It is important to know that the devices we use do not contain known vulnerabilities. Failing to catch these issues can result in easily fixable problems that expose organisations or services to cyberattack, leak citizens’ data, or otherwise undermine a secure and stable society.
Traditionally, checking all the various connected devices we use is done manually, requiring both a high level of expertise and a great deal of time.
Dr Flavio Garcia and Dr Tom Chothia in the University’s Security and Privacy group, are working on developing techniques and tools to automate this process, with the aim that any IT team can have access to a thorough set of analytical tools.
One area that is prone to vulnerabilities in the implementation of connected devices is the wifi protocols. This includes the WPA and WPA2 protocols used to secure wireless network connections, and the TLS protocol used to connect devices, apps and cloud services. Added to this is the range of ad hoc protocols used by the increasing number of companies creating Internet-of-Things devices.
Another layer of our technologies that requires monitoring and analysis is the firmware on embedded and connected devices. Whether by malicious intent, rushed development or issues with third-party libraries, it is essential to know that your own device is not undermining your security or privacy. This is important not only to the companies who produce the technology, but organisations who may not know the supply chain of their devices.
Removing intentional or accidental vulnerabilities in an automated way can help prevent botnets, data theft and other modes of attack, and ensure the integrity of digital communication for organisations the world over.