On April 24, 2017, RMU held a Research & Grants Expo highlighting a variety of faculty research and grant projects. All of the RMU campus was invited to attend this event. Dr. Karen Paullet presented the Mobile Forensics and Security Project, an NSF-funded grant. Dr. Paullet is the PI on the grant, along with Dr. Jamie Pinchot (Co-PI), Dr. Sushma Mishra (Co-PI), and Dr. Fred Kohun. Mobile security and forensics is an underrepresented area of study that is increasingly important in our current society. This research will advance knowledge in the field of mobile cybersecurity and mobile forensics through a train-the-trainer program for 50 faculty members from universities across the United States. Twenty-five faculty were trained in July 2016 and the remaining half will be trained this year. Dr. Paullet also highlighted a new online certificate offered by RMU in Mobile Forensics and Security (MFS). This certificate is now available and you can learn more about it here: Mobile Forensics and Security Certificate Program.
Robert Morris University’s Department of Computer and Information Systems is offering a new certification program: Mobile Forensics and Security. The program, which is offered both in-class and online, gives students hands-on experience with a variety of computer and mobile forensic tools. The program also teaches students about the legal procedures for computer and mobile forensic analysis. It also examines various techniques for preventing unauthorized attacks on mobile devices and computer networks.
The Mobile Forensics and Security Certificate has the following class requirements:
- Intro to Decision Support Systems (INFS 1020)
- Mobile Security Policy (INFS 3110)
- Intro to Computer Forensics (INFS 3120)
- Cyberlaw (INFS 3170)
- Digital Evidence Analysis (INFS 3190)
- Mobile Forensics (INFS 3191)
- IT Security, Control/Assurance (INFS 3222)
- Computer and Network Security (INFS 3235)
- Network Forensics, Intrusion Detection, and Response (INFS 4180)
Most of these classes are already requirements for students majoring in Cyber Forensics and Information Security. However, this certificate is available for anyone who is willing to take these courses.
The following brochure has more information about the certificate:
If you have any other questions, please contact Dr. Paullet at firstname.lastname@example.org.
In the past few weeks, there have been hundreds of fake retail and product applications in Apple’s App Store. The fake apps have pretended to be companies such as Dollar Tree, Foot Locker, Nordstrom, and Dillard’s. A company that tracks new shopping apps, Branding Brand, reported a large increase in these fake applications in the past few weeks.
The apps are being created to trick Black Friday shoppers into clicking them. Some apps seem to be harmless, just displaying pop-up ads whenever users click on them. Others, however, are dangerous because users can have their credit card information stolen if the app asks them to input it. Also, some of the apps can contain malware that can steal personal information and even lock the victim’s phone.
The fake apps came from developers in China; they were somehow able to get past Apple’s review process for new apps. Apple’s app screening process is less strict than Android’s; Apple focuses more on blocking malicious software and does not routinely examine the thousands of new apps that are sent to them everyday. It is important for brands and companies themselves to search for and report these fake apps, similar to how they search for and report fake websites. Last week, however, Apple did remove hundreds of fake apps after an article was published about the apps. A spokesperson for Apple claims that they have set up ways for customers to report fake apps. In September, Apple started to look through their two million apps to remove fake and unnecessary ones. Despite this, new fake apps continue to appear.
A recent example of a fake app was one called Overstock Inc. – apparently named to let customers believe that it was the real company app for Overstock.com. The developer of the app is the Chinese company Cloaker Apps. The CEO of Cloaker, Jack Lin, claims that the company only provides the back-end technology for the apps; they do not investigate their clients. However, not even Cloaker is what it seems; the company’s website states that its headquarters is in the middle of Facebook’s campus in Menlo Park, California. When Jack Lin was first interviewed, he claimed that the company only had offices in China and Japan. When asked about the office in California, he claimed to have “tens of employees” there.
China is, by far, the biggest source of fake applications. Many of the fake apps have red flags to show that they are not real, including: nonsensical menus in broken English, no reviews, and no history of previous versions of the app. So far, thousands of individuals have apparently fallen prey to the newest fake apps. However, in most cases, no serious problems have occurred. The fake apps usually target companies either with no apps or multiple apps. Some have even used Apple’s paid search ads to put their fake apps at the top of the search results.
Fake apps on Apple are a new problem, occurring more commonly in the past few months. However, with Black Friday soon approaching, it is important to remember to check the applications that you are planning to download. Also, if possible, try to use alternative methods to applications that ask for banking or personal information. For example, try to use the company’s website on your laptop or computer; also, remember to check the security on the website itself. Criminals are obviously going to take advantage of whatever situation becomes available to them. Therefore, you should always be careful of what you click or download on your phone or computer.
Article Link: Beware, iPhone Users
The Top Secret Colonials will be hosting a 12-hour gaming marathon event on campus on Saturday, November 12th. The event will take place from 11am to 11pm in the Ferris Ballroom in Yorktown.
The event is Bring Your Own Equipment: screens, servers, consoles, etc. TSC will provide necessary power and Ethernet connections.
The cost to attend the event is $5. All proceeds will be donated to Children’s Miracle Network hospitals. SET Credit will also be given for attendance. Food and drink will be provided.
Email John Weingartner at email@example.com if you have any questions about the event.
A few weeks ago, I submitted a post about cybersecurity in the automotive industry, specifically about Volkswagen’s foray into invested into cybersecurity for automotive computers. Earlier today, the U.S. National Highway Traffic Safety Administration (NHTSA) suggested that automakers should “make shielding the electronic and computer systems of vehicles from hackers a priority, developing layers of protection that can secure a vehicle throughout its life.” These are not enforceable rules, but strong suggestions from one of the government institutions that are partially responsible for the creation of future regulations that will more strictly govern the automotive industry as a whole.
The NHTSA poses many potential security upgrades in their proposal, entitled “Cybersecurity Best Practices for Modern Vehicle.” Some of these suggestions are moves that manufacturers, like Volkswagen, are already putting into place. Most of the proposals made in the proposal are becoming standard operating procedure for automotive companies, while other suggestions are less likely to be taken into consideration. One proposal in question relates to the disclosure of proprietary information about critical components of electrical and data systems within vehicles. Jonathan Allen, acting executive director of the Automotive Information Sharing and Analysis Center, explained in an interview that this section of the industry is incredibly competitive and that companies will probably avoid disclosing this information until they are required to.
As I mentioned in my last post, the threat of automotive hacking, while still extremely small, is becoming an increasing threat. As companies begin to offer significant vehicle upgrades through wireless data links, much the same as Tesla has been over the past few years, the need for secure connections will continue to grow. Massachusetts Senator Ed Markey agrees with this sentiment and stated in an interview today that “if modern day cars are computers on wheels, we need mandatory standards, not voluntary guidance, to ensure that our vehicles cannot be hacked and lives and information put in danger.” I couldn’t agree more with this sentiment. As technology continues to impact our lives in increasingly different ways, the need for knowledgeable cyber security experts will continue to grow.
Unless you’ve somehow been able to avoid social media and the news over the past few weeks, there’s a good chance that you’ve heard about the two hottest (literally and figuratively) pieces of recent tech news. I, of course, am referring to the announcement of the iPhone 7/7s and the spontaneous combustion of Samsung Galaxy Note 7 batteries. I won’t waste your time by touching on my opinion of the new iPhone in this article but will instead give you a summary of what is going wrong with the Note 7’s.
When I first heard about the exploding Note 7 batteries, my immediate reaction was along the lines of “just like those hoverboards!” I’m sure we all remember the emails from last year informing students that they were no longer allowed to ride or even store hoverboards on campus grounds. It turns out that the Note 7’s are having the same exact issue as some of the cheaper hoverboard models did.
Much like hoverboards, cell phones utilize lithium ion battery packs as their primary power source. The science behind lithium ion battery packs is fairly simple and has been around for many years. Issues arise when the thin piece of plastic separating the positive and negative ends of the battery becomes punctured. This forces the battery to short circuit and, in turn, forces the point where the separating plastic was ruptured to become the path of least resistance for the electrical current. When this happens, the liquid electrolyte, which makes up most of the battery internals and also happens to be very flammable, heats up. If the electrolyte solution heats up too quickly, it can cause the phone to heat up to an extreme temperature or even explode in rare cases.
As I mentioned before, the Note 7 is by no means the first phone to encounter this issue. The reason that it is affecting Note 7’s in particular is because of too much external pressure during the manufacturing process. The pressure plates used during the manufacturing process squeezed the battery too tightly and forced the positive and negative poles of the battery to come into contact. These poles can only come into contact if the piece of separating plastic is punctured, thus creating the path of least resistance directly between the two poles.
The phone industry is well aware of the potential risks that lithium ion battery packs can cause but most likely will not move away from the use of the packs until a better (affordable) technology comes along. Frankly, the lithium ion route is cheap and relatively safe, so advancement in terms of power supply will only happen when alternatives can be produced cheaply. Samsung is not the only company to have had issues with lithium ion battery technology. Nokia and Apple have both had issues with dangerous batteries in the past (in 2004 and 2009 respectively).
The risk of your battery exploding is very small but it is better to be safe than sorry. Independent analysis states that less than 1,000 of the 2.5 million Galaxy Note 7’s (.01%) that were previously manufactured have experienced issues. Samsung is offering refunds to users who have purchased the faulty Galaxy Note 7’s and has already switched battery suppliers. If you happen to have a Galaxy Note 7, it is within your best interest to return the phone as soon as possible to eliminate potential risk. You will either receive a full refund or you can trade it in for a different Samsung smartphone.
Everyone is cordially invited to the 10th Annual Intersections Undergraduate Research Conference on Friday, April 22, from 11:45am – 5:00pm in Sewall 3rd Floor.
This is going to be an great event. RMU students are doing some incredible work. Over 100 students will be participating, with 14 panels and 19 poster presentations. The schedule for the conference is here: http://honors.rmu.edu/urc/program
There will also be one presentation from the CIS department: “Mobile Security Threats: How Safe Is Our Data?”. This will be presented by John Weingartner, Sarah Pfabe, Jayson Phouthavong, Aaron Steinberg, and Brandon Adams. They will present in the Pennsylvania Suite from 4:00-4:45pm.