaly detection will advance, for example, sonification techniques that can use the sounds that a CPU and other components create to calculate what values are being decrypted using encryption libraries [56]. Don Bailey iSec Partners researched that using text sent over wireless hacked phone linked into a car it was possible to control the car security system [57]. In these complex environments, the core processes can be frame worked together for example using Dynamorio [64] to ensure the core transactions are being monitored.
- Ransomsware malware like Cryptolocker [58] is likely to increase as holding files hostage is more attainable where the monitisation of hacking will increase i.e. hacking as a service demonstrated by renting DDoS traffic like Bredolab botnet ecosystem of malware distribution [59]. Botnets can be slowed down by ensuring communication ports like RDP are locked, file executables are detected when being sent and only allow executables to run from a specific share only.
- Infrastructure exploits will increase, Independent researchers Dave Kennedy and Rob Simon demonstrated that by using broadband-over-powerline technology, it Is possible to monitor electric plug signals outside a house to monitor devices within the home, they would also be able to jam signals to bypass the actual house alarm [60].
The Machine-to-Machine Trust Framework focuses on three dimensions of trust: The technical integrity of the devices, the devices’ ability to perform actions on behalf of others and the trustworthiness of the result [61]. Thus a way forward would be to ensure the common practice of CIA triage analysis of a cyber-platform, extends itself outwards to lock into the extra-net where interaction is likely to occur.
Googles initial SPDY protocol, now known as HTTP2 [62] will be a step forward to having security built into technology process from the ground up. At the moment, future threats expected are based on the vulnerabilities of HTTP and TCP/IP, however changing the fundaments across the model TCP/IP platform will help reduce exploits within computer services.
Figure 4: HTTP/2 Protocol
Figure 4 shows how the basic fundamentals of HTTP have been intelligently prioritised and enhanced to create a protocol that can embrace the modern requirements of HTTP2. This will ensure that hacking efforts will become manageable as the rules of the protocols themselves are refined thus enabling ingress and egress vectors for hackers to themselves adopt a defined approach and with this allow the defender to introduce successful mitigation efforts. Whilst there is no silver bullet, this is a strong step forward to adopt an offensive approach within platform design itself.
Conclusion
Clearly, hacking threats will constantly progress with the same rate of new technology adoption. Privacy settings, design permissions and environmental variations, users will need to be given the ability to control over technology use within their “circle of trust”.
The threats are likely not to be either from outside or within the perimeter but rather a combination whose catalyst is external to the perimeter itself. The use of heuristics today is the new alarm bell, though in the future the ability to for algorithms to self-learn and alert will be pivotal for when hacking threats occur for example smart-cars might need to be monitored constantly. To mitigate hacks, users will need to have a common sense approach to take responsibility so that privacy does not become a concern greater than the proportion of the smallest components, thus making the threat manageable. This would need to extend out to User-to-User and machine to machine threats.
Innovative process mechanisms like Machine to Machine will enhance the traditional CIA approach to ensure that as technology hacking vectors mature so does the detection and response capability.
[ References available for all sources ]
Googles initial SPDY protocol, now known as HTTP2 [62] will be a step forward to having security built into technology process from the ground up. At the moment, future threats expected are based on the vulnerabilities of HTTP and TCP/IP, however changing the fundaments across the model TCP/IP platform will help reduce exploits within computer services.
Figure 4: HTTP/2 Protocol
Figure 4 shows how the basic fundamentals of HTTP have been intelligently prioritised and enhanced to create a protocol that can embrace the modern requirements of HTTP2. This will ensure that hacking efforts will become manageable as the rules of the protocols themselves are refined thus enabling ingress and egress vectors for hackers to themselves adopt a defined approach and with this allow the defender to introduce successful mitigation efforts. Whilst there is no silver bullet, this is a strong step forward to adopt an offensive approach within platform design itself.
Conclusion
Clearly, hacking threats will constantly progress with the same rate of new technology adoption. Privacy settings, design permissions and environmental variations, users will need to be given the ability to control over technology use within their “circle of trust”.
The threats are likely not to be either from outside or within the perimeter but rather a combination whose catalyst is external to the perimeter itself. The use of heuristics today is the new alarm bell, though in the future the ability to for algorithms to self-learn and alert will be pivotal for when hacking threats occur for example smart-cars might need to be monitored constantly. To mitigate hacks, users will need to have a common sense approach to take responsibility so that privacy does not become a concern greater than the proportion of the smallest components, thus making the threat manageable. This would need to extend out to User-to-User and machine to machine threats.
Innovative process mechanisms like Machine to Machine will enhance the traditional CIA approach to ensure that as technology hacking vectors mature so does the detection and response capability.
[ References available for all sources ]