Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
- File Type
Articles 1 - 4 of 4
Full-Text Articles in Physical Sciences and Mathematics
Exchanging Demands: Weaknesses In Ssl Implemenations For Mobile Platforms, Peter Hannay, Clinton Carpene, Craig Valli, Andrew Woodward, Mike Johnstone
Exchanging Demands: Weaknesses In Ssl Implemenations For Mobile Platforms, Peter Hannay, Clinton Carpene, Craig Valli, Andrew Woodward, Mike Johnstone
Clinton Carpene
The ActiveSync protocol’s implementation on some embedded devices leaves clients vulnerable to unauthorised remote policy enforcement. This paper discusses a proof of concept attack against the implementation of ActiveSync in common Smart phones including Android devices and iOS devices. A two‐phase approach to exploiting the ActiveSync protocol is introduced. Phase 1 details the usage of a man‐in‐the‐middle attack to gain a vantage point over the client device, whilst Phase 2 involves spoofing the server‐side ActiveSync responses to initiate the unauthorised policy enforcement. These vulnerabilities are demonstrated by experiment, highlighting how the system can be exploited to perform a remote factory …
Exposing Potential Privacy Issues With Ipv6 Address Construction, Clinton Carpene, Andrew Woodward
Exposing Potential Privacy Issues With Ipv6 Address Construction, Clinton Carpene, Andrew Woodward
Clinton Carpene
The usage of 128 bit addresses with hexadecimal representation in IPv6 poses significant potential privacy issues. This paper discusses the means of allocating IPv6 addresses, along with the implications each method may have upon privacy in different usage scenarios. The division of address space amongst the global registries in a hierarchal fashion can provide geographical information about the location of an address, and its originating device. Many IPv6 address configuration methods are available, including DHCPv6, SLAAC (with or without privacy extensions), and Manual assignment. These assignment techniques are dissected to expose the identifying characteristics of each technique. It is seen …
Eavesdropping On The Smart Grid, Craig Valli, Andrew Woodward, Clinton Carpene, Peter Hannay, Murray Brand, Reino Karvinen, Christopher Holme
Eavesdropping On The Smart Grid, Craig Valli, Andrew Woodward, Clinton Carpene, Peter Hannay, Murray Brand, Reino Karvinen, Christopher Holme
Clinton Carpene
An in-situ deployment of smart grid technology, from meters through to access points and wider grid connectivity, was examined. The aim of the research was to determine what vulnerabilities were inherent in this deployment, and what other consideration issues may have led to further vulnerability in the system. It was determined that there were numerous vulnerabilities embedded in both hardware and software and that configuration issues further compounded these vulnerabilities. The cyber threat against critical infrastructure has been public knowledge for several years, and with increasing awareness, attention and resource being devoted to protecting critical in the structure, it is …
Looking To Iphone Backup Files For Evidence Extraction, Clinton Carpene
Looking To Iphone Backup Files For Evidence Extraction, Clinton Carpene
Clinton Carpene
iPhone logical backup files can provide forensic examiners with almost the entire contents of its host phone up until the point that the backup took place. This paper serves to provide an overview of the information attainable via the analysis of an iPhone backup, making references to the applicability of such analysis in the digital forensics field. The paper introduces the backup directories for various common operating systems, and exposes the contents. Information about the property lists (plist files) containing information about the backed-up device and its contents are detailed, along with the mbdb/mbdx database files, and finally the extension-less …