Andrei Costin

Assistant Professor / Independent Security Researcher at University of Jyvaskyla Firmware.RE

BIOGRAPHY

Andrei Costin is an Assistant Professor at University of Jyvaskyla in Finland (JYU.FI). He is a Computer Science graduate of the Politehnica University of Bucharest where he did his thesis work in Biometrics and Image Processing, and obtained his PhD in France at EURECOM Institute. While starting out his IT-career in the Computer Games industry, he has worked in the Telecom field and also was a senior developer at a specialized firm programming various GSM/UMTS/GPS sub-systems. He is the author of the MiFare Classic Universal toolKit (MFCUK), the first publicly available (FOSS) card-only key cracking tool for the MiFare Classic RFID card family and is known as the “printer guy” for his “Hacking MFPs” and “Hacking PostScript” series of hacks & talks. Andrei delivered more than 40 presentations at top international security conferences, three of which at BlackHat venues. He was spotted security-harassing airplanes with ADS-B hacks (though no planes were harmed during the experiments), remotely hacking fireworks/demolition/pyrotechnic systems (though no fireworks show were spoiled and no buildings were demolished), and otherwise finding and disclosing vulnerabilities and exploits in IoT/embedded devices. He is passionate about security in a holistic fashion. Currently, Andrei is mostly busy developing cutting-edge security research for embedded systems both as part of his JYU.FI and Firmware.RE affiliations. He also trains new generations of cyber-security experts as part of his successful master program courses at University of Jyvaskyla.

IoT Malware: Comprehensive Survey, Analysis Framework and Case Studies

Computer malware in all its forms is nearly as old as the first PCs running commodity OSes, dating back at least 30 years. However, the number and the variety of “computing devices” dramatically increased during the last several years. Therefore, the focus of malware authors and operators slowly but steadily started shifting or expanding towards Internet of Things (IoT) malware. Unfortunately, at present there is no publicly available comprehensive study and methodology that collects, analyses, measures, and presents the (meta-)data related to IoT malware in a systematic and a holistic manner. In most cases, if not all, the resources on the topic are available as blog posts, sparse technical reports, or Systematization of Knowledge (SoK) papers deeply focused on a particular IoT malware strain (e.g., Mirai). Some other times those resources are already unavailable, or can become unavailable or restricted at any time. Moreover, many of such resources contain errors (e.g., wrong CVEs), omissions (e.g., hashes), limited perspectives (e.g., network behaviour only), or otherwise present incomplete or inaccurate analysis. Hence, all these factors leave unattended the main challenges of analysing, tracking, detecting, and defending against IoT malware in a systematic, effective and efficient way.

This work attempts to bridge this gap. We start with mostly manual collection, archival, meta-information extraction and cross-validation of more than 637 unique resources related to IoT malware families. These resources relate to 60 1 IoT malware families, and include 260 resources related to 48 unique vulnerabilities used in the disclosed or detected IoT malware attacks. We then use the extracted information to establish as accurately as possible the timeline of events related to each IoT malware family and relevant vulnerabilities, and to outline important insights and statistics. For example, our analysis shows that the mean and median CVSS scores of all analyzed vulnerabilities employed by the IoT malware families are quite modest yet: 6.9 and 7.1 for CVSSv2, and 7.5 and 7.5 for CVSSv3 respectively. Moreover, the public knowledge to defend against or prevent those vulnerabilities could have been used, on average, at least 90 days before the first malware samples were submitted for analysis. Finally, to help validate our work as well as to motivate its continuous growth and improvement by the research community, we open-source our datasets and release our IoT malware analysis framework and our IoT malware analysis framework.

Are you the next cyber security superstar?

If you are passionate about an information security topic or you have strong technical skills developing researches on your own, you should definitely Apply at Call for Papers. By submitting you will have the chance to showcase your work to +2000 attendees.

Other speakers joining this year

Octavian Guzu

CTF Enthusiast & ECSC Team Leader, Software Engineer Bitdefender

Mike Spicer

Consultant

SPEAKER INTERVIEW AVAILABLE

Stefan Zarinschi

Penetration Tester Specialist Siemens

Ready for this year's presentations?

By registering you will unlock access to 60+ speakers and two full days with cyber security news & showcases from worldwide leaders.

0
SPEAKERS
0
COUNTRIES
0
ATTENDEES
0
HACKING
COMPETITIONS
0
COMPANIES

Sponsors & Partners

They help us make this conference possible.

POWERED BY

Orange „brings you closer to what matters to you”.

This is our brand promise: to bring our clients closer to what’s essential to them and to keep them always connected and in touch with the latest technologies, by offering them the best and safest communication experience.

WWW.ORANGE.RO

PLATINUM PARTNERS

Ixia provides testing, visibility, security solutions, network testing tools and virtual network security solutions to strengthen applications across physical and virtual networks.

WWW.IXIACOM.COM

Secureworks provides threat intelligence-driven security solutions for organizations to prevent, detect, rapidly respond and predict cyberattacks.

WWW.SECUREWORKS.COM

GOLD PARTNERS
SILVER PARTNERS
GAMING PARTNER
VIP & SPEAKERS LOUNGE PARTNER
BRONZE PARTNERS
COMMUNITY & MEDIA PARTNERS