Connect with us

News

Are biometrics the backbone of personal security in smart cities?

Published

on

Alexander Murzina

By: Alexander Migutsky, Advanced Technologies Specialist, Positive Technologies
Alexandra Murzina, Head of Advanced Technologies Department, Positive Technologies

What makes smart cities so fascinating is the level of personalization the ecosystem promises across essential daily staples including work, transport, payments, and complete control over applications at home.

With immeasurable IoT applications and effective use of big data analytics, smart cities will emerge a phenomenon that seeks to make us question how we ever managed to operate any other way.

Achieving this level of personalization won’t be easy though. A larger interconnected network requires paths to identify users so they can tailor their experiences to themselves. Whether it be biometric ID cards or authentication portals, users should be able to authenticate themselves and connect to networks using their personal information.

Biometrics are widely used in enterprise security, access control, and banking operations, with facial recognition and fingerprint authentication systems now commonplace in companies, subways, stores, and restaurants.

The demand for biometric technologies is being driven, among other things, by the increasing adoption of biometric systems in the automotive and consumer electronics industries.

But are biometrics geared to provide comprehensive support to smart city infrastructure?

According to Fortune Business Insights, the global biometric system market size is projected to reach USD 76.70 billion by 2029.

However, there are still safety concerns about how these systems operate and make decisions; questions arise – Exactly how safe are these systems? How do they work under the hood, how do they make decisions?

Positive Technologies’ in-house team of cybersecurity experts conducted a white hat investigation focusing on physical and cyber threats to machine learning systems, including attacks that aim to compromise system confidentiality and obtain data.

The goal of the investigation was to discover gaps within biometric security systems leading up to their inevitable integration into smart infrastructure. We hope that our findings can shed some much needed light upon how the industry can collectively ensure seamless connectivity and functionality within biometric authentication systems supporting smart infrastructure.

During our investigation, we took apart two biometric devices and examined their internal electronics.

Device 1

The first device is expensive and uses advanced technology with the latest biometric algorithms. It has a depth camera, two conventional cameras, and an IR dot projector. A depth camera uses a combination of technologies to obtain depth information, increasing the reliability of the biometric system, which means attackers would need to know the user’s face geometry and have the ability to recreate it. Naturally, a device with such technology is used in access control systems at airports worldwide. Such a device is bound to be a staple of central transportation hubs in smart cities. So, how reliable is the device really?

During testing, we discovered that the device has liveness detection to identify whether the biometric source is real. The cameras capture the image, which is then received by deep neural networks for processing.

We found vulnerabilities in the system, particularly through remote code execution (RCE) attacks, which allowed us to extract machine learning models and user vectors to recreate the biometric authentication algorithm. We attempted to restore a user’s face from the representation hidden in the database.

Although we had a shot at carrying out a successful attack, there was probably a lot of optical distortion in real conditions, due to which we lost some points.

Security analysis:

  1. Developers did not use depth camera data for authentication which allowed us to circumvent the authorization algorithm.
  2. The algorithmic assessment failed when we attempted to generate an artificial face matching a real person’s biometric pattern, but attackers could potentially succeed with more time.

Device 2

The second device we studied was a biometric terminal for tracking employees’ work hours – crucial to supporting enterprise workforces within smart cities. It wasn’t as advanced as the first device as it lacked CUDA cores for complex neural networks. However, it used machine learning algorithms from the 2010s and had two cameras: one conventional and one infrared for biometric authentication.

The infrared camera is the key feature of the terminal. It captures invisible details, making it difficult to trick the system. The terminal uses a cascade classifier, 15 Gabor filters, and an algorithm for local binary patterns in the infrared range to detect and analyze facial features. Although it has some vulnerabilities, such as recognizing the same user with and without glasses as different people, the combination of technologies provides decent defense against attacks.

Security analysis: The biometric terminal is less flexible than the first device because it uses only the infrared range and classic algorithms. Nonetheless, this design makes it more resistant to attacks.

Conclusively

Having studied biometric access control terminals that use different algorithms, we discovered that the terminal with neural networks is flexible and can authenticate users wearing masks, helmets, or makeup, but it can be hacked through considerably antiquated mirroring tactics.

The terminal using classic machine learning algorithms is more resistant to illegal authentication attempts. However, both terminals are vulnerable to remote code execution attacks.

Our recommendations for developers looking to strengthen biometric device security include:

  1. Using data from the depth sensor to distinguish between individuals.
  2. Conducting independent device audits.
  3. Collaborating with security researchers and be open to receiving help.

Developing devices for smart city infrastructure is a complex process that requires experts conducting diligent trial and error routines to ensure frictionless operational capacity across the grid.

Even highly skilled teams can make mistakes, leading to vulnerabilities in the final product. Being open to feedback from real users and experts are key to optimizing biometric applications within smart infrastructure.

By eliminating passwords and PINs, biometric authentication provides a disruptive step in the field of cybersecurity and alleviates concerns around the security of copious amounts of data needed in a hyper-connected ecosystem.

While designing IoT applications for smart cities, biometrics are the ideal solution to achieving personalization and privacy backed by seamless authentication, provided the machinery involved is treated with a pristine level of care and pressure testing.

Continue Reading

Financial

Corporate Group and PwC sign MoU to build pathways, connecting academic excellence with corporate success

Published

on

Corporate Group and PwC

Corporate Group and PwC Academy Middle East have officially signed a Memorandum of Understanding (MoU), launching a strategic collaboration aimed at empowering the next generation of young professionals by bridging the gap between academic learning and real-world corporate experience. This initiative seeks to provide ambitious students with a clear pathway into the corporate world, equipping them with the skills and hands-on experience necessary to thrive in today’s competitive marketplace.

Mohamed Osman, Chairman and Co-Founder of Corporate Group, said: “Our partnership with PwC marks a pivotal step in shaping the future of our industry by equipping the next generation with practical experience, essential skills, and deep knowledge. Together, we’re committed to fostering talent in the UAE, and we look forward to making a lasting impact on the emerging workforce.”

This partnership leverages Corporate Group’s deep industry expertise and PwC Academy’s exceptional educational platform, allowing students to apply theoretical knowledge in a practical, dynamic setting.

Taimur Ali Mir, PwC Partner and Professional Qualifications lead at PwC Academy, added: “This collaboration further reinforces our commitment to enabling the workforce of the future with the right knowledge, skills, and mindset required to thrive in today’s dynamic financial landscape. We look forward to working with Corporate Group to deliver impactful and meaningful experiences that support the region’s talent development needs.”

Participants will gain firsthand exposure to real corporate challenges, deepening their understanding of business operations and developing the mindset, confidence, and problem-solving skills required to drive meaningful change.

Unlike traditional academic programs, this collaboration emphasises real-world readiness. Graduates will be fully equipped to enter the workforce as active contributors, ready to make an immediate and impactful difference within their organisations. They will be empowered to tackle complex problems, make informed decisions, and lead with purpose from day one—ultimately contributing to the sustained growth of the region’s business ecosystem.

Continue Reading

News

PNY Announces Strategic Partnership with METRA

Published

on

PNY

PNY is pleased to announce the establishment of a strategic partnership with METRA, recognized as the region’s fastest-growing IT Value Added Distributor.

With a dynamic team of over 500 regional employees, METRA collaborates with a network of over 30 distinguished vendors, as well as 6500 partners and resellers. Their focus on delivering exceptional value-added services and regional expertise has propelled their rapid growth and positioned them as a trusted leader in the industry.

PNY is proud of this new collaboration. The company will bring its extensive expertise and the power of NVIDIA AI solutions, from AI workstations to data centers, to this partnership.

Providing cutting-edge solutions such as NVIDIA Professional Visualization, NVIDIA TESLA, and NVIDIA DGX solutions, PNY helps improve the creativity, productivity, and performance of users. PNY’s technology partnerships are constantly evolving to stay up to date with the latest innovations. PNY proposes a full spectrum of high value-added solutions in HPC and Artificial Intelligence environments.

Through this collaboration, PNY and METRA aim to leverage their combined strengths to offer advanced technology solutions that meet the growing demands of the IT and AI sectors. This partnership marks a significant step forward in delivering unparalleled value and expertise to customers across the region.

Continue Reading

News

The Malware That Must Not Be Named: Suspected Espionage Campaign Delivers “Voldemort”

Published

on

Voldemort malware

In August 2024, Proofpoint researchers identified an unusual campaign using a novel attack chain to deliver custom malware. The threat actor named the malware “Voldemort” based on internal filenames and strings used in the malware. 

The attack chain comprises multiple techniques currently popular within the threat landscape as well as uncommon methods for command and control (C2), like the use of Google Sheets. Its combination of tactics, techniques, and procedures (TTPs), lure themes impersonating government agencies of various countries, and odd file naming and passwords like “test” are notable. Researchers initially suspected the activity may be a red team. However, the large volume of messages and analysis of the malware very quickly indicated it was a threat actor.  

Proofpoint assesses with moderate confidence this is likely an advanced persistent threat (APT) actor with the objective of intelligence gathering. However, Proofpoint does not have enough data to attribute with high confidence to a specific named threat actor (TA). Despite the widespread targeting and characteristics more typically aligned with cybercriminal activity, the nature of the activity and capabilities of the malware show more interest in espionage rather than financial gain at this time. 

Voldemort is a custom backdoor written in C. It has capabilities for information gathering and to drop additional payloads. Proofpoint observed Cobalt Strike hosted on the actor’s infrastructure, and it is likely that is one of the payloads that would be delivered.  

Beginning on 5 August 2024, the malicious activity included over 20,000 messages impacting over 70 organizations globally. The first wave of messages included a few hundred daily but then spiked on 17 August with nearly 6,000 total messages.  

Messages purported to be from various tax authorities notifying recipients about changes to their tax filings. Throughout the campaign, the actor impersonated tax agencies in the U.S. (Internal Revenue Service), the UK (HM Revenue & Customs), France (Direction Générale des Finances Publiques), Germany (Bundeszentralamt für Steuern), Italy (Agenzia delle Entrate), and from August 19, also India (Income Tax Department), and Japan (National Tax Agency). Each lure was customized and written in the language of the authority being impersonated. 

Proofpoint analysts correlated the language of the email with public information available on a select number of targets, finding that the threat actor targeted the intended victims with their country of residence rather than the country that the targeted organization operates in or country or language that could be extracted from the email address. For example, certain targets in a multi-national European organization received emails impersonating the IRS because their publicly available information linked them to the US. In some cases, it appears that the threat actor mixed up the country of residence for some victims when the target had the same (but uncommon) name as a more well-known person with a more public presence. Emails were sent from suspected compromised domains, with the actor including the agency’s real domain in the email address.

The threat actor targeted 18 different verticals, but nearly a quarter of the organizations targeted were insurance companies. Aerospace, transportation, and university entities made up the rest of the top 50% of organizations targeted by the threat actor.  

Proofpoint does not attribute this activity to a tracked threat actor. Based on the functionality of the malware and collected data observed when examining the Sheet, information gathering was one objective of this campaign. While many of the campaign characteristics align with cybercriminal threat activity, we assess this is likely espionage activity conducted to support as yet unknown final objectives.  

The Frankensteinian amalgamation of clever and sophisticated capabilities, paired with very basic techniques and functionality, makes it difficult to assess the level of the threat actor’s capability and determine with high confidence the ultimate goals of the campaign. It is possible that large numbers of emails could be used to obscure a smaller set of actual targets, but it’s equally possible the actors wanted to genuinely infect dozens of organizations. It is also possible that multiple threat actors with varying levels of experience in developing tooling and initial access worked on this activity. Overall, it stands out as an unusual campaign.   

The behavior combines a variety of recently popular techniques observed in several disparate campaigns from multiple cybercriminal threat actors that have used similar techniques as part of ongoing experimentation across the initial access ecosystem. Many of the techniques used in the campaign are observed more frequently in the cybercriminal landscape, demonstrating that actors engaging in suspected espionage activity often use the same TTPs as financially motivated threat actors. 

While the activity appears to align with espionage activity, it is possible that future activities associated with this threat cluster may change this assessment. In that case, it would indicate cybercriminal actors, while demonstrating some typical e-crime delivery characteristics, used customized malware with unusual features currently only available to the operators and not abused in widespread campaigns, as well as very specific targeting not normally seen in financially motivated campaigns. 

Defense against observed behaviors includes restricting access to external file sharing services to only known, safelisted servers; blocking network connections to TryCloudflare if it is not required for business purposes; and monitoring and alerting on use of search-ms in scripts and suspicious follow-on activity such as LNK and PowerShell execution. 

Proofpoint reached out to our industry colleagues about the activities in this report abusing their services, and their collaboration is appreciated. 

Continue Reading

Trending

Please enable JavaScript in your browser to complete this form.

Copyright © 2023 | The Integrator