As WikiLeaks allegedly revealed thousands of pages about US Intelligence agencies’ cyber-espionage capabilities, and as hackers continue to broaden their avenues of attack, one of the vulnerabilities revealed was smart TVs. However, Prof. Ofer Hadar (pictured left), Chair of BGU's Department of Communication Systems Engineering warns that the threat is actually much greater.
“Any video or picture downloaded or streamed by a user is a potential vehicle for a cyber-attack. What’s more, hackers like videos and pictures because they bypass the regular data transfer systems of even secure systems and there is a lot of space to implant malicious code,” says Hadar.
Video and picture downloads and video streaming account for 50% of Internet traffic today and are expected to rise to 67% of web traffic by 2020.
Hadar has developed a multi-vector series of algorithms that would completely prevent attackers from being able to utilize videos or pictures.
“Our methods are based on steganography (the practice of concealing a file, message, image, or video within another file, message, image, or video) in the compressed domain. They can be implemented without decreasing runtime and with minimum impact on the image. Preliminary experimental results show that a method based on a combination of our techniques results in 100% protection against cyber-attacks,” asserts Hadar.
He has dubbed it The Coucou Project and received significant funding from the Cyber Security Research Center at BGU, a joint initiative of BGU and the Israeli National Cyber Bureau, to develop his protective solution. In addition, the BaseCamp Innovation Center at the Advanced Technologies Park adjacent to BGU is interested in developing the platform into a commercial company.
Hadar’s Coucou Project assumes two potential attack scenarios, both of which assume that basic malware has been planted on the victim's servers/hosts by means of social engineering or other types of vulnerability exploitation; from there, the malware gathers classified information from the victim's data center. In the first case, once the user uploads an image or a video to a social network, the malware embeds the classified information into the uploaded content (making it accessible to the attacker), and then the attacker can download the infected content and extract the classified information. In the second scenario, the attacker uploads infected content to a social network or any other server and the malware extracts the shell code and executes it.
“When considering future applications of the Coucou product, we envision covert channel and protection applications and anticipate that the technique will be used by Firewall and antivirus companies,” adds Hadar.