Friday February 28, 2020
Home Lead Story Hackers Can C...

Hackers Can Cause Serious Attacks On E-Bikes For Eavesdropping, Says Study

Someone with malicious intent could eavesdrop on these wireless channels and listen to data exchanges between the scooter and riders' smartphone app

0
//
Hackers
Vendors of Micromobility vehicles can also suffer denial-of-service (DoS) attacks and data leaks by hackers, said researchers from University of Texas at San Antonio. Pixabay

As governments including in India plan more e-bikes on roads to help tackle traffic congestion, like any Internet-connected device, hackers can cause a series of attacks in e-scooters, including eavesdropping on users and even spoof GPS systems to direct riders to unintended locations, warn researchers including some of Indian-origin.

Vendors of Micromobility vehicles can also suffer denial-of-service (DoS) attacks and data leaks, said researchers from University of Texas at San Antonio.

“We have identified and outlined a variety of weak points or attack surfaces in the current ride-sharing, or micromobility, ecosystem that could potentially be exploited by malicious adversaries right from inferring the riders’ private data to causing economic losses to service providers and remotely controlling the vehicles’ behaviour and operation,” said Jadliwala.

The micromobility e-scooter analysis was conducted by Jadliwala alongside graduate students Nisha Vinayaga-Sureshkanth, Raveen Wijewickrama and post-doctoral fellow Anindya Maiti.

The global e-Bike market is projected to grow at a CAGR of 9.01 per cent to reach $38.6 billion by 2025 from an estimated $21.1 billion in 2018, according to marketsandmarkets research firm. Computer science experts at the university have published the first review of the security and privacy risks posed by e-scooters and their related software services and applications.

According to the review, to appear in the proceedings of the 2nd ACM Workshop on Automotive and Aerial Vehicle Security (AutoSec 2020), hackers can cause a series of attacks. Some e-scooter models communicate with the rider’s smartphone over a Bluetooth Low Energy channel.

Someone with malicious intent could eavesdrop on these wireless channels and listen to data exchanges between the scooter and riders’ smartphone app by means of easily and cheaply accessible hardware and software tools such as Ubertooth and WireShark.

Those who sign up to use e-scooters also offer up a great deal of personal and sensitive data beyond just billing information.According to the study, providers automatically collect other analytics, such as location and individual vehicle information.

Hackers
As governments including in India plan more e-bikes on roads to help tackle traffic congestion, like any Internet-connected device, hackers can cause a series of attacks in e-scooters, including eavesdropping on users and even spoof GPS systems to direct riders to unintended locations. Pixabay

This data can be pieced together to generate an individual profile that can even include a rider’s preferred route, personal interests, and home and work locations.”Cities are experiencing explosive population growth. Micromobility promises to transport people in a more sustainable, faster and economical fashion,” said Jadliwala.

ALSO READ: TikTok and DSCI Comes Together To Unveil Interactive Quiz on Online Privacy

To ensure that this industry stays viable, companies should think not only about rider and pedestrian safety but also how to protect consumers and themselves from significant cybersecurity and privacy threats enabled by this new technology,” the authors noted. (IANS)

Next Story

This new Defence Tool May Help Fool Hackers

The approach aims to solve a major challenge to using artificial intelligence (AI) for cybersecurity

0
Cybersecurity
The approach aims to solve a major challenge to using artificial intelligence (AI) for cybersecurity: a shortage of data needed to train computers to detect intruders. Pixabay

Instead of blocking hackers, the researchers have created a new cybersecurity defence approach, which involves setting traps for hackers.

The method, called DEEP-Dig (DEcEPtion DIGging), ushers intruders into a decoy site so the computer can learn from hackers’ tactics. The information is then used to train the computer to recognise and stop future attacks. DEEP-Dig advances a rapidly growing cybersecurity field known as deception technology, which involves setting traps for hackers.

“There are criminals trying to attack our networks all the time, and normally we view that as a negative thing, instead of blocking them, maybe what we could be doing is viewing these attackers as a source of free labour,” said study researcher Kevin Hamlen from University of Texas in Dallas, US. “They’re providing us data about what malicious attacks look like. It’s a free source of highly prised data,” Hamlen added.

The approach aims to solve a major challenge to using artificial intelligence (AI) for cybersecurity: a shortage of data needed to train computers to detect intruders. The lack of data is due to privacy concerns. Better data will mean better ability to detect attacks, the researchers said.

“We’re using the data from hackers to train the machine to identify an attack, we’re using deception to get better data,” said study researcher Gbadebo Ayoade. Hackers typically begin with their simplest tricks and then use increasingly sophisticated tactics, the researchers said.

But most cyberdefense programmes try to disrupt intruders before anyone can monitor the intruders’ techniques. DEEP-Dig will give researchers a window into hackers’ methods as they enter a decoy site stocked with disinformation.

The decoy site looks legitimate to intruders and attackers will feel they’re successful, said study researcher Latifur Khan. As hackers’ tactics change, DEEP-Dig could help cybersecurity defence systems keep up with their new tricks.

Hackers
Instead of blocking hackers, the researchers have created a new cybersecurity defence approach, which involves setting traps for hackers. Pixabay

According to the researchers, while DEEP-Dig aims to outsmart hackers, it might be possible that hackers could have the last laugh if they realise they have entered a decoy site and try to deceive the programme.

“So far, we’ve found this doesn’t work. When an attacker tries to play along, the defence system just learns how hackers try to hide their tracks, it’s an all-win situation — for us, that is,” Hamlen said.

ALSO READ: Lenovo Retains its Dominance Over Tablet Market in India With 37% Market Share

The study was presented at the annual Computer Security Applications Conference in December in Puerto Rico. (IANS)