Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 2 of 2
Full-Text Articles in Physical Sciences and Mathematics
Exchanging Demands: Weaknesses In Ssl Implemenations For Mobile Platforms, Peter Hannay, Clinton Carpene, Craig Valli, Andrew Woodward, Mike Johnstone
Exchanging Demands: Weaknesses In Ssl Implemenations For Mobile Platforms, Peter Hannay, Clinton Carpene, Craig Valli, Andrew Woodward, Mike Johnstone
Clinton Carpene
The ActiveSync protocol’s implementation on some embedded devices leaves clients vulnerable to unauthorised remote policy enforcement. This paper discusses a proof of concept attack against the implementation of ActiveSync in common Smart phones including Android devices and iOS devices. A two‐phase approach to exploiting the ActiveSync protocol is introduced. Phase 1 details the usage of a man‐in‐the‐middle attack to gain a vantage point over the client device, whilst Phase 2 involves spoofing the server‐side ActiveSync responses to initiate the unauthorised policy enforcement. These vulnerabilities are demonstrated by experiment, highlighting how the system can be exploited to perform a remote factory …
Eavesdropping On The Smart Grid, Craig Valli, Andrew Woodward, Clinton Carpene, Peter Hannay, Murray Brand, Reino Karvinen, Christopher Holme
Eavesdropping On The Smart Grid, Craig Valli, Andrew Woodward, Clinton Carpene, Peter Hannay, Murray Brand, Reino Karvinen, Christopher Holme
Clinton Carpene
An in-situ deployment of smart grid technology, from meters through to access points and wider grid connectivity, was examined. The aim of the research was to determine what vulnerabilities were inherent in this deployment, and what other consideration issues may have led to further vulnerability in the system. It was determined that there were numerous vulnerabilities embedded in both hardware and software and that configuration issues further compounded these vulnerabilities. The cyber threat against critical infrastructure has been public knowledge for several years, and with increasing awareness, attention and resource being devoted to protecting critical in the structure, it is …