Malicious USB devices, Past, Present and Future
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
APRIL 2020
Automation and Control | Electronics | Measurement and instrumentation | Technology and IoT
Malicious USB devices,
Past, Present and Future
Working at home
navigating the scams
Photon entanglement
revolutionises secure
communication
The planetary
computer for a
healthier planet
Radar the car’s
visual eye
Beacons to study
tropo propagation
Reinventing the
internet for trust
ISSN 1991-5047
The Now Media Group is the new owner of the EngineerIT and Energize titles.
The Marsh family, owners of the Now Media Group, and the Yelland family,
the previous owners of the titles, go back a generation when their
parents ran their businesses out of London House in Loveday Street
in the centre of Johannesburg some 50 years ago.
That is where the coincidence ends. Yelland was in the electrical
business and John H Marsh, a journalist and best-selling author
of Skeleton Coast, was a magazine publisher.
Now Media was founded in 1953 by John and
continues to be run as a family business by Dave,
chairman (2nd generation), and Anton, CEO
(3rd generation).
The company has taken an innovative approach to
publishing, whether it be establishing quick-read high frequency
trade newspapers or running its own printing works to ensure it
can be first with the news.
Before the internet was popularised it launched its first online B2B
service in 1989, Travelinfo, which changed the way the travel industry
in South Africa operates. It continues to flourish today with over 4 000 travel
agents using it repeatedly throughout the day for their operations.
It now has a strong internet presence with three daily news sites in the
freight and travel sectors.
Nico Maritz, who heads up a division that focuses on B2B monthlies and
upmarket magazines for large residential estates, will manage Energize
and EngineerIT.
Most critically we believe in being effective for our clients.
Through niche publications with highly engaged audiences
we can provide solid, effective promotional solutions to the
industries and audiences we serve.
The Now Media Group is a level 2 B-BBEE company
based in Illovo, Johannesburg and employs around
100 staff across: 5 business magazines, 11 security estate
publications, 3 daily news and 3 twice-weekly trade
websites, a travel reference and training system, as well
as its printing works.
FROM THE EDITOR
After Covid-19, will the world
return to normal?
he simple answer is no, not for a long time. that conferences, product launches and customer
T Maybe never!
In 1965 for a special issue of the journal
Electronics, Gordon Moore, at the time heading up
face-to-face events will not be possible. Companies
must rethink the way they will be keeping and
increasing their market presence.
Fairchild, was asked to predict developments of Research carried out by Kantar, the world’s leading
semiconductors over the next decade. Observing that data, insights and consulting company, shows that
the total number of components in these circuits had after the 2008/09 financial crash, stronger brands
roughly doubled each year, he blithely extrapolated recovered up to nine times faster in terms of stock
this annual doubling to the next decade, estimating market value than others. Several electronic device
that the microcircuits of 1975 would contain an and software companies in the US that kept their
astounding 65,000 components per chip. Today we operations and marketing intact were ready to go when
still refer to Moore’s law as an illustration of the rapid the situation normalised, whereas others that had put
rate at which developments take place, and the everything on hold took months to get back to the new
changes in our world. normal and had to step up their marketing efforts to
To come back to the question: will the world return win back some of their customers.
to normal, it is impossible to answer this pertinent “Brand health becomes vulnerable when
question unless we can define what is normal. The companies stop advertising,” says Kantar Insights
problem is that the normal of today will change by global head of media, Jane Ostler. “If they do this for
tomorrow and then we will have a new normal. The too long, it destroys both short- and long-term health.”
1911 attack on the World Trade Centre in New York Instead, she advises brands to change their media,
changed the normal in less than a day. It turned the messaging and touchpoints to ensure they are
travel industry upside down and sent security reaching customers with communications that they are
agencies and governments into a frenzy. The world most interested in. Marketers should look at how
came out of this but with a very new normal. The budgets can be spent most effectively to maintain a
Covid-19 pandemic will do the same. We will return to presence and key brand metrics if spend does need to
normal, a very new normal. be reduced.
Recovering from the pandemic lockdown will be Lockdown put sales and marketing events on hold,
a long process. There is however a major difference but you still have a sales budget to meet. Why not
between lockdown and shutdown. In South Africa spend some of the budget on online advertising and
we have seen innovative ways in which some promotions? We at EngineerIT have vowed to keep
sectors of the industry have responded, and the technology stories flowing online and have created
overnight, working remotely online took off. We are online advertising space at economical rates.
no longer zooming on our highways, but rather Rework your promotions budgets and move into
Zooming along wireless connections. the online world. Send your customers and would-be
ICASA was quick to react by making large chunks customers a strong message: “We are alive and well
of spectrum available to the mobile industry to fast and ready to serve you!”
expand our wireless highways. For over 10 years, We cannot print our April edition at this time, and
government was unmoveable on the spectrum issues. we will review the position once the lockdown of our
This is just one example of how the normal has printing works and distribution channels is lifted. Right
changed and how in future, companies will take the now, the April edition of EngineerIT is available online.
new, enlightened view that working from home is not a Check your inbox for our Tuesday and Thursday
bad idea. Sure, there will be issues to overcome, but e-newsletters and if you have news and new products
we have learnt to adapt, overnight. you wish to share with the market, send me an email.
The way we are going to do business will be
different. The lockdown will only be lifted in stages, Happy reading
and for the foreseeable future, gatherings of large Hans van de Groenendaal
numbers of people will remain restricted, meaning hansv@nowmedia.co.za
EngineerIT | April 2020 | 1
CONTENTS
APRIL 2020
Automation and Control | Electronics | Measurement and instrumentation | Technology and IoT
Technology can unfortunately also EDITOR
be used against us. Malicious uses Hans van de Groenendaal -
for USB devices have probably been MIng Honoris Causa (Stellenbosch)
around for as long as the USB Tel: 012 991 4662
standard. One of the earliest Cell: 082 781 4631
malicious uses of USB devices was Email: hansv@nowmedia.co.za
malware spreading on flash drives.
Later, users would use unauthorised ADVERTISING
network devices such as 3G modems to connect their corporate laptops to the Merinda Lottering
Internet, in order to bypass restrictive firewall policies. The U3 implementation Cell: 071 765 5702
of a CD-ROM drive combined with a flash disk was abused to automatically Email: merindal@nowmedia.co.za
execute commands as soon as the flash drive was plugged in. This was
commonly exploited by leaving malicious flash drives lying around, in the DESIGNER
hope that someone would pick them up and plug them in to their computer,
Adéle Gouws
and the payload would automatically be run by the operating system.
And you believed that USB devices, USB cables and receivers were safe. PUBLISHED BY
Think again. In this explosive article, Rogan Dawes takes these devices apart African Destination
and shows how vulnerable they can be. Publishing (Pty) Ltd
Tel: +27 (0)11 327 4062
Fax: +27 (0)11 327 4094
A VOICE FOR
E-mail: engineerit@nowmedia.co.za
Physical address:
Now Media Centre
32 Fricker Rd, Illovo, Johannesburg
South Africa
Postal address:
PO Box 55251, Northlands, 2116
PUBLISHER
Nico Maritz
Email: nicom@nowmedia.co.za
PRINTED BY
JUKA
WEBSITE
www.engineerit.co.za
EngineerIT | April 2020 | 2
4
20
28
24 26 35
FROM THE EDITOR 1 Copyright
Copyright of all material appearing in EngineerIT
is vested in African Destination Publishing (Pty)
NEWS 4 Ltd. In submitting any article for publication, the
authors confirm that they own the copyright to
ICT CYBER SECURITY the said article, which is ceded to African
Destination Publishing (Pty) Ltd for publication.
Malicious USB devices, Past, Present and Future 8
The editor reserves the right to edit or shorten
articles submitted for publication. Editing and/or
ICT shortening is done with due dilligence, where
The difference between active and passive antennas 11 necessary in conjuction with the author(s).
No part of this publication may be
Work at Home 12
reproduced, or stored in a retrieval system, or
Quantum leap for photon entanglement could revolutionise secure communications 14 transmitted in any form, or by any means,
Build data culture into the fabric of a digital business 16 except as described below, without the written
permission of African Destination Publishing
(Pty) Ltd. Copying of articles is not permitted
AMATEUR RADIO except for personal and internal use, to the
Beacons to study inland tropospheric propagation 18 extent permitted by South African law.
Permission is not required to make abstracts, on
SCIENCE condition that a full reference to the source is
shown. Requests for permission for other kinds
A healthy society requires a healthy planet 20
of copying should be addressed to African
Destination Publishing (Pty) Ltd.
AUTOMATION
The future of business lies in the combined power of man and machine 22 Disclaimer
Articles published in EngineerIT do not
necessarily reflect the views of African
AUTOMATION AND CONTROL Destination Publishing (Pty) Ltd or the editor.
Managing operational efficiency in food retail 24 In addition, views expressed by the editor do
not necessarily reflect the views of African
Destination Publishing (Pty) Ltd or any other
MEASUREMENT AND INSTRUMENTATION person or organisation associated with
Radar, the car’s virtual eye 26 EngineerIT.
It is a condition of publishing material in
EngineerIT that African Destination Publishing
TECHNOLOGY
(Pty) Ltd shall not be liable for any
The rise of conservation technology in Africa 28 consequential or other damages arising from
the publication in good faith of any article,
SPACE SCIENCES advertisement, picture, comment, view or
opinion. This applies to publishing, failing to
SANSA plans for SA to profit from space 30
publish, late publishing or incorrectly publishing
any article, advertisement, insert, picture,
OPINION caption, etc.
Reinventing the internet for trust 32 It is acknowledged that errors in transcript,
human and technical errors can and do occur,
but that reasonable effort will be made to
COMMENT AND OPINION minimise their occurence, and to acknowledge
Start training the skills of the future, now! 34 and correct such errors when they are brought
to the attention of African Destination
Publishing (Pty) Ltd.
NEW PRODUCTS 35
EngineerIT | April 2020 | 3
NEWS
ICASA issues temporary radio frequency spectrum
CASA has considered applications for temporary radio frequency
I spectrum to ensure connectivity for all during the National State of
Disaster period. Seventeen applications were in line with the criteria
and conditions outlined in the regulations.
Radio frequency spectrum in the 700/800 MHz bands
Because analogue and digital television broadcasting services are still
operating in the 700 MHz and 800 MHz frequency bands, sharing and
co-existence in these frequency bands would have to be implemented
systematically through a geographic separation of International Mobile
Telecommunication (IMT) Systems and Broadcasting Services in affected
areas in accordance with the updated 2013 Terrestrial Broadcasting
Frequency Plan as published. Telkom, MTN and Vodacom have been granted
temporarily assignment of 40 MHz.
Assignment of the radio frequency spectrum in the
2300 MHz band
Telkom has been temporarily assigned 20 MHz in addition to the 60 MHz it already
has in this band. Vodacom has been temporarily assigned 20MHz. rate all COVID-19 sites as identified from
time to time by the Department of Health
Assignment of the radio frequency spectrum in the and published in the Government Gazette.
2600 MHz band The Authority exercised extreme care in
The total amount of available spectrum in this band is 170 MHz. The following the assignment of this temporary spectrum
applicants were assigned spectrum in this band: to existing licensees, in order to achieve
• Telkom has been temporarily assigned 40 MHz the objectives of the COVID-19 Regulations
• Vodacom and MTN have been temporarily assigned 50 MHz which are aimed at alleviating network
• RAIN Networks has been temporarily assigned 30 MHz in addition to the 20 challenges, easing congestion and
MHz it already has in this band. ensuring good quality of service for
consumers.
Assignment of the radio frequency spectrum in the “I would really like to express my
3500 MHz band deepest gratitude to all applicants and
The total amount of available spectrum in this band is 116 MHz. As in other bands, licensees alike, and I believe the spectrum
the temporary assignments in the 3500 MHz band were made on the principles of will be used efficiently as well as optimally
non-discrimination to all qualifying applicants. The following applicants were for the benefit of all South Africans. This will
assigned temporary spectrum in this band: indeed bridge the communications divide
• Telkom has been temporarily assigned 12 MHz out of the 32 MHz applied for. It during this difficult period of our lifetime”,
is important to note that Telkom is currently assigned 28 MHz in the 3500 MHz said ICASA Acting Chairperson, Dr
band and was assigned 12 MHz to afford it adequate capacity spectrum to meet Keabetswe Modimoeng. n
the demand occasioned by the pandemic during this period.
• Vodacom has been temporarily assigned 50 MHz as applied for.
• MTN has been temporarily assigned 50 MHz out of the 70 MHz applied for.
• Liquid Telecoms has been temporarily assigned 4 MHz, which adds to the 56
MHz it already has in this band.
Authorisation to use TVWS during the National State of Disaster
The Authority received applications from Mthinte Communications, Levin Global
and Morai Solutions for the use of TVWS in the 470 – 694 MHz band.
The authorisation for use of TVWS by these applicants was granted subject to a
number of conditions as set out in the regulations
Conditions associated with the temporary spectrum assignment
All successful licensees for temporary IMT radio frequency spectrum assignments
must ensure that they support and create virtual teaching and classrooms as
determined by the Department of Basic Education and the Department of
Communications and Digital Technologies in various districts during the National ICASA Acting Chairperson,
State of Disaster. Furthermore, all radio frequency spectrum licensees must zero Dr Keabetswe Modimoeng
EngineerIT | April 2020 | 4
NEWS
Government sets up Covid-19 situational awareness platform
n response to the announcement by President Ramaphosa hotels, lodges, boarding houses at schools, etc that can be
I of a range of measures to deal with the Coronavirus
pandemic, the Department of Science and Innovation (DSI)
in cooperation with the Council for Scientific and Industrial
used in the fight against the pandemic. He thanked the data
analysts and other workers, who have been working up to 16
hours a day to collect data. He also welcomed the involvement
Research (CSIR), commissioned the set-up of a core of telecoms service provider Vodacom, which donated 20 000
situational awareness platform. mobile devices to be used by the community health workers
The centre, led by the Department of Health in partnership deployed to conduct the household screening for the virus. The
with DSI and its entity, the CSIR, provides near real-time mobile devices assist in digitising the screen time data which is
analytics and dashboards on the coronavirus outbreak per used for real-time reporting.
province, district, local municipality and ward. Dr Nzimande thanked the CSIR for the work it was doing on
The centre is housed in a secure facility at the CSIR in the data platform and noted that "behind this platform is a set of
Pretoria and provides a central situational awareness, giving competencies that include epidemiological modelling, data
a single view of the reality of the spread of the coronavirus analytics, high-performance computing and data visualisation.
across the country. These are important investments that the DSI has been making
The Covid-19 Information Centre is one of several projects over a number of years to ensure that we have an innovation-
the DSI is working on in support of the government's enabled developmental state." n
response to the pandemic. Among the centre's capabilities is
the CMORE app, a mobile visualisation platform used by
community health workers to record screening data and
symptoms in the field and transmit the information to the
centre. The app enables a near-live display of the results of
the work being conducted by the government's Household
Screening and Testing Programme.
The data and insights generated by the centre provide
significant input for decision-making by the National
Coronavirus Command Council.
On Thursday 9 April the Minister of Higher Education,
Science and Innovation, Dr Blade Nzimande, hosted
President Cyril Ramaphosa at the centre. He was
accompanied by the Deputy Minister of Health, Dr Joe
Phaahla.
President Cyril Ramaphosa being tested for a temperature as
The President commended the work being done at the he arrives at the Covid-19 Information Centre accompanied
centre, as it produces detailed information not only on the by the Minister of Higher Education, Science and Innovation,
spread of the virus but also on the availability of hospitals, Dr Blade Nzimande.
Established in 2017, iSERT may be
iSERT becomes first Sigfox accredited a fresh face in the market, but it has
already made significant inroads into
test laboratory the industry. As one of the only labs in
South Africa to offer a turnkey solution
for EMC, RF and safety testing, it brings
SERT, a company specialising in
i
something crucial to the local
turnkey testing solutions for EMC, RF electronics industry.
and safety testing, has collaborated “With the advent of the Fourth
with SqwidNet, the only licensed Sigfox Industrial Revolution (4IR), we realised it
operator in South Africa, to become the was essential for a test lab to have the
first, and currently only, Sigfox capabilities of testing products that
accredited test laboratory in the incorporate the latest technology in one
southern hemisphere. The partnership convenient location,” says Riaan van den
allows iSERT to provide customers with Berg, managing director at iSERT. “Our
testing facilities to ensure they will not partnership with SqwidNet and Sigfox
degrade the Sigfox network. For ensures that products are of good
SqwidNet, the partnership allows for quality and that they will not degrade the
further investment into South African Sigfox network. It’s similar to PTCRB
innovation and development. testing for cellular networks.” n
EngineerIT | April 2020 | 5
NEWS
Denel to manufacture ventilators and ambulances
enel is mobilising its resources current operations and technology to investigate designs and produce a
D and expertise towards a priority
project for the local design and
development of medical ventilators.The
assist the national efforts. This include
the production of sanitisers and the
conversion of Casspir mine-protected
prototype of a local medical ventilator.
Du Toit says Denel employs some of
South Africa’s top engineers, researchers
company is also working on repurposing vehicles into ambulances. and scientists who have worked on
its Casspir mine-protected vehicles into “We are proud to respond sophisticated technology projects in the
ambulances. immediately and positively to a request past. This accumulated knowledge and
Danie du Toit, Group Chief Executive from the Department of Public expertise will now be mobilised to work
of Denel says engineers from Denel Enterprises to drive the ventilator closely with medical scientists to produce
Dynamics and Denel Aeronautics are project. As a state-owned company we life-saving ventilators.
already working round the clock on are committed to utilising our skills, “Through Project Sabela we are now
Project Sabela – ‘we are heeding the technology and experience in support of focusing all our efforts on the current
call’ – in partnership with other state- the national objectives to combat the medical and humanitarian crisis facing
owned entities, research bodies and scourge of the Covid-19 pandemic at South Africa and the world,” says Du Toit.
medical technology companies. our doorstep”. “We are confident that we will soon make
The defence and technology A task team has been formed huge strides in the development of locally-
company is also considering other consisting of experts from Denel, Armscor, designed ventilators at a time when global
initiatives in which it can repurpose its Eskom, the CSIR and other entities to shortages are experienced.” n
companies can more rapidly adapt their
supply chain to ship products and
IoT will become the biggest user of services where there is the most demand
for it.
edge computing amidst rising “By performing all analysis at the
edge, companies can reduce the load on
security concerns their data centres, resulting in cost
efficiencies due to the reduced
rom less than $1.5 billion in 2017 than earlier generations, but the
F
centralised processing needed. This can,
to an anticipated $9 billion by 2024, ubiquitous connectivity that 5G will bring in turn, be enhanced with additional
the worldwide edge computing means that the capacity of what have analysis at the data centre. Ultimately,
market is set to show significant growth in essentially become mini-computers to companies become more agile in meeting
the coming years. With expectations that collect data across a myriad of customer demand or receiving alerts
around 31 billion Internet of Things (IoT) touchpoints will increase massively. Using about factors that could impact
devices will be online by the end of this the high computational power of the edge, operations,” adds Bartsch. n
year, businesses are on the cusp of an
exciting new era where they can unlock
more insights from their data.
Gartner defines edge computing as
an “emerging topology-based computing
model that enables and optimises
extreme decentralisation, placing nodes
as close as possible to the sources of
data and content. The edge enables IoT
devices to process information right
there and then, without having to send
the raw data to data centres. “Accessing
data in real-time can even mean the
difference between life and death. For
example, getting alerts on the medical
condition of a patient or being notified
of a car-hijacking taking place,” says
Andreas Bartsch, Head of Service
Delivery at PBT Group.
Not only have IoT devices become
significantly more sophisticated in design
EngineerIT | April 2020 | 6
NEWS
The obvious reason to outsource some
of this work is to reduce costs by
utilising a third-party expert to execute a
service when needed by the customer. In
the Middle East and Africa, O&G
companies started the outsourcing of
assets health and performance
monitoring decades ago. However,
companies have equipment from several
OEMs (for pumps, turbines, motors,
valves, etc), which makes it difficult to
manage these assets in a cost-effective
manner. This opens the doors for third-
party service companies to address the
scope of different OEM’s assets in a
single contract.
Emerson, a global industrial
automation provider, is addressing the
need of the O&G industry by leveraging
Digital transformation, oil and gas the power of IIOT (Industrial Internet of
Things) to deliver the Plantweb Digital
industry opportunities Ecosystem. Plantweb leverages data
generated by existing or new sensors in
a company’s facility and offers analytics
igital transformation has created new opportunities for oil and gas companies
D
tools and secure connectivity to enable
(O&G) to lower monitoring costs, improve safety and optimise asset scalable monitoring services such as:
performance and availability by outsourcing to third party companies. health monitoring, condition monitoring,
Public sector industries such as hotels, banking and residential facilities have been performance monitoring and providing a
leveraging third party services (i.e. maintenance, logistics, catering etc.) for decades. full turn-key monitoring solution. n
colleges direct network access to
R7.5M Teraco grant for SABEN Platform Teraco, where the institutions
will benefit from highly secure and direct
interconnection to Africa’s largest digital
ecosystem. n
outh African Broadband serving the public Technical and
S Education Networks (SABEN)
has received a R7,5 m grant
from Teraco via the Teraco Connect
Vocational Education and Training
(TVET) sector in South Africa. It is
purpose-built to solve the digital
Foundation. Over the next five years, requirements of this sector. Hnizdo
Teraco will partner with SABEN to says that the Teraco Connect
support the national drive to end Foundation grant will not only enable
bandwidth poverty among South these educational institutions to access
Africa’s schools and public TVET content directly and grow their
colleges. collective digital strategy, but will also
Jan Hnizdo, CEO of Teraco, says assist in laying essential foundations
that the grant will help to facilitate the for future digital remote learning
changing landscape of education in strategies: “To enable digital
South Africa. Digital infrastructure transformation, SABEN’s need for
initiatives, including remote learning direct access to a rich ecosystem of
and educational streaming will become content and cloud providers can be
more efficient and easier to implement. realised, enabling efficient connections
“The Teraco Connect Foundation sees to education cloud services, streaming
the grant as an investment in the future and remote learning possibilities.”
of this country at a time when all Technically, the grant provides
sectors are facing significant SABEN a physical presence in Teraco
challenges.” data centres located in Durban, Cape
SABEN is a non-profit company Town and Johannesburg and gives
EngineerIT | April 2020 | 7
ICT CYBER SECURITY
Malicious USB devices, Past,
Present and Future
By Rogan Dawes, Researcher at Sensepost
And you believed that USB devices, USB cables and receivers were safe.
Think again. In this explosive article, Rogan Dawes takes these devices apart
and shows how vulnerable they can be.
he Universal Serial Bus (USB) drive was plugged in. This was disabling the practise of executing
T was a revolution when it was
introduced, consolidating the
myriad of connectors previously
commonly exploited by leaving malicious
flash drives lying around, in the hope
that someone would pick them up and
AutoRun programs by default, mitigating
this particular vulnerability, and
something that started as a simple
required for peripherals into a single plug them in to their computer, and the prank was quickly weaponised by
common standard, and enabling a payload would automatically be run by security researchers, and had probably
multitude of new technologies and the operating system. That led to been utilised as such by criminals for
devices that would otherwise have been operating systems like Windows much longer.
inconceivable. But apart from the
unified connector, one of the most
important changes brought about by the
introduction of USB was the ability to
make the peripheral self-describing, and
the development of common device
classes that peripherals could simply
implement. It is this change that largely
eliminated the “driver hell” previously
required, because the operating system
could simply implement a driver that
dealt with an entire class of devices at
once, and it could be automatically
loaded and applied to any peripherals
that described themselves as a member
of that class.
Technology is not always
friendly
Technology can unfortunately also be
used against us. Malicious uses for USB
devices have probably been around for
as long as the USB standard. One of the
earliest malicious uses of USB devices
was malware spreading on flash drives.
Later, users would use unauthorised
network devices such as 3G modems to
connect their corporate laptops to the
Internet, in order to bypass restrictive
firewall policies. The U3 implementation
of a CD-ROM drive combined with a
flash disk was abused to automatically
execute commands as soon as the flash
EngineerIT | April 2020 | 8The Phantom Keystroker is a
device sold from around 2008 by
a novelty store as a way
to play tricks on
people. When
plugged into a
computer, it would
randomly emit mouse
movements and
keystrokes, intended to
confuse the user. A researcher
named Adrian Crenshaw saw
USB devices, how
this device and recognised the safe are they?
potential for automated attacks, if the
keystrokes could be scripted rather
than randomly generated. This led to
the development of the “Programmable
Human Interface Device (HID) USB
Keystroke Dongle (PHUKD)”, which This could then execute a subsequent communications
could type out a pre-determined command prompt, and relay input channel was carried over the
payload under various circumstances, and output over the Raw HID interface Raw HID interface. It was also
for example, after a delay, or when to allow the attacker to interact with it. capable of executing PoisonTap-style
triggered by a sensor of some sort, for A Raw HID interface was chosen, attacks as well.
example, when the lights were turned despite the problems actually
off. A variety of commercial experienced using it, in order to avoid Tricking wireless mouse and
implementations of this idea followed, tools that check for unauthorised USB keyboard receivers
including the USB Rubber Ducky. devices. Most such tools are simply But so far, all of these USB attacks have
So-called Rubber Ducky attacks blocking mass storage class devices had one significant flaw; to carry out the
have been fairly successful since then, (flash drives), and possibly network attack, the attacker needs physical
but the majority of attacks required interfaces such as WiFi cards, modems proximity to the victim’s computer, at
network access to download and and phone tethering, but are not least long enough to plug the device in,
execute a more advanced malware than blocking anything as simple as a and hopefully not be noticed doing so.
could easily be typed out. Companies keyboard or a mouse. This could potentially be avoided by
have been implementing more network In the intervening time, several targeting a USB device that is already
controls to detect and prevent malware, more ingenious USB attacks have plugged in to the victim’s computer. One
including intercepting and decrypting been developed. Samy Kamkar such device is the receiver for wireless
requests to websites, and limiting developed PoisonTap, which uses a mice and keyboards. Being wireless,
access to sites based on reputation, or Raspberry Pi Zero configured as a the requirement for direct physical
subject matter. All of this made Rubber network adapter; when plugged into a proximity could be avoided.
Ducky attacks less likely to be victim’s machine, it tricks it into routing In 2016, a researcher named Marc
successful, and more likely to be all of its network traffic over that Newlin discovered that the receivers for
detected and prevented. interface. In this way, unencrypted numerous models of wireless mice could
In 2016, I presented a device called network traffic can be captured and be tricked into accepting keystrokes from
USaBUSe (Universal Serial aBUSe), analysed, and the victim can be tricked a remote attacker and passing those on
which extended the concept of Rubber into sending password hashes to to the operating system. Wireless
Duckies by adding an additional bi- PoisonTap. These can then be cracked keyboards typically encrypt keystrokes
directional communications channel offline, or used in attacks against other that they send to avoid eavesdroppers
between the victim’s PC and the systems on the target network. capturing sensitive information like
attacker. This was achieved by Another interesting attack, passwords, and, as a result, an attacker
integrating a WiFi interface connecting P4wnP1, was developed by Marcus with no knowledge of the encryption key
to the attacker’s access point, and Mengs, and runs on a Raspberry Pi would be unable to encrypt their own
adding a Raw HID interface to the Zero W. When connected to a victim’s keystrokes. Newlin discovered that the
Rubber Ducky’s existing keyboard and USB port, P4wnP1 can present a wireless mice did not encrypt their
mouse. Data written to the Raw HID variety of USB interfaces, from mass messages, and that a keystroke
interface would be available on the WiFi storage to network, but also as a message could be sent through the
interface, and vice versa. A somewhat keyboard and mouse, with a Raw HID same path as the unencrypted mouse
larger than typical PowerShell payload interface. In this way, the P4wnP1 was messages and end up being passed to
was typed out, which opened the Raw also capable of carrying out so-called the operating system. This attack was
HID interface, and downloaded and USaBUSe-style attacks, where the called MouseJack, and a number of
executed a more advanced program. initial payload was typed out and the parallel implementations appeared.
EngineerIT | April 2020 | 9ICT CYBER SECURITY
Marcus Mengs subsequently LOGITacker, as well as implementing
About the author
performed some in-depth research into it for O.MG cable. Each of the current
Rogan Dawes is a senior researcher
the Logitech unifying receivers, which implementations has significant
at SensePost and has been hacking
present a Raw HID interface as well as limitations that I intend to address in
since 1998, which, coincidentally, is
the expected keyboard and mouse, the near future. In the course of
also the time he settled on a final
and, in 2019, proved that it was indeed doing so, I will unify the attacker’s
wardrobe. He used the time he saved
possible for an attacker to send interface to the tools, as well as
on choosing outfits to live up to his
arbitrary binary data to a unifying extending the capabilities of the
colleague’s frequent joke that he has
receiver, and have it presented to the victim-side component.
an offline copy of the Internet in his
operating system via the Raw HID USaBUSe has significant
head. He spent many years building
interface. A Proof of Concept tool complexity in actually setting up and
web application assessment tools
implementing this was released, called carrying out an attack. There are a
and is credited as having built one of
LOGITacker, which implemented both number of moving parts that need to be
the first and most widely used
simple MouseJack attacks, as well precisely orchestrated in order to be
intercepting proxies - WebScarab. In
USaBUSe-style Command and Control successful. The most significant change
recent years, he has turned his
(C2) over Raw HID. This means that an to USaBUSe then will be to migrate
attentions towards hardware hacking,
attacker simply needs to identify a those moving parts into the USaBUSe
and these days many suspect him to
target using a Logitech wireless mouse firmware itself, dramatically simplifying
be at least part cyborg. A good
or keyboard with a unifying receiver, the overall experience.
conversation starter is to ask him
and, with a few minutes of P4wnP1 implemented the covert
where he keeps his JTAG header. n
uninterrupted time with the computer channel, but this was removed during
left unlocked, could compromise that construction of the P4wnP1 ALOA (A
target without ever touching it. In fact, Little Offensive Appliance) distribution.
the original MouseJack attacks could I intend to reimplement the covert attacker side program that allows for
be performed from up to 80m away, channel in P4wnP1 ALOA, and full binary data transfer through the
given line of sight to the target! integrate configuration and serial port of the Nordic dongle to the
deployment of it with the existing attacker’s computer.
USB cables with an attacker P4wnP1 user interface. As mentioned, O.MG cable has no
twist LOGITacker has a functional covert channel implementation at the
More recently, Mike Grover has been covert channel implemented in the moment. I am in the process of
working on embedding a WiFi firmware of the dongle itself, making implementing this, and will integrate all
controller into the A-male connector of it very easy and convenient to use, the changes for USaBUSe into the
a USB cable, which appears as an but the initial typed payload is O.MG cable as well, as there could be a
innocuous cable when plugged in, and excessively large, resulting in substantial amount of shared code.
can even charge and transfer data to a opportunities for that payload to be All in all, the work currently being
connected device. Only when the corrupted by errant keystrokes. undertaken will harmonise the attacker
attacker initiates his attack does the LOGITacker also has no way for an and victim-side implementations and
connected device disconnect, and the attacker to transfer binary data user experience, making these sorts of
cable itself appears as a keyboard and between the victim and his own USB attacks more achievable, and
mouse, again able to attack the computer, meaning that arbitrary file more effective.
connected host operating system. This transfer is impossible. I am in the From a user’s perspective, be
again does not necessarily require process of developing a new multi- cautious about what USB peripherals you
direct physical access to the target, as stage client payload, which connect or allow to be connected to your
the idea is that the victim may plug it in minimises the number of typed computer. In particular, Logitech’s non-
himself while charging his phone, for keystrokes required, while allowing Bluetooth wireless mice and keyboards
example. Or it could be used as a more fully featured client executables are an easily exploited avenue onto your
replacement cable between the host to be transferred to covert channel computer. But even a simple flash drive is
and a keyboard, particularly Apple itself to upgrade the client’s still something to be wary of, if you are not
wireless keyboards that are charged capabilities. I will also develop an certain of its origin. n
using a lightning cable. These O.MG
cables are available as lightning, micro
USB and USB-C cables, and are About Sensepost
virtually indistinguishable from any SensePost is SecureData’s independent elite consulting arm, renowned for its
other legitimate cable. The O.MG cable expertise,19 year track record and innovation on the frontlines of cybersecurity.
does not yet support Raw HID With team members that include some of the world’s most pre-eminent
interfaces, however. cybersecurity experts, SensePost has helped governments and blue-chip companies
Over the past several months, I both review and protect their information security and stay ahead of evolving threats.
have been working on refining the SensePost is also a prolific publisher of leading research articles and tools on
covert channel implementations for cybersecurity which are widely recognised and used throughout the industry and
USaBUSe, P4wnP1 and feature regularly at industry conferences including BlackHat and DefCon. n
EngineerIT | April 2020 | 10ICT
The difference
beamforming depending on the technology employed to drive
the AAS beamforming antenna array. Even more advanced
AAS may include all of the antenna array, TRX,
modulation/demodulation, digital-to-analogue conversion
between active and (DAC), analogue-to-digital conversion (ADC), digital
processing, beamforming, MIMO, carrier aggregation (CA), and
networking communication hardware in a single module, as is
passive antennas done with the latest 4G LTE AAS modules and is planned for
5G infrastructure.
Active antennas may also be part of a smart antenna, or
cognitive radio, and include some awareness of the
By Peter McNeil, Pasternack electromagnetic (EM) spectrum in their environment or include
the ability to externally provide intelligence. In this way a smart
antenna could reconfigure itself for best performance in its
passive antenna is a radiating element composed entirely
A
current environment. A cognitive radio system may even be able
of passive components. Typically, this means that a to learn about its environment and the dynamics of wireless
passive antenna system is one with at least a passive communications in its environment and develop strategies to
radiator (antenna element), passive impedance matching, enhance its service using active antenna technology or other
passive balun, passive tuning (capacitive or inductive), and radio technology.
passive interconnect (commonly 50 ohm or 75 ohm impedance). Typically, active antennas are more expensive and complex
A circulator or isolator may also be considered part of a passive than passive antennas, hence there are less available options for
antenna, depending on whether the antenna system is packaged suppliers of active antennas. Also, active antennas may be more
as a unit or separate parts. Ambiguously, the term antenna may difficult to troubleshoot and service than passive antennas,
be used to describe an antenna element or structure as well as though some active antennas and AAS may also include built-in-
an antenna system, in some cases. self test (BIST) and built-in-diagnostic (BID) technology that aids
An active antenna system uses some method of active with the troubleshooting process. In many cases, an active
electrical enhancement or control to provide improved antenna antenna or AAS is part of a much larger communications
performance for a given application. Active antenna infrastructure and must perform in a very specific manner, making
components may consist of amplifiers, such as low-noise the active antenna or AAS only useful for that given application.
amplifiers (LNAs) or power amplifiers (PAs), active filtering With passive antenna, often a variety of different antenna may be
(tuneable filters or switched filter banks), or potentially even used, given the need or changing requirements. n
switched antenna radiator sections. Active antennas enable
control and performance enhancement which can either be For more information email andrew@rfdesign.co.za
manually engaged/configured or can be enabled automatically
by software or analogue/digital control systems. Active
antennas are crucial for many applications that require 5G and active antennas
additional degrees of freedom, tunability, increased signal
strength to/from the antenna radiator, or configurable antenna. Active antennas (AAs) support a myriad of wireless use cases that are evolving
Active antenna can provide better rejection of unwanted signals, with next generation 5G cellular service. AAs promise performance
lower signal-to-noise ratio (SNR) using LNAs close to the improvements of more than 2-3X over conventional base station antennas in
antenna, high transmit power, better impedance match to the roughly the same form factor and at comparable costs.
antenna, and other performance benefits depending on the Conventional base station antennas are connected to a remote radio unit via
active antenna technology used. coaxial cable and essentially transmit energy from high on a tower over a wide
A more advanced version of an active antenna is an active coverage area in horizontal beamwidths up to 120 degrees per sector. For 360-
antenna system (AAS) which may employ a complete degree coverage, antennas are installed in 3-sector arrays with one or more
transmit/receive (TRX) component along with phase and antennas per sector depending on the area and the number of active users. In
amplitude adjustment to enable beamforming. Other forms of high-density applications, carriers use mechanical gear to point antennas
AAS include multi-input multi-output (MIMO) capability that downwards to deliver more RF energy to a smaller coverage area on the ground.
includes digital processing that enables multiple spatial By contrast, active antennas incorporate the RF source, basically a radio-
streams from a multi-element antenna array. Antenna arrays on-a-chip, that connects to an array of small antennas all mounted in the same
can use analogue beamforming, digital beamforming, or hybrid shroud. Power and fibre optic cables connect directly to the AA, eliminating the
remote radio unit. With integrated radios and antenna arrays under software
control, AAs dynamically deliver high-speed signals wherever needed in a
coverage area to enable a range of new applications not feasible before. With
multiband operation, AAs can support new high-speed, low latency 5G use cases
across many markets. This diversity of applications is creating a bandwidth-on-
demand scenario that exceeds the limits of conventional base station antennas,
but that AAs can handle.
AAs designs achieve these capabilities with Massive MIMO and dynamic
beamforming. n
EngineerIT | April 2020 | 11ICT WORKING REMOTE
he whole country has been
T sent to work from home.
We are well into the
lockdown and for most
businesses, things appear to be
going well. I see new pieces each
day telling us about the ability to
derive greater productivity and
reduce emissions while still
getting the job done. Costs in
office space can be reduced and
everybody can simply go ahead
and thrive in the new normal
world of work.
As I sit in the home office
with my work slipslops on, I’m
wondering if this is really true
and if we have we thought
through it all.
With the possibility of being
another voice in the cacophony
surrounding the lockdown and the
massive security risks that come
with it, I hope to provide some
Work at Home
practical points to ponder on -
now that your entire team is hard
at work in their pyjamas.
From a cyber security
perspective, it is true that
By J2 Software CEO John Mc Loughlin
attackers are using the COVID19
pandemic to spread their malware
and target previously office-bound
users to try and extract money or Scams disguised as remote IT support
information from them. We also see a rise in the number of scams done via telephone – remote support or phishing
Tens of thousands of new scams are flourishing because “Bob” from IT is on the phone to help connect to your machine
domains and ‘news sites’ have and solve all your problems. Please do take care. Some key points to start with:
sprung up to spread fake news, 1. If you do not know the person on the other side of the call or have not sent a direct
malware and launch cyberattacks. support request, do not give them any information or let them connect to you, your
They are working on people’s fear meetings or your computer.
and uncertainty to get them to 2. Never ever give anybody your username, password or pin over the telephone.
click on their well-put-together 3. Do not click on links from people you do not know.
campaigns of utter rubbish. 4. When you do know the person, do not click on links if this not their normal way of
Your users (people) are still doing business.
the last line of defense and a 5. If documents, language, grammar and so on look different to the normal way you interact
critical layer to protect you from with service providers, clients etc. do not download, open or click.
cyberattacks. The stats tell us 6. If you didn’t enter the competition you did not win it.
that most attacks start via email 7. If you do not know a relative that suddenly died in the UK, you did not receive an inheritance.
– this has not changed, but with 8. Be aware of fake sites, attackers are using the outbreak of COVID19 to spread their
the human migration homewards, attacks – use only trusted sources of information.
people are interacting with a 9. Even with a layered security program in place for work-related items, several people are
plethora of new gadgets and using things like Whatsapp Web, Gmail, Outlook.com and Zoom. The attacks can also
doo-hickeys. come through these systems. Please be vigilant.
Virtual meetings are Zooming 10. If you are not sure on what security settings to use when hosting a virtual meeting, ask a
all around us, teams are professional. Passwords, non-public chats and similar measures can prevent being
gathering online and photos by bombarded by links, videos or pornography in the next meeting.
the Gigabyte are being sent onto 11. If something does not seem right, please verify before acting. Speak to the person via
social media pages. All of this telephone. Only use contact details you are sure of.
oversharing opens up more and 12. Ensure policy compliance and visibility. Just because the people are no longer in your office
more points of entry for the party does not mean they should get away from basic cyber hygiene. User awareness training,
pooper cyber criminals. activity monitoring and patching/updates are still crucial.
EngineerIT | April 2020 | 12ICT WORKING REMOTE
If you have any doubts, verify, and if which can result in them downloading and months will bring, but I am quite
you cannot do that – ask me or a that payment file or clicking the link to sure that working from home will be far
professional who can guide you in the get the ‘invoice’ or read their new more widely used. Think through all
right direction. Take advantage of ‘payroll data’. applications and situations and
security capabilities on the platforms Encourage your people to remain incorporate these into your risk
of choice and use things like multi- active and take a bit of time in the day to discussions. It is important to adapt to
factor authentication. stand up. Walk around and even look at the new normal, whatever that may be.
I hear those at the back of the room, the sun. Many people leave their desks Things are forever different. Don’t
hiding behind the Twitter keyboards to have lunch in the office, should this believe me? Well, almost no business
telling me that this stuff is obvious. change now? had a 100% work from home
Maybe, but why do we keep seeing Do you share sensitive company simulation in their risk strategies,
statistics of the growing number of information with other businesses and continuity and disaster recovery plans
successful attacks, loss of data and organisations? You are very likely doing three weeks ago.
spate of complete shutdowns due to that now. The home migration now sees Put on your work pajamas and get
ransomware attacks? different businesses sharing resources. things done, and don’t forget to brush
Now we have covered the obvious Your significant other is likely at a your teeth!
stuff. What about those topics that different entity, but here we all are Stay safe, stay at home. n
businesses should be thinking about that sharing resources for the internet, Wi-Fi,
might not be quite as obvious? possibly computer time, USB devices,
office space and online meetings. About J2 Software
Increased productivity is great We need to be fully aware that J2 Software is a security focused
but keep a balance things that are being said in open African technology business founded
Our people are now always working, meetings are now being shared with in 2006 to address the need for
putting in the hours. This is ideal, they people in different companies. Your effective cybersecurity, governance,
roll out of bed and go directly to the secured devices could be used by risk and compliance solutions in
home office desk, or just stay in bed with others in the household to access their Africa. J2 Software delivers essential
the laptop. Our people are hitting the company networks. tools that empower organisations to
mail before the bathroom and many are How secure are those interactions take control of their technology
brushing their keyboards before they and what measures are in place to spend. The company's hand-picked
have brushed their teeth. monitor for anomalous usage and solutions provide complete visibility
An increase in productivity is access outside of your control? over its customers' environment,
fantastic, but without the ability to Make sure that your people are while reducing risk and lowering
accurately monitor activity, are our aware of these risks and if they are costs. The company has provided
people doing the right things, keeping part of the thousands of households services and solutions to enterprise
within policy and ensuring data security who share computing, office and WiFi corporations with sites running in
compliance requirements? resources please do it safely. Enforce South Africa, Angola, Botswana,
Having your people ‘always working’ visibility on activity, monitor, secure Kenya, Malawi, Mauritius,
is amazing, but tired people take and encrypt. Mozambique, Tanzania, Uganda,
shortcuts and miss the tell-tale signs We do not know what the next weeks Zambia, Australia, UK and Malta. n
VISIT OUR WEBSITE FOR UP-TO-DATE NEWS
www.engineerit.co.za
EngineerIT | April 2020 | 13ICT EMERGING TECHNOLOGIES
Quantum leap for photon
entanglement could revolutionise
secure communications
breakthrough in the development However, those wavelengths are
A of quantum-enhanced optical
systems could pave the way for
advances in encryption, communication
vulnerable to interference from the
sun’s light when they are transmitted
over open air, making them difficult to
and measurement, scientists say. use in applications such as secure
In a new paper published in the satellite-to-ground and satellite-to-
journal Science Advances, a group of satellite communications.
researchers, led by Matteo Clerici at the The Glasgow-led team’s new
University of Glasgow’s James Watt method of generating entangled
School of Engineering and colleagues photons further into the infrared at
from the UK, Japan and Germany, two micrometres wavelength, could
demonstrate a new method of help overcome these problems for
generating and detecting quantum- the first time.
entangled photons at a wavelength of Dr Matteo Clerici, senior lecturer at
2.1 micrometres. the University of Glasgow, said: “What
The ability to generate and detect we have been able to do for the first
the quantum state of light underpins the time is carve out a band in the Dr Matteo Clerici
development of secure communication electromagnetic spectrum where the
for both guided wave and free space entangled particles we produce are less likely to be affected by background solar
systems. Free space quantum key radiation when they’re transmitted across free space.
distribution (QKD) has recently enabled “There is what we call a ‘transparency window’ in the atmosphere where there
quantum secured intercontinental aren’t many gases which can absorb light at a wavelength of two micrometres. Also,
communication as much as 7 600 km the sunlight is much less overwhelming in this region – it’s one-third the brightness
apart on Earth. Until now, on-satellite that it has at standard telecommunication wavelengths around 1550 nm, for example.
based QKD was only possible during “Thus far, that has been one of the key stumbling blocks to advancing daylight
hours of darkness. A further reason for quantum key distribution in free space - if the wavelength that the photon detector is
this research comes from the limitations sensitive to is too close to the wavelength of the photons that are coming towards it
of guided wave optics. The current fibre from the sun, the detector can easily be blinded.”
networks face a capacity crunch. This breakthrough has benefited from the cutting-edge expertise of UK photonics
Solutions such as novel hollow-core companies. In partnership with Covesion Ltd, Dr Clerici and his team have engineered
photonic bandgap filters, working at two a nonlinear crystal made from lithium niobite, suitable
micrometres with reduced optical non- for operating at 2.1 micrometres. The
linearities and lower losses, are currently entangled photon pairs are generated
under test for network implementation.
The unique, non-classical
QUANTUM when short pulses of light from a laser
source, provided for this research
properties of entangled photons are STATE DEFINED by Chromacity Ltd, pass through
used in applications including the crystal.
quantum key distribution, which A quantum state is simply something that encodes the The entangled photons,
makes uncrackable state of a system. The special thing about quantum states is which have half the energy of
communications between two that they allow the system to be in a few states their parent photon and
parties possible. simultaneously; this is called a "quantum superposition". which are perfectly
Methods of entangling A quantum state is a vector that contains all the information correlated in polarisation,
photons at shorter about a system. However, generally you can only extract some of are then sent towards a
wavelengths of between 700 that information from the quantum state. This is partly due to the specially designed super-
and 1550 nanometres are uncertainty principle and mostly just due to the nature of conducting nanowire
already well-established. quantum mechanics itself. n single-photon detector.
EngineerIT | April 2020 | 14You can also read
