NEW: Stitcher framework designed by Yee Ching featured and discussed in Forensic Focus. Great work Yee Ching!!!!
NEW: We are organizing SIMLA 2021 Workshop (Security in Machine Learning and its Applications) affiliated with ACNS 2021. If you are working in the area of AI safety and security or application of AI in security, then consider submitting a paper.
NEW: Medtronic acknowledges our SweynTooth work by including involved ASSET group members in their outstanding research contributor page. Many thanks to CSA, Singapore for acknowledging our research effort on discovering Sweyntooth.
NEW: We provide a tutorial on IoT protocol vulnerabilities at Cybersecurity R&D Workshop 2020 held as part of the Singapore International Cyber Week 2020. Watch the Day 2 video (our tutorial starts at 2:26:28).
The details of the second wave of SweynTooth vulnerabilities (CVE-2020-10061, CVE-2020-10069, CVE-2020-13593, CVE-2020-13594, CVE-2020-13595) diclosed today. Affected vendors include (but not limited to, as we do not track all vendors) Espressif Systems, Texas Instruments, Microchip and Zephyr Project. Have fun.
United States Department of Homeland Security and USA Food and Drug Administration raise SweynTooth alert to make everyone aware of this critical BLE implementation vulnerability. Read the ICS Alert and the FDA Safety Communication. The respective alerts by Cyber Security Agency, Singapore and Health Sciences Authority, Singapore can be found in SingCERT Alert and HSA Safety Communication. It is a wake up call for all BLE SoC vendors and IoT product manufacturers.
SweynTooth and ASSET group featured in WIRED (top technology journal in the world) and 30+ news articles (and also podcasts) in English as well as in Non-English languages all over the world. I am glad to say that the work is almost single handedly pulled off by a first-year PhD student Matheus Eduardo in the ASSET group.
Today we release SweynTooth, a family of 12 new Bluetooth implementation vulnerabilities (more coming) affecting major system-on-chip (SoC) vendors such as NXP, Cypress, Texas Instruments, Dialog, Telink, ST Microelectronics and Microchip (the list is not exhaustive) and potentially affecting more than 480 IoT products already in market (most of them unpatched). SweynTooth reveals the terrible state of Bluetooth certification process. Read the description to know what the vulnerabilities are, how they can be exploited and why we name them SweynTooth. Feel free to reach us at sweyntooth@gmail.com for any question and clarification.
12 new CVEs assigned to show how to cause havoc in wireless systems (currently undisclosed for confidentiality). The vulnerabilities affect millions of wireless products being used. If you are in a "smart" nation, then you are almost certainly at risk (we are currently in the 90-day responsible disclosure window). Watch this space on 9th February, 2020 when we disclose the exploits and the details.
NEW:
Yee Ching wins the Cybersecurity award
in the professional category organised by the Association of Information Security Professionals (AiSP) and supported
by Cyber Security Agency (CSA). He is also featured in the
News today.
Well done and congratulations Yee Ching!! We are proud to have you here.
NEW:
Chundong Wang from our group will join
as a tenure-track Assistant Professor at the
ShanghaiTech University from early 2020.
Chundong was one of the first members to join our group and he has made extremely valuable
contributions to the ASSET group research. While we will certainly miss Chundong, at the same
time, we are extremely proud of his achievements and will look forward to his research
as he moves on to the next level of his career.
Congratulations Chundong!!
NEW: Detailed descriptions of the CVEs discovered through our work on over-the-air fuzzing released now. Please check them out here (News coverage: Packt, Hacker News, HackaDay, medium): CVE-2019-12586, CVE-2019-12587 and CVE-2019-12588. Follow the discussions at Hacker News or HackaDay and use the proof-of-concept code from here to have fun.
Quoting a user from Hacker News: "It [ESP8266] is a Wi-Fi enabled microcontroller locally designed and produced
in china with a "100 million units sold" target. It is widely used by the makers community and by many new
"smart" products. I would say that this has a really large scale impact and a lot of people will need to
update the firmware".
Get back to us if you have further queries.
NEW: Several post-doctoral positions open in all software security projects. Background in any of the following areas are welcome to apply: Software Security, Software Verification and Testing, Embedded Systems, Machine Learning, Formal Methods, Wireless Network. Take a look at our projects and publications for details and contact me directly with your CV if interested.
NEW: (This position is filled up) One research assistant position (Bachelor or Masters degree holder) is open for the IoT Wireless Security project. Candidates with interest in any of the areas are welcome to apply: Networking, Systems Security and Software Engineering. Strong programming skills are expected. Contact me directly with your CV.
NEW:
We are looking for two PhD students to work on Safety and Security for Artificial Intelligence and Machine
Learning.
The student must hold a Singapore Citizenship
or Permanent Residency. The position offers attractive scholarship and a collaboration with Industry Partner
OneConnect Financial.
For details about the scholarship and the offer,
interested candidates can email Sudipta Chattopadhyay with your résumé
with the subject "PhD AI/ML Security position".
We look forward to your applications!!
Our work on over-the-air fuzzing is tested today on a real car: Toyota Altis 2016 version
and automatically discovered KRACK
together with other anomalous behaviour in the Wi-Fi implementation. If you are using the same
car, then you MUST update the firmware (if you haven't done so already).
Great work Matheus!!
Yee Ching is awarded a bug bounty of
200USD by
Crypto.com for finding vulnerabilities in
Crypto.com’s payments and cryptocurrency platform
(undisclosed for confidentiality).
Congratulations Yee Ching!!
Three CVEs assigned for finding critical security vulnerabilities in popular
wireless devices (currently undisclosed for confidentiality) through our work on
over-the-air fuzzing.
CVE-2019-12586,
CVE-2019-12587 and
CVE-2019-12588 .
We also win a bug bounty (USD 2200) for discovering the security vulnerabilities.
Congratulations Matheus!!
We are looking for two PhD students to work on Safety and Security for Artificial Intelligence and Machine
Learning.
The student must hold a Singapore Citizenship
or Permanent Residency. The position offers attractive scholarship and a collaboration with Industry Partner
OneConnect Financial.
For details about the scholarship and the offer,
interested candidates can email Sudipta Chattopadhyay with your résumé
with the subject "PhD AI/ML Security position".
CHALICE: Quantifying the Information Leakage in Cache Attacks via Symbolic Execution accepted to appear in ACM Transactions on Embedded Computing Systems (TECS). CHALICE formally quantifies the information leakage from execution for a wide variety of cache attacks, including the one used in Spectre like attacks.
ASSET research group members served in the organization of IEEE/IFIP VLSI-SoC 2018 (Michele, registration chair), XXXIII Conference on Design of Circuits and Integrated Systems (DCIS) 2018 (Michele, TPC), DATE 2019 (Michele, TPC), 7th IEEE Non-Volatile Memory Systems and Applications Symposium (NVMSA) 2018 (Chundong, TPC), CPSS 2018 (Sudipta, TPC), RTSS 2018 (Sudipta, TPC), RTAS 2019 (Sudipta, TPC), ASP-DAC 2019 (Sudipta, TPC), ISEC 2019 (Sudipta, TPC), DISSECT 2019 (Sudipta, TPC).
We're looking for highly motivated undergraduate researchers to work on AI/ML Testing and Verification. If you're interested, please drop an email to Sudipta Chattopadhyay with your résumé with the subject "Undergraduate AI/ML position".
We're looking for highly motivated undergraduate researchers to work on analyzing and defending against Timing-channel attacks such as Spectre. If you're interested, please drop an email to Sudipta Chattopadhyay with your résumé with the subject "Undergraduate Timing-channel position".
We're looking for highly motivated post-doctoral researchers to work on analyzing and defending against Timing-channel attacks such as Spectre. If you're interested, please drop an email to Sudipta Chattopadhyay with your résumé and a short research statement with the subject "Postdoc Timing-channel position".
We have proposed oo7 - a low-overhead (below 2%) defense against Spectre attacks based on binary analysis. Our proposed approach is now available in arxiv.1807.05843. To try oo7, send a request here.