The Solution to Solving Security Vulnerabilities in all Devices and Protocols – Educating Developers Not to Release a Product until Thoroughly Tested
The solution to solving security vulnerabilities in all devices and protocols lies in the proper education of developers, who should be taught not to release a product until it has been thoroughly tested.
This is what was said by Professor Eli Biham at the Seminar Day on Cyber & Information Security, held this week at the Technion. The seminar was organized by Professor Biham, Dr. Sara Bitan and the Technion Computer Engineering Center (TCE), which was founded jointly by the Faculty of Computer Science and the Faculty of Electrical Engineering.
Ohad Bobrov from Lacoon Security said at the seminar that it is very easy to plan a security breach for the purposes of spying on a particular person through any mobile device. "One in a thousand mobile devices contains a dedicated spyware. The problem is that manufacturers are aware of the loopholes, but it takes them a long time to respond," he emphasized.
According to Professor Biham, the problem is not connected just to the ability of hackers to break into computers and mobile devices, but to the vulnerabilities that make it possible. "There is a significant problem in the education of programmers around the world; institutions are less concerned about enlightening individuals studying to be programmers about all of the attacks that the software they are learning to develop may suffer from. All those trying to meet product release deadlines almost always sidestep security. The problem is that customers don't care either, and are willing to buy these products even if it isn't secure, whether in the mobile market, the PC market and any other product."
"Only after consumers start refusing to buy products that haven't undergone testing for security aspects will any type of modification be made to programming education," added Professor Biham. "I have yet to see a person who is ready to go to the post office and buy a transparent envelope at half the price, with which to send his/her secret mail. But when it comes to telephones or computers, no one asks if it's see-through."
As for the timing of the conference, at a date when massive attacks are plotted and carried out on servers all around Israel, Professor Biham stated that these types of security attacks are ongoing occurrences, usually not planned for any particular date. "Today we are getting ready for DOS attacks (Denial of Service)," he explained. "This kind of attack only succeeds if numerous requests are sent to a server simultaneously, and therefore, they are usually more coordinated than other kinds of attacks. Many have suggested that we shutdown servers on this day, and my answer to this is that this is precisely the hackers' intensions – that we shutdown our servers, why should we help them accomplish their goals?"
During the first session of the seminar, Professor Orna Grumberg from the Technion's Faculty of Computer Science presented a system she developed along with Dr. Gabi Nakibly – an algorithm capable of automatically routing out security breaches in OSPF network traffic protocols, which determines the data routes sent from computer to computer. An OSPF protocol studies the network structure in order to know how to transmit packets, and it is impossible to run a network without such a protocol. Until now, the only way of tracking breaches was by employing experts who examined the protocols manually. The algorithm successfully simulated a security breach event that amazed scientists.
Ohad Bobrov, co-founder of Lacoon Security, demonstrated how easy it is to download data from a network by simple and common means: how to hack into any phone, view a list of contacts, listen to a microphone, turn on the camera, and anything else that comes to the mind of the hacker.
"The examples were astounding. I always knew that it was awfully easy to break into any mobile device, but today I was amazed to see just how easy it is," concluded Professor Biham.
In the photo: Professor Eli Biham at the Seminar Day on Cyber & Information Security.
Photographed by: Shiatzo Photography Services, the Technion's Spokesperson's Office