Monday, October 7, 2024

Additional PenTest Services!

  

Within the last few years, businesses have increased their AI usage in the number and depth of applications. These are seen in banking, insurance, e-commerce, real estate, health care, ed tech, and other use cases. Gone are the days with simple response chatbots of years ago with exceptionally simplistic responses (e.g., “Yes”, “No”, or “Call your local branch”). Businesses actively deploy rule-based chatbots, generative AI chatbots, and LLMs capable of completely understanding the conversation’s context and creating dynamic, distinct responses to each query, simulating human language. These can be difficult to differentiate from humans communicating.

            The exponential increased usage has also brought an increase in the types and level of risk. A few of the associated risks with this are data privacy and leakage, adversary attacks, insecure plugins, vulnerable APIs, scalability, and supply chain.

            These risks, if not pro-actively addressed, could provide you with financial and legal liability, loss of market share, and the business being in the news. To mitigate these and make the unknown known, pentesting your AI chatbot and LLMs is warranted and prudent.

            Miel Cybersecurity has the dedicated, trained staff ready to fulfill the need. Our testing platform is unique and different from others. Miel Cybersecurity’s proprietary AI testing platform has modified the standard testing protocols, and included tests based on current guidance from industry, federal government, international regulations, and other entities. In addition, we have analyzed in detail the processes and functions within the AI tools to build out additional testing.

            The abundance of tests based on guidance from industry known and respected sources, statutes, regulations, and over a decade of experience provides you with the detail-oriented deliverables you need. These are robust and technologically advanced to ensure your AI environment is secure, dependable, and exceeds your cybersecurity requirements, internally and externally.

            Call or email with any questions and to schedule a meeting.

  

Miel Cybersecurity
Services 

Enterprise and Embedded System Cybersecurity Engineering & Architecture


AI PenTesting (ChatBots, LLMs, & Apps)

Red Team Product Pentesting   |   HW & SW BoMs  |   CBoM  | 

Vulnerability Management   |   Tabletop Exercises (TTX)   | 

Embedded Systems Architecture   |   Threat Intelligence   | 

 

TARA (Threat Assessment and Remediation Analysis) |

 

Supply Chain Cybersecurity Review | Reverse Engineering

 


Sunday, March 24, 2024

Autonomous Vehicles (AVs) have a Substantial Attack Surface

 This is a fantastic age to live in. We have vehicles that notify us when another vehicle is near us, when we’re too close to the vehicle in front of us or the side of the road, when we are sliding inadvertently into the next lane, and log our activities. This is a massive step from the vehicles of 10-15 years ago. The sensors installed within the vehicle offer cutting edge technology for the driver. These also have improved safety for the occupants along with others on the roadmap. Have pentested an AV, I can attest this is a delight.

While I sing the praise of the AVs, there are issues. This has potential threats to the AVs due to the platform, sensors, and OS. These are all new attack surfaces and vulnerabilities. If exploited, these provide an opportunity for disaster. The new threats come from various sources. These new machines, as they are heavily dependent on software, are open to remote attacks. If successful, modules could be compromised. Depending on which one is targeted and breached, there are varying levels of criticality. For instance, steering or brake ECUs are relatively serious.

Data is the new gold and oil. This is especially the case with vehicles. Each collects a mass amount of data from general operations and the sensors. The data may be used in multiple scenarios.

While sensors have improved vehicle operations and safety, there are potential issues here also. The sensors could be spoofed, providing false data to the vehicle and data processing. The fake data could provide a false set of data for the surroundings. This could lead the vehicle on the wrong path.

While this could provide for issues, there are preventive measures to the taken. The software may be hardened, making these more robust. Patching is also pertinent. This occurring regularly limits the attack surface. Encryption should be used with vehicles data and communication. This limits the weak points which are targets.

  

Services 

Enterprise and Embedded System Cybersecurity Engineering & Architecture


Red Team Product Pentesting   |   HW & SW BoMs  |   CBoM  | 

Vulnerability Management   |   Tabletop Exercises (TTX)   | 

Embedded Systems Architecture   |   Threat Intelligence   | 

TARA (Threat Assessment and Remediation Analysis) |

Supply Chain Cybersecurity Review 

Reverse Engineering


 charles.parker@mielcybersecurity.net 810-701-5511


Medical Device Connectivity

 

With our new technology advancing so rapidly on different fronts, the nuances in applications are growing. One of these is connectivity. Most of the public is aware of connectivity in vehicles. We see this as we’re driving with the infotainment system, making calls, or following a map. This is not by far the only industry embracing connectivity.

Another is the medical device field. Globally, this is estimated to triple its value by 2028. This may take the form of home health monitors, or cardiac monitors reporting data to the backend or receiving updates.

There are several factors driving this massive increase. One of these includes telehealth. Our population has endured much through the pandemic and post-pandemic. This has shaped how we shop, gather information, and utilize healthcare. The need and want for home healthcare has assisted in the growth. If the patients didn’t want it, there wouldn’t be the need or market for this. Related to this is remote patient monitoring. This may involve cardiac or other monitoring. This advance allows the patient to stay in their home while the device collects the data and uploads it to the doctor or other device.

While this works great for the patient and doctor, this also adds to the attack surface and provides another point to test. This is another area to secure, test, and maintain through the SDLC. 

Services 

Enterprise and Embedded System Cybersecurity Engineering & Architecture


Red Team Product Pentesting   |   HW & SW BoMs  |   CBoM  | 

Vulnerability Management   |   Tabletop Exercises (TTX)   | 

Embedded Systems Architecture   |   Threat Intelligence   | 

TARA (Threat Assessment and Remediation Analysis) |

Supply Chain Cybersecurity Review 

Reverse Engineering


 charles.parker@mielcybersecurity.net 810-701-5511


New International Medical Device Standard

 With standards, regulations, statutes, etc., many feel this is a speedbump for their product. In the interest of the field, industry patient safety, and security these are a great idea. Without these in place, medical device cybersecurity could become like the Weld West with every entity doing their own thing, not following any guidance.

The FDA has recognized three new standards focused on medical device software security. These cover the total product lifecycle of medical device cybersecurity, data logging, software use, and reasonable software testing.

The first noted standard was ANSI/AAMI 2700-2-1. This standard is focused on medical device software’s safe usage in the integrated clinical environment (ICE). The specific usage is for data loggers to appropriately collect data in these systems. This includes the recording, data, storage, and playback for the data. The data usage would be for safety, quality assurance, and forensic analysis.

The second standard was ANSI/AAMI SW96:2023, which provides guidance on methods to manage security risks. Medical devices present a unique security risk. The standard addresses several security areas to identify threats and vulnerabilities and the controls to put in place to mitigate these.

Lastly ISO IEC IEEE 29119-1 provides guidance on germane topics in the field including software.

These standards provide additional guidance and a framework to further the safety and security for the products. By adding these into our security tools, the attack surface is decreasing, and potential attacks are mitigated.

 Services 

Enterprise and Embedded System Cybersecurity Engineering & Architecture


Red Team Product Pentesting   |   HW & SW BoMs  |   CBoM  | 

Vulnerability Management   |   Tabletop Exercises (TTX)   | 

Embedded Systems Architecture   |   Threat Intelligence   | 

TARA (Threat Assessment and Remediation Analysis) |

Supply Chain Cybersecurity Review 

Reverse Engineering


 charles.parker@mielcybersecurity.net 810-701-5511


IoT Devices Need Cybersecurity Attention

 IoT devices have evolved and expanded into commercial, and consumer uses. These appear throughout people’s homes with refrigerators, ovens, thermostat, light bulbs, and many other pieces of equipment.

Smart thermostats have become more prevalent in residences in the last few years. These are a nice addition in that these are trained to learn your optimal temperature, when you on average are in the house, and other useful assists.

While these have beneficial aspects with this, let’s not forget about detriments. When smart thermostats have not included cybersecurity through their dev cycle and SDLC, you can be answering many questions from clients, federal agencies, and other interested persons and stakeholders when something goes wrong (i.e., a significant compromise).

Recently two models for smart thermostats have been noted to have multiple security vulnerabilities. When successfully exploited, the bad actors would be executing the code they wanted on the device. The device could be weaponized with modified or rogue firmware.

The vulnerability allows an unauthenticated connection from a local network. The attack point is the WIFI microcontroller. This acts as a network gateway. This has been corrected, but only after the vulnerability had been known and open. This emphasizes the need for cybersecurity to be applied through the dev cycle, with security being at each gate. This also requires staff being comfortable in working with embedded systems, and all the nuances associated with these. Embedded systems require a different set of skills, different than the traditional IT.


Services 

Enterprise and Embedded System Cybersecurity Engineering & Architecture


Red Team Product Pentesting   |   HW & SW BoMs  |   CBoM  | 

Vulnerability Management   |   Tabletop Exercises (TTX)   | 

Embedded Systems Architecture   |   Threat Intelligence   | 

TARA (Threat Assessment and Remediation Analysis) |

Supply Chain Cybersecurity Review 

Reverse Engineering


 charles.parker@mielcybersecurity.net 810-701-5511


 

Standards Assist with Medical Device Cybersecurity

 The technology expansion is pushing the options for medical device connectivity. The options and configurations used to be relatively limited. Connectivity continues to grow in its different forms. While this is great for the industry, doctors, and patients, applied cybersecurity also needs to be addressed in every step of the way.

These connected devices connect to the network using Bluetooth, BLE, or WIFI for communications. If configured correctly and cybersecurity being incorporated throughout the process, generally this should work well. To assist with this and provide guidance there are standards for medical devices (e.g., IEC 62304, ISO 14971, and FDA guidance). These provide directed guidance. The key though is documentation. The documents need to show not only you have secured these standards but have implemented them. Part of the plan and implementation includes the product’s risk analysis. I mention this specifically is the risk analysis or TARA is the bedrock for risk analysis. When thorough this will show the vulnerabilities, which need to be addressed. This system’s review will build a solid cybersecurity plan and product for your customers.

 Services 

Enterprise and Embedded System Cybersecurity Engineering & Architecture


Red Team Product Pentesting   |   HW & SW BoMs  |   CBoM  | 

Vulnerability Management   |   Tabletop Exercises (TTX)   | 

Embedded Systems Architecture   |   Threat Intelligence   | 

TARA (Threat Assessment and Remediation Analysis) |

Supply Chain Cybersecurity Review 

Reverse Engineering


 charles.parker@mielcybersecurity.net 810-701-5511



Chicago Children's Hospital Targeted

 

There’s been a lot written about medical facilities being targeted and compromised over the last five years. The compromises have varied with their penetration into the network and data. The greater the attack’s expanse, the more potential for patient suffering. In late January/early February, Lurie Children’s Hospital system was compromised. This was rather significant with their phones, email, internet service, and medical equipment affected. These systems are in different operational areas in their network, which indicates this was a bit more than the usual attack. The department for penetration in the different systems is notable.

The timeframe for the affected systems was relatively short, at two days. This was still devastating for the staff and patients. The situation was further complicated by the data from the operations that did continue having to be merged into existing data sets.

With hospitals holding so much valuable data, this trend will continue if not grow. There is ample to do with all the patient PII, insurance information, medical history, and other data the hospitals have accumulate every day.

To rebound from this is much more than getting the systems up. The security staff needs to also understand the attack vector and how it was implemented, what systems were breached (not only the ones that were overly noticed), and what data was accessed.

The hospital has much work to do with the incident response. This unfortunately is a prime example of what can happen. Systems need not only be secured but monitored and the tooling reviewed at a regular cadence. Just like the industry is dynamic, so is the tolling. There may be better options or configurations available in the next review cycle.

 


Services 

Enterprise and Embedded System Cybersecurity Engineering & Architecture


Red Team Product Pentesting   |   HW & SW BoMs  |   CBoM  | 

Vulnerability Management   |   Tabletop Exercises (TTX)   | 

Embedded Systems Architecture   |   Threat Intelligence   | 

TARA (Threat Assessment and Remediation Analysis) |

Supply Chain Cybersecurity Review 

Reverse Engineering


 charles.parker@mielcybersecurity.net 810-701-5511