Presentations
Zero-day flaws found in IoT baby monitors and give attackers access to camera feeds
Author: Adriano Bessa
Abstract
Newborns and children need to be watched most of the time and their parents are unable to deal with this necessity and resort to devices that help them in this task. In this way, the use of baby monitors shows a significant growth. So that these devices can be used without concern by the families, they were analyzed to find security flaws. This analysis was done by Bitdefender in order to find vulnerabilities in these IoT devices, especially in the Victure IPC360 Camera. The vulnerabilities found fall in access to stored footage in the cloud and in real time, which brings a huge lack of privacy for families who use these devices. The mitigations presented at a general level consist of restricting access so that each person has only access to what is entitled to.
Web3 Cybersecurity
Author: Ana Rita Melo
Oriented by: Prof. António Pinto and Prof. Pedro Pinto
Abstract
Web3 has its basis in blockchain and smart contract technologies, supporting secure, distributed and decentralized applications. Nonetheless, Web3 is still in a process of evolution and, as with any other software-based product, software bugs, security flaws and other vulnerabilities are expected to appear in the future. The main objective of this work is to analyse and collect security flaws in the Web3 realm. The main focus will be smart contracts that can be seen as agreements between two or more parties over the Internet. Such agreements do not require third parties and allow functions such as buying, selling, etc.
Assessment on Tools for Subdomain Enumeration
Author: Anderson Sales
Oriented by: Prof. Pedro Coutinho and Prof. Pedro Pinto
Abstract
Evaluation of open source tools for subdomain enumeration.
IT integration and cibersecurity in Mergers and Acquisitions (M&A)
Author: António Pereira
Oriented by: Prof. Estrela Cruz and Prof. Pedro Carneiro
Abstract
The process of merge and acquisitions is increasingly common and allows companies to position themselves favorably against the competition and obtain important gains in terms of processes, systems and technologies. On the other hand, the technology integration process can bring performance problems and, above all, considerable cybersecurity risks. This paper presents an overview of the M&A process, cybersecurity risks during the IT integration phase and some of the best practices that can be used to reduce the impact, mitigate risks and accelerate the integration.
Exploitation of Vulnerabilities in Indoor Spaces using BLE Beacons
Author: David Verde
Oriented by: Prof. Sara Paiva and Prof. Sérgio Lopes
Abstract
Nowadays, following the digital transformation, the indoor-location using beacons is being applied to many areas such as Healthcare (hospitals), Industrial (enterprises), Tourism/Cultural (museums) and Education (schools). The indoor-location allows the detection of someone or something inside a building. For most of the application areas, if the system is compromised there is not a greater impact besides the need of recompose it. However the situation changes for the Healthcare and Industrial contexts, in this cases if the monitoring system fails or gets compromised human lives may be at risk and the companies can have profit loss, respectively. This paper presents the main objectives and the work already done for the author's Cybersecurity Master Degree Thesis. This thesis aims to investigate different vulnerability types that already exist in indoor-location architectures that use beacons and simulate attacks to two scenarios healthcare and industry. In order to harden the security of these systems that make use of beacon's technology it is also intended to find new and more efficient ways to mitigate vulnerabilities and create an autonomous mitigation mechanism that triggers when the system is being target.
OSI Model Cybersecurity: Vulnerabilities and Mitigation Actions
Author: Emanuel Gonçalves
Oriented by: Not Defined
Abstract
Normally, the notion of cybersecurity is associated with the use of strong passwords, antivirus software, and a firewall, but it is much more than that. In fact, the remaining issues about the vulnerabilities of the layers of the OSI model are somewhat bleached, where everything effectively rests. Each layer has its own specific function, and it is important to protect the parts so that the whole is also protected. This work is an ongoing research project that consists of making known some vulnerabilities existing in the layers of the OSI model and the strategy to mitigate these weaknesses. It arose from the academic study done in the post-graduate program in cybersecurity and computer forensics.
Visibility Graphs
Author: João Lopes
Oriented by: Prof. António Pinto and Prof. Pedro Pinto
Abstract
Currently, the identification and logging of security events are increasingly necessary to obtain all the temporal details of what is happening in our computer systems. The mostt used technologies for this identification are Artificial Intelligence (AI)/Machine Learning (ML) but there are other alternatives that are gaining popularity over time. Visibility Graphs (VG) can be a great help when it comes to registering and clarifying these events, as they are able to register values and represent data through their nodes, which can be very useful to clarify security events. To increase and facilitate the visibility of security events, so that they can be analyzed by anyone with or without developer knowledge, it is intended to study and develop a system capable of translating computer security logs into VG, thus creating a quick and effective solution of translating complex events into simple data to be analyzed.
Pandemic Reflexes in the Cybersecurity Sector
Author: Luis Bernardo
Oriented by: Prof. Silvestre Malta and Prof. João Paulo Magalhães
Abstract
The pandemic that COVID-19 unleashed has caused numerous problems for society. The lockdowns that were established around the world caused everyone to find a different path from which they were accustomed to live. As far as cybersecurity is concerned, COVID-19 has brought even greater challenges, since security protocols for accessing servers and databases that were established in most companies simply ceased to exist instantly. After the first impact and with the spread of the home office, the issue of cybersecurity became a subject everywhere. Until then, users of the computer networks of companies, schools and government, had a robust structure and that was able to contain several cyber-attacks, but at home this struggle became unequal. Cyber threats have multiplied, new ones have been created and old ones have been perfected. The effective fight against these attacks, goes through everyone, from the citizen who needs to be aware of what happens around him at all, but also companies, which must invest efficiently in the training of their employees, because it is through them that the vast majority of attacks happen.
Personal Data Under the Coronavirus Pandemic
Author: Marta Silva
Abstract
A major outbreak of a new pneumonia pandemic called coronavirus struck the globe in early 2020. Governments responded fast to discover, track, and isolate patients so that doctors and nurses could work on a successfully limit viral transmission and preserve the safety of healthy people. Tracking human trajectories, touch surfaces, and other information using technology can assist us in promptly detecting the virus’s close connections. However, this type of data is considered personal data, which leads to the need to protect it. Personal data cannot be public and access to them must be controlled. Therefore, if this type of protection does not exist, when malicious elements utilize the data, it will result in unfathomable economic losses and possibly public disasters. As a result, we must pay great attention to personal privacy protection. This article focuses on data privacy at the time of a pandemic in several areas. There is also a space reserved for a highlight at the European level and for the analysis of a Portuguese application named StayAway Covid that presented a security flaw throughout this pandemic time.
Artificial Intelligence's relation with Cybersecurity
Author: Paulo Matos
Oriented by: Prof. António Cruz and Prof. Pedro Pinto
Abstract
The present study is based on the analysis of the concepts of Cybersecurity and Artificial Intelligence, focusing on how both relate to each other. Cybersecurity is becoming an extremely complicated task, as we can no longer think of blocking an attack only by resorting to humans. The advanced and automated ways in which attacks have been developing mean that the task of defence must also be automated. Artificial Intelligence, due to its particularities, meets this need. This technology has been playing an increasingly important role in Cybersecurity, even though we may still consider it to be at an early stage.
Our smart light bulbs are in danger
Author: Pedro Leão
Oriented by: Prof. Luís Barreto and Prof. Sérgio Lopes
Abstract
Over the recent years we have assisted the great expansion of Internet of Things (IoT), the IoT have, between other things, cyber physical devices (CPD). Smart light bulbs are CPD that add increased functionality and because they are a connected device they are susceptible to attacks. This paper pretends to do a exposure to Philips Hue smart light bulbs compatible with the Zigbee communication protocol. This light bulbs can be hacked by wardriving or warflying attack using a process that initializes a reset to factory defaults, and then, after that, the bulbs are taken-over. For that to be possible it was necessary to understand how the Zigbee Light Link (ZLL) protocol works and how the association of CFD like the Philips lamps occurs in Zigbee networks. This hack can be used to cause a DoS on products using the protocols and network management mechanisms identified here. It is important to identify such problems at an early stage in order to implement corrective measures as soon as possible.
The Real Threat of Deepfake: a Review of Portuguese Policy
Author: Rafael Kuhl
Abstract
The legal system as it stands is finding it increasingly difficult to keep up with the rapid pace at which computer technology has been advancing over the past few decades. As a result, we are experiencing genuine revolutions in our day-to-day lives as a result of these changes. Artificial intelligence is one of the technologies and trends that has the greatest unexplored potential. Despite this, it produces incredible results, which, like the results of any technology, are not always positive. Deepfake is a method that makes use of artificial intelligence in order to manipulate visual content like photographs and videos. Illicit activities, including blackmail and spreading false information, have more frequently made use of this method. In this article, I hope to provide an overview of the Portuguese legal.
Blockchain Smart Contracts Vulnerabilities
Author: Ricardo Silva
Oriented by: Prof. Pedro Coutinho and Prof. Pedro Pinto
Abstract
Blockchain technology has become part of our daily life. Something that a few years ago was a proof of concept has been developed over the last few years and we can say that we are facing a mature technology. Since it is not a regulated activity it introduces some challenges in terms of security issues. The focus of this paper are the smart contracts of the Ethereum network, since they may involve substantial monetary amounts, it is essential to ensure their correct execution. It is therefore important to analyze and evaluate the source code of smart contracts to detect and mitigate possible security flaws. The purpose of this paper is to provide a point of aggregation of information scattered over several published articles and other sources, thus highlighting points of concern regarding the security of smart contracts when executed in a Ethereum blockchain environment.
GDPR vs LGPD
Author: Rita Peres
Oriented by: Prof. Pedro Carneiro
Abstract
In an increasingly digital world, it is important that the personal data we make available daily in the most varied contexts and services are protected. The objective of this work is to compare the main differences between the RPGD applied by Portuguese law and Brazilian law.
Implementation of Records of Processing Activities (RPA) in CHULC
Author: Sara Pinheiro
Abstract
The hospital environment is probably the type of institution/organization that collects the most personal data from each person that passes by – being them a patient, professional or subcontractor –, making it of extreme importance the rigorous control of the Records of Processing Activities (RPA) of personal data to avoid at all costs the misuse or malicious use of these data. This article uses the Central Lisbon University Hospital Centre (CHULC – Centro Hospitalar Universitário de Lisboa Central, E.P.E) and the implementation process of the RPA.
Survey and exploration of vulnerabilities of Virtual Reality Headsets used on healthcare context
Author: Tânia Silva
Oriented by: Prof. Sara Paiva and Prof. António Pinto
Abstract
Nowadays, Virtual Reality and Augmented Reality systems are no longer exclusively associated with the gaming industry. Its potential is shown also useful to other business areas, being more advantageous to the healthcare, automotive and educational industries, based on the statistics of Finances Online. Industries need to accompany technological advances and improve their business process. The adoption of these technologies is advantageous for companies since it can bring a reduction in economic and time-consume perspectives and improve the efficiency of processes. However, no device is 100% secure and a security flaw can compromise an entire business process and in the worst-case scenario bring serious damage to the individuals involved. Before implementing VR or AR technologies companies must be aware of potential cyberattacks and security risks that these systems are under. This study pretends to present a survey of attacks related to VR and AR scenarios and their impact on the industries of healthcare, automation, education and gaming. This classification intends to guide the companies that want to implement VR and AR systems in their operations. They will be aware of the possible cyberattacks that can affect the devices and its impact on their business domain.
