Search results for: hijack

Authors: Qintao Shen, Lei Luo, Jun Ma, Jie Yu, Qingbo Wu, Yongqi Ma, Zhengji Liu

Abstract:

Control Flow Integrity (CFI) is one of the most promising technique to defend Code-Reuse Attacks (CRAs). Traditional CFI Systems and recent Context-Sensitive CFI use coarse control flow graphs (CFGs) to analyze whether the control flow hijack occurs, left vast space for attackers at indirect call-sites. Coarse CFGs make it difficult to decide which target to execute at indirect control-flow transfers, and weaken the existing CFI systems actually. It is an unsolved problem to extract CFGs precisely and perfectly from binaries now. In this paper, we present an algorithm to get a more precise CFG from binaries. Parameters are analyzed at indirect call-sites and functions firstly. By comparing counts of parameters prepared before call-sites and consumed by functions, targets of indirect calls are reduced. Then the control flow would be more constrained at indirect call-sites in runtime. Combined with CCFI, we implement our policy. Experimental results on some popular programs show that our approach is efficient. Further analysis show that it can mitigate COOP and other advanced attacks.

Keywords: contex-sensitive, CFI, binary analysis, code reuse attack

Procedia PDF Downloads 284

Authors: M. Rutkowski, J. Cwiklak, M. Grzegorzewski, M. Adamski

Abstract:

All class A Airplanes have to be equipped with Mod. S transponder for ATC surveillance purposes. This technology was designed to provide a robust and dependable solution to localize, identify and exchange data with the airplane. The purpose of this paper is to analyze potential hazards that are a result of lack of any security or encryption on a design level. Secondary Surveillance Radars rely on an active response from an airplane. SSR radar installation is broadcasting a directional interrogation signal to the planes in range on 1030MHz frequency with DPSK modulation. If the interrogation is correctly received by the transponder located on the plane, a proper answer is sent on 1090MHz with PPM modulation containing plane’s SQUAWK, barometric altitude, GPS coordinates and 24bit unique address code. This technology does not use any kind of encryption. All of the specifications from the previous chapter can be found easily on the internet. Since there is no encryption or security measure to ensure the credibility of the sender and message, it is highly hazardous to use such technology to ensure the safety of the air traffic. The only thing that identifies the airplane is the 24-bit unique address. Most of the planes have been sniffed by aviation enthusiasts and cataloged in web databases. In the moment of writing this article, The PoFung Technologies has announced that they are planning to release all band SDR transceiver – this device would be more than enough to build your own Mod. S Transponder. With fake transponder, a potential terrorist can identify as a different airplane. By replacing the transponder in a poorly controlled airspace, hijackers can enter another airspace identifying themselves as another plane and land in the desired area.

Keywords: flight safety, hijack, mod S transponder, security analysis

Procedia PDF Downloads 267

Authors: Yong-Hui Zheng

Abstract:

Viruses hijack host machineries to propagate and spread, which disrupts cellular homeostasis and activates various counteractive mechanisms. Infection of enveloped viruses is dependent on their fusion proteins, which bind to viral receptors to allow virus entry into cells. Fusion proteins are glycoproteins and expressed in the endoplasmic reticulum (ER) by hijacking the secretory pathway. Previously, we reported that Zaire ebolavirus (EBOV)-glycoprotein (GP) expression induces ER stress, and EBOV-GP is targeted by the calnexin cycle to macro-ER-phagy for degradation. We now report that expression of severe acute respiratory syndrome coronavirus 2 (SARS-CoV-2/SARS2)-spike (S) protein also causes ER stress, and its expression is strongly downregulated by mannosidase alpha class 1B member 1 (MAN1B1), a class I α-mannosidase from the ER. MAN1B1 co-localizes with SARS2-S in the ER, and its downregulation of SARS2-S is blocked by inhibitors targeting lysosomes and autophagy, but not proteasomes, indicating SARS2-S degradation by autolysosomes. Notably, the SARS2-S degradation does not require the core autophagy machinery including ATG3, ATG5, ATG7, and phosphatidylinositol 3-kinase catalytic subunit type 3 (PI3KC3)/vacuolar protein sorting 34 (VPS34), and instead, it requires Beclin 1 (BECN1), a core component in the PI3KC3 complex. In addition, MAN1B1 does not trigger SARS2-S polyubiquitination, and consistently, the SARS2-S degradation does not require the autophagy receptor sequestosome 1 (SQSTM1)/p62. MAN1B1 also downregulates EBOV-GP similarly, but this degradation does not require BECN1. Collectively, we conclude that MAN1B1 downregulates viral fusions by micro-ER-phagy, and importantly, we have identified BECN1-dependent and BECN1-independent mechanisms for micro-ER-phagy.

Keywords: Micro-ER-phagy, reticulophagy, fusion proteins, ER stress

Procedia PDF Downloads 45

Authors: Mokopane Charles Marakalala

Abstract:

Research shows that mobile fraud has grown exponentially in South Africa during the lockdown caused by the COVID-19 pandemic. According to the South African Banking Risk Information Centre (SABRIC), fraudulent online banking and transactions resulted in a sharp increase in cybercrime since the beginning of the lockdown, resulting in a huge loss to the banking industry in South Africa. While the Financial Intelligence Centre Act, 38 of 2001, regulate financial transactions, it is evident that criminals are making use of technology to their advantage. Money-laundering ranks among the major crimes, not only in South Africa but worldwide. This paper focuses on the impact of biometric-based solutions in combatting mobile fraud at the South African Risk Information. SABRIC had the challenges of a successful mobile fraud; cybercriminals could hijack a mobile device and use it to gain access to sensitive personal data and accounts. Cybercriminals are constantly looting the depths of cyberspace in search of victims to attack. Millions of people worldwide use online banking to do their regular bank-related transactions quickly and conveniently. This was supported by the SABRIC, who regularly highlighted incidents of mobile fraud, corruption, and maladministration in SABRIC, resulting in a lack of secure their banking online; they are vulnerable to falling prey to fraud scams such as mobile fraud. Criminals have made use of digital platforms since the development of technology. In 2017, 13 438 instances involving banking apps, internet banking, and mobile banking caused the sector to suffer gross losses of more than R250,000,000. The final three parties are forced to point fingers at one another while the fraudster makes off with the money. A non-probability sampling (purposive sampling) was used in selecting these participants. These included telephone calls and virtual interviews. The results indicate that there is a relationship between remote online banking and the increase in money-laundering as the system allows transactions to take place with limited verification processes. This paper highlights the significance of considering the development of prevention mechanisms, capacity development, and strategies for both financial institutions as well as law enforcement agencies in South Africa to reduce crime such as money-laundering. The researcher recommends that strategies to increase awareness for bank staff must be harnessed through the provision of requisite training and to be provided adequate training.

Keywords: biometric-based solution, investigation, cybercrime, forensic investigation, fraud, combatting

Procedia PDF Downloads 60

Authors: Venus Torabi

Abstract:

ISIS, the terrorist organization, modified two videogames, ARMA III and Grand Theft Auto 5 (2013) as means of online recruitment and ideological propaganda. The urge to study the mechanism at work, whether it has been successful or not, derives (Digital) Humanities experts to explore how codes of terror, Islamic ideology and recruitment strategies are incorporated into the ludic mechanics of videogames. Another aspect of the significance lies in the fact that this is a latent problem that has not been fully addressed in an interdisciplinary framework prior to this study, to the best of the researcher’s knowledge. Therefore, due to the complexity of the subject, the present paper entangles with game studies, philosophical and religious poles to form the methodology of conducting the research. As a contextualized epistemology of such exploitation of videogames, the core argument is building on the notion of “Culture Industry” proposed by Theodore W. Adorno and Max Horkheimer in Dialectic of Enlightenment (2002). This article posits that the ideological underpinnings of ISIS’s cause corroborated by the action-bound mechanics of the videogames are in line with adhering to the Islamic Eschatology as a furnishing ground and an excuse in exercising terrorism. It is an account of ISIS’s modification of the videogames, a tool of technological progression to practice online radicalization. Dialectically, this practice is packed up in rhetoric for recognizing a religious myth (the advent of a savior), as a hallmark of regression. The study puts forth that ISIS’s wreaking havoc on the world, both in reality and within action videogames, is negotiating the process of self-assertion in the players of such videogames (by assuming one’s self a member of terrorists) that leads to self-annihilation. It tries to unfold how ludic Mod videogames are misused as tools of mass deception towards ethnic cleansing in reality and line with the distorted Eschatological myth. To conclude, this study posits videogames to be a new avenue of mass deception in the framework of the Culture Industry. Yet, this emerges as a two-edged sword of mass deception in ISIS’s modification of videogames. It shows that ISIS is not only trying to hijack the minds through online/ludic recruitment, it potentially deceives the Muslim communities or those prone to radicalization into believing that it's terrorist practices are preparing the world for the advent of a religious savior based on Islamic Eschatology. This is to claim that the harsh actions of the videogames are potentially breeding minds by seeds of terrorist propaganda and numbing them to violence. The real world becomes an extension of that harsh virtual environment in a ludic/actual continuum, the extension that is contributing to the mass deception mechanism of the terrorists, in a clandestine trend.

Keywords: culture industry, dialectic, ISIS, islamic eschatology, mass deception, video games

Procedia PDF Downloads 114