Academic literature on the topic 'Hacking'

This Thesis explores the nature and practice of ‘Ethical Hacking’. Ethical Hackers are individuals who use hacking skills, knowledge and techniques within legitimate authorised practice; they are employed to Hack. A Critical Realist methodological approach is employed in order to gain a qualitative understanding of a real phenomenon through a range of key informants who provide personal narratives within semi-structured interviews, commenting upon their own realities, and their perceptions of the field in which they work. A Bounded Rational Model of decision making reveals that decisions relating to involvement in criminality and individual Hacking events are made through a process of reasoning, of approximating the net gains and losses of a particular course of action, and that these decisions are ‘bounded’ by social norms, ethical approaches and the personal motivations and social circumstances within which the decisions and behaviour are framed.

El business hacking como marco en la transformación empresarial tangible, medible y sontenible. La digitalización y las altas expectativas de los consumidores están cambiando radicalmente la forma en que interactuamos, y las organizaciones que saben cómo gestionarlo tendrán éxito. El marco de business hacking tiene como objetivo hacer que la transformación sea tangible y medible, haciendo que el cambio sea sostenible y encontrando nuevas formas de optimizar la cultura y el impacto empresarial. pasando por todo un modelo accionable de adquisiciòn y retenciòn basado en medios digitales

<p> Langdon Winner's article "Do Artifacts Have Politics?" (1986) has become a classic piece within Science and Technology Studies. While Winner was certainly not the first to consider the inherently political qualities of technology, his article has assumed the role of a touchstone for both supporters and critics of the idea that artifacts embody political and social relationships. In the chapters that follow, I shall try to answer Winner and his critics, by studying a particular technology that I believe to be capable of shedding some much-needed light on the issue. My aim is provide a restatement of Winner's question in the pages that follow, with the hope of getting past such problematic terms as "embodiment" and "encapsulation." My hope is to make the issue itself clearer, so that we can get to the heart of how technology, values, and human beings systematically interact. </p><p> I shall utilize in my discussion computer network scanning software. I shall first discuss the background to the question "Do Artifacts Have Politics?" and then describe some of the ethical and political forces alive in the computer security world. Next I shall closely examine two particular pieces of network scanning software and describe their interactions in terms of political and ethical motivations. Finally, I shall use this case study as a basis for a broader discussion of how values may be better conceived in terms of complex interactive systems of human beings and technologies.</p><br>Master of Science

ICT for Sustainability is a growing research area looking at the potential of information and communication technologies for contributing to sustainability. The existing work in this area can be grouped in four main categories: The optimization of existing systems using ICT, the dematerialization of cultural assets and presence, the use of technology for behavioral change, and the support of sustainability practice and research. Within this research area, this thesis focuses on exploring how new technologies and approaches of working with data, such as APIs, mashups, crowdsourcing, open data, and dynamic visualizations, can be applied to sustainability and sustainability practice. This thesis follows a research through design method, where applications, prototypes, and events were created and released following an iterative design process. Five different design artifacts or “hacks” are presented and analyzed together as a portfolio. This collection of artifacts is a practical exploration of the research questions and it embodies the results. Based on the created artifacts, this text argues that the new technologies and paradigms coming from ICT can transform how sustainability work is performed, by changing the way that sustainability data is created, shared and visualized. This new “data-driven” approach is characterized by a bottom-up way of data gathering, automatic data collection and crowdsourcing, a real time orientation, a focus on transparency and openness, dynamic and interactive visualizations, and new approaches to innovation. These characteristics create new opportunities for making sustainability practice more effective and broaden its impact, but they also create new problems and increase existing risks. Finally it is argued that while information and communication technologies are usually treated as tools, these innovations in ICT for Sustainability are not only technological, but also cultural. The hacker ethic values connected with computer technologies, such as an open way of sharing knowledge, the focus on creativity as a driving force, and a hands-on approach, are key for understanding this research area and an important part of the contribution from ICT to sustainability.<br><p>QC 20131213</p>

El presente es un curso de especialidad de la carrera Ingeniería de Redes y Comunicaciones EPE, de carácter teórico, dirigido a los estudiantes del nivel 12 de la carrera, que busca desarrollar la competencia general de pensamiento critico nivel 3 y la competencia específica B - Capacidad para diseñar y realizar experimentos y analizar e interpretar los datos en Ingeniería de Redes y Comunicaciones - nivel 3. Este curso permitirá al alumno conocer los principales vectores de ataque que se despliegan sobre los sistemas a nivel mundial, permitiéndole reconocer las vulnerabilidades, como se explotan las debilidades en los sistemas y ayudarle a proteger los activos de las amenazas.

The last couple of years has seen a rapid growth in smart devices. The smart devices are exponentially gaining more popularity both as a complement to our daily lives in the form of IoT products aiding in our everyday tasks and as a way we communicate and work. An estimation of 75.44 billion devices will be connected to the internet by 2025. With the rapid development and normalization of IoT devices, questions regarding privacy has never been more important. This thesis focuses on privacy in relation to one of the most emerging technologies, drones.  Drones have been discussed frequently in both governmental and commercial sectors for its inevitable normalization in the airspace. Previously privacy and drones has been researched and discussed from the point of view of which drones are used to infringe on people’s privacy. This thesis explores privacy from another point of view, the view of the drone owner. By exploring privacy from the drone users’ point of view, this thesis shows the importance of better privacy measurements by proposing a conceptual model to existing popular privacy definitions. To investigate privacy in this context, a case has been conducted which proved and validated what kind of data is at risk of being hijacked. The thesis provides a conceptual model that aims to help commercial drone owners to analyze how privacy infringements can occur, why they could occur and how to account for them in the future. Furthermore, the thesis highlights the vulnerability that WIFI dependent devices poses with DDoS attacks. The findings of this thesis show that an infringement of privacy regarding commercial drones requires more clear privacy regulations and definitions, as well as highlighting privacy vulnerabilities in commercial drones.

Obemannade luftfarkoster, även kallade drönare, är del av IoT-revolutionen och har uppmärksammats de senaste åren på grund av integritetsfrågor såväl som flygplats- och militär säkerhet. Då de kan flyga samt har implementerat en ökande mängd teknologi, särskilt kamera och annan övervakning, är de attraktiva måltavlor för hackers och penetrationstestare. Ett antal attacker har genomförts i närtid. I detta examensarbete utforskas och attackeras drönaren Parrot ANAFI genom att använda hotmodellering ur ett black box-perspektiv. Hotmodelleringen inkluderar hotidentifiering med STRIDE samt riskvärdering med DREAD. Inga stora svagheter i systemet hittades. Rapporten visar att tillverkaren har en stor säkerhetsmedvetenhet. Exempel på denna medvetenhet är att tidigare rapporterade svagheter har åtgärdats och programkoden har förvrängts. Metoderna och de funna resultaten kan användas för att vidare utforska svagheter i drönare och liknande IoT-enheter.<br>Unmanned aerial vehicles, commonly known as drones, are part of the IoT revolution and have gotten some attention in recent years due to privacy violation issues as well as airport and military security. Since they can fly and have an increasing amount of technology implemented, especially camera and other surveillance, they are attractive targets for hackers and penetration testers. A number of attacks have been carried out over the years. In this thesis the Parrot ANAFI drone is explored and attacked using threat modeling from a black box perspective. The threat modeling includes identifying threats with STRIDE and assessing risks with DREAD. Major vulnerabilities in the system were not found. This report shows that the manufacturer has a high security awareness. Examples of this awareness are that previously reported vulnerabilities have been mitigated and firmware code has been obfuscated. The methods used and results found could be used to further explore vulnerabilities in drones and similar IoT devices.

As the Internet of Things is gaining more traction in the market, people are becoming more comfortable with having their daily equipment connected to the internet, fewer are taking the security aspect seriously. By attempting an attack on the Telia Sense, an IoT device connected to a car, it is shown how an attacker could try to compromise this type of system and how developers and engineers in the field can test their devices. Information from the device was obtained, including debug information and program code. Telia Sense was found to be a well secured device with a lot of thought and consideration given towards cyber security, therefore a successful attack was not able to be performed. However, the methods and procedures described in this paper are still valid and does aid in securing a device.

The number of IoT systems in our homes has exploded in recent years. By 2025 it is expected that the number of IoT devices will reach 38 billion. Home alarm systems are an IoT product that has increased dramatically in number and complexity in recent years. Besides triggering an alarm when an intruder tries to break in, a modern system can now control your light bulbs, lock and unlock your front door remotely, and interact with your smart speaker. They are undeniably effective in deterring physical intrusion. However, given the recent rise in complexity how well do they hold up against cyber attacks? In this thesis, a smart home alarm system from SecuritasHome is examined. A comprehensive security analysis was performed using penetration testing techniques and threat modeling. The work focused mainly on radio frequency (RF) hacking against the systems RF communication. Among other things, a critical vulnerability was found in the proprietary RF protocol, allowing an attacker to disarm an armed system and thus completely bypass the system’s functionality. The security of the system was deemed to be lacking.<br>Antalet IoT system i våra hem har exploderat de senaste åren. Vid år 2025 förväntas antalet IoT enheter nå 38 miljarder. Hemlarmsystem är en typ av IoT-produkt som ökat dramatiskt i komplexitet på senare tid. Förutom att framkalla ett larm vid ett intrång kan ett modernt hemlamsystem numera kontrollera dina glödlampor, låsa och låsa upp din ytterdörr, samt kontrollera dina övervakningskameror. De är utan tvekan effektiva på att förhindra fysiska intrång, men hur väl står de emot cyberattacker? I denna uppsats undersöks ett hemlarmsystem från SecuritasHome. En utförlig säkerhetsanalys gjordes av systemet med penetrationstestnings-metodiker och hotmodellering. Arbetet fokuserade mestadels på radiovågshackning (RF) mot systemets RF-kommunikation. Bland annat hittades en kritiskt sårbarhet i systemets RF-protokoll som gör det möjligt för en angripare att avlarma ett larmat system, och därmed kringå hela systemets funktionalitet. Säkerheten av systemet bedömdes vara bristfällig.