https://padlet.com/ncscompeg/eqwt9wurpwo5 analysis of problems and design solution en-us 2018-05-17 14:05:33 UTC 2026-01-11 16:45:55 UTC hello@padlet.com https://padlet-assets.s3.amazonaws.com/icons/Rocket.png ncscompeg https://padlet.com/ncscompeg/eqwt9wurpwo5/wish/261593952 An Attacker – A person or group of people who go out of their way to carry out an attack against an individual or company for the purpose of disrupting, infiltrating or damaging systems

PDA Device is Voice activated - but not person specific - as video in link in The Scenario shows. Keywords operate the unit. From that point any connected device is accessible / risk - door locks etc.
Vishing - a voice connection for gaining access to you and or the device. User name and password / credentials for connection to any of the systems to which the PDA is connected.
Once the attacker has access to amazon or google credentials they can _{^{LISTEN TO ANY OF THE STORED VOICE RECORDINGS.}} ]]> 2018-05-17 14:07:34 UTC https://padlet.com/ncscompeg/eqwt9wurpwo5/wish/261593952 ncscompeg https://padlet.com/ncscompeg/eqwt9wurpwo5/wish/261594309 Need to start with the PDA itself.  Then simply: the impact on the house, the safety of the people / individuals in the house - especially children. Access to medical, financial, business, workplace information, location information of children and family - when they are in or not in the house - when they are going away and for how long. Physical and digital implications. ]]> 2018-05-17 14:08:28 UTC https://padlet.com/ncscompeg/eqwt9wurpwo5/wish/261594309 ncscompeg https://padlet.com/ncscompeg/eqwt9wurpwo5/wish/261594429 Vulnerability - (1) WiFi router / (2) the voice activation of the DPA / (3) Phone and associated apps
The VULNERABILITY will be a system attack of the home DPA and will be Intentional / Criminal in nature

EXPLOIT: Hacker(s) will employ use of digital methods: spyware, Trojan horse, virus, spear-phishing.  How does each one work? But as has been highlighted in (1) above the assistants can be voice activated. So they, the hackers/criminals could just shout commands through the window of the house to open the door via the connected front door lock system. Can actually activate Google Now, Siri and Alexa using inaudible voice commands when transmitted as ultrasounds. https://arxiv.org/pdf/1708.07238.pdf 
Bluetooth has previously - end of last year also been an issue for the range of devices. https://www.bleepingcomputer.com/news/security/blueborne-vulnerability-also-affects-20mil-amazon-echo-and-google-home-devices/   Whilst the PDA may have patches and be protected can the same be said of the connected devices. Are they as efficient at producing updates and patches for vulnerabilities in their devices. They will be connected most likely by bluetooth or wifi and are therefore equally at risk even if the hacker or criminal does not have access to the WiFi router.

MITIGATE: Use of Software Controls:
Testing and monitoring methods - making appropriate and consistent use of Anti Threat Applications - such as firewalls, antivirus, spyware detection, encryption of router / access point.
All of the devices need to have software auto update enabled so that they are patched for any vulnerabilities going forward. Previously bluetooth had been a problem as mentioned above.
All of the security provision that we have covered in Networks - so changing the initial WiFi admin Password on the router, using WPA2 encryption and a strong password - not sharing the SSID, MAC addressing limited only to the systems/devices in the property. Ensuring wifi devices are updated regularly to ensure that any vulnerabilities are patched. https://www.symantec.com/connect/blogs/kracks-what-you-need-know-about-new-wi-fi-encryption-vulnerabilities]]> 2018-05-17 14:08:49 UTC https://padlet.com/ncscompeg/eqwt9wurpwo5/wish/261594429 ncscompeg https://padlet.com/ncscompeg/eqwt9wurpwo5/wish/261594722 The majority of this content is in LO2 powerpoint.
Types of attackers: Hackers, script kiddies, neighbour!,
Motivations:
Personal Gratification that they have been able to hack the system. 

Hack to steal - data, business or personal information, to monitor to track business or personal activity. To misuse your system for their own gain.  

Hack to disrupt to break what you have in place so you cannot use it. ]]> 2018-05-17 14:09:38 UTC https://padlet.com/ncscompeg/eqwt9wurpwo5/wish/261594722 ncscompeg https://padlet.com/ncscompeg/eqwt9wurpwo5/wish/261595052
SATURDAY BOYS - MAKE SURE YOU READ THE FOUR BLOCKS I HAVE MADE, THEN THE POSSIBLE QUESTIONS ANSWERS FROM THE OTHER TEACHER IN THE SAMPLE PAPER BELOW. I DON'T THINK THEY TALK ENOUGH ABOUT THE SPEECH ACTIVATION - THIS WILL I THINK BE MORE PROMINENT - BUT THEN THEY KNOW THE QUALIFICATION SO SHOULD KNOW WHAT TO EXPECT.

KEYWORDS ARE IMPORTANT - CIA STUFF, EXPLOIT, VULNERABILITY - WHAT ARE THEY IN THE NETWORK, AND REMEMBER THE TYPES OF ATTACKERS WE DISCUSSED ON FRIDAY - CASUAL ANNOYING INDIVIDUAL OR A SERIOUS THREAT FROM A HACKER WHO WILL AIM TO MONITOR ACTIVITY ANS STEAL.

PLEASE CHECK BACK HERE SUNDAY AT 1.00 O'CLOCK LUNCHTIME TO SEE IF THERE ARE UPDATES.
WHAT YOU HAVE HERE WILL BE THE BASIS FOR YOU TO PASS AT LEAST.


Considers a subject, mr daka and his family and their home - and the use of a digital personal assistant, that is in turn connected to a range of systems in the house.

The blocks on this page consider the four key areas that the scenario tells you to examine. I have just started adding scribbles on the scenario sheets. Just click to view each one. See the Learning Organisers at the bottom of this page.
Detailed notes will appear in each of the boxes on the right. You must read the background material (to be included and provided tomorrow) that I supply and then refer to the brief notes on the right so that you are prepared for next week.
https://www.symantec.com/blogs/threat-intelligence/security-voice-activated-smart-speakers



]]> 2018-05-17 14:10:33 UTC https://padlet.com/ncscompeg/eqwt9wurpwo5/wish/261595052 ncscompeg https://padlet.com/ncscompeg/eqwt9wurpwo5/wish/261598638 2018-05-17 14:19:41 UTC https://padlet.com/ncscompeg/eqwt9wurpwo5/wish/261598638 ncscompeg https://padlet.com/ncscompeg/eqwt9wurpwo5/wish/261598862 2018-05-17 14:20:14 UTC https://padlet.com/ncscompeg/eqwt9wurpwo5/wish/261598862 ncscompeg https://padlet.com/ncscompeg/eqwt9wurpwo5/wish/261614420 2018-05-17 14:53:24 UTC https://padlet.com/ncscompeg/eqwt9wurpwo5/wish/261614420 ncscompeg https://padlet.com/ncscompeg/eqwt9wurpwo5/wish/261614770 2018-05-17 14:54:06 UTC https://padlet.com/ncscompeg/eqwt9wurpwo5/wish/261614770 ncscompeg https://padlet.com/ncscompeg/eqwt9wurpwo5/wish/261615096 2018-05-17 14:54:45 UTC https://padlet.com/ncscompeg/eqwt9wurpwo5/wish/261615096 ncscompeg https://padlet.com/ncscompeg/eqwt9wurpwo5/wish/261720352 2018-05-17 19:07:31 UTC https://padlet.com/ncscompeg/eqwt9wurpwo5/wish/261720352 ncscompeg https://padlet.com/ncscompeg/eqwt9wurpwo5/wish/261722655 2018-05-17 19:15:00 UTC https://padlet.com/ncscompeg/eqwt9wurpwo5/wish/261722655 ncscompeg https://padlet.com/ncscompeg/eqwt9wurpwo5/wish/261727276 2018-05-17 19:31:02 UTC https://padlet.com/ncscompeg/eqwt9wurpwo5/wish/261727276 ncscompeg https://padlet.com/ncscompeg/eqwt9wurpwo5/wish/261884130 2018-05-18 12:02:50 UTC https://padlet.com/ncscompeg/eqwt9wurpwo5/wish/261884130