Global guru to unpack NSA Playset
To fully understand the weaknesses in cyber security systems in the future, information security practitioners must consider a wide range of adversaries, including those with the capabilities of the National Security Agency (NSA).
So says Michael Ossmann, founder of Great Scott Gadgets, who will present at the upcoming ITWeb Security Summit 2015, to be held in Johannesburg next month. Ossmann's international keynote: "The NSA Playset - a year of toys and tools" is among more than 30 presentations from subject matter experts at this 10th annual essential update for infosec decision-makers.
"I think that many people in the information security community were caught off guard when details were leaked about the NSA's capabilities. We knew about software vulnerabilities, but perhaps we didn't think about how easy it was to assemble an arsenal of practical attacks. We knew about hardware vulnerabilities, but we didn't know they were being exploited by entities with the power to intercept shipments on a large scale," says Ossmann.
"The NSA Playset is a fun way to show people that the tools used by nation-states are accessible to anyone. RF retroreflectors are among the most interesting tools in the NSA Playset. For many years, it has been known that an attacker can extract private information from the unintentional radio transmissions of electronic devices."
However, RF retroreflectors show it is possible for an attacker to induce such emissions by transmitting a radio signal at a target device. It is an entirely new area of emission security that, while hinted at for decades, has never before been studied in public, says Ossmann.
He adds that as defences become better, attackers are increasingly turning to hardware. "If you can't trust the hardware, you can't trust anything. The NSA Playset shows us how hard it is to have trustworthy hardware, and challenges us to find solutions for the future."
ITWeb Security Summit 2015 takes place at Vodacom World in Midrand from 26 to 28 May. Click here to find out more and to register.