April 2017 Digital Edition

Click Here

March 2017 Digital Edition

Click Here

Feb. 2017 Digital Edition

Click Here

January 2017 Digital Edition

Click Here

Nov/Dec 2016 Digital Edition

Click Here

Oct 2016 Digital Edition

Click Here

Technology Sectors

Market Sectors

DARPA to look for hidden entrances in commercial IT devices

Department of Defense researchers are looking for the hidden pathways into the everyday electronic gear used by consumers in the hope of preventing those devices from being turned into gateways for electronic attack or spying.

A new program unveiled by the Defense Advanced Research Project Agency (DARPA) on Nov. 29 looks to reveal the backdoors and other hidden malicious functionality in commercial information devices, like cell phones, routers and other networked consumer devices.

DARPA started the Vetting Commodity IT Software and Firmware (VET) program and announced a December 12th Proposers’ Day in Arlington, VA. Participants will be briefed on the program and anticipated solicitation, it said.

A scenario that uses the widespread dissemination of commercial technology secretly wired to function in unintended ways or even spy on its users, is a situation that information security experts dread, said DARPA. Mobile phones, network routers, computer work stations and any other device hooked up to a network can provide a point of entry for an adversary.

For the Department of Defense, said DARPA, the issue is even more of a concern as DoD personnel rely on equipment bought in large quantities and built with components manufactured all over the world. DoD’s growing dependence on the global supply chain makes device, software and firmware security an imperative, said the agency. Backdoors, malicious software and other vulnerabilities unknown to the user could enable an adversary to use a device to accomplish a variety of harmful objectives, including the exfiltration of sensitive data and the sabotage of critical operations. Determining the security of every device DoD uses in a timely fashion is beyond current capabilities. 

To address the threat of malicious code, DARPA said on Nov. 29 that it was starting VET program to look for innovative, large-scale approaches to verifying the security and functionality of commodity IT devices  --  the commercial information technology devices bought by DoD  --  to ensure they are free of hidden backdoors and malicious functionality.

On December 12th, DARPA will host a Proposers’ Day in Arlington, VA. Participants will be briefed on the program and anticipated solicitation, it said.

“DoD relies on millions of devices to bring network access and functionality to its users,” said Tim Fraser, DARPA program manager. “Rigorously vetting software and firmware in each and every one of them is beyond our present capabilities, and the perception that this problem is simply unapproachable is widespread. The most significant output of the VET program will be a set of techniques, tools and demonstrations that will forever change this perception.”

 VET will attempt to address three technical challenges: 

  • Defining malice:  Given a sample device, how can DoD analysts produce a prioritized checklist of software and firmware components to examine and broad classes of hidden malicious functionality to rule out? 
  • Confirming the absence of malice:  Given a checklist of software and firmware components to examine and broad classes of hidden malicious functionality to rule out, how can DoD analysts demonstrate the absence of those broad classes of hidden malicious functionality?
  • Examining equipment at scale:  Given a means for DoD analysts to demonstrate the absence of broad classes of hidden malicious functionality in sample devices in the lab, how can this procedure scale to non-specialist technicians who must vet every individual new device used by DoD prior to deployment?
 

Recent Videos

HID Global is opening the door to a new era of security and convenience.  Powered by Seos technology, the HID Mobile Access solution delivers a more secure and convenient way to open doors and gates, access networks and services, and make cashless payments using phones and other mobile devices. ...
Mobile device forensics can make a difference in many investigations, but you need training that teaches you how to get the most out of your mobile forensics hardware and software, and certifies you to testify in court. Read this white paper to learn how to evaluate mobile forensics training...
PureTech Systems is a software company that develops and markets PureActiv, its geospatial analytics solution designed to protect critical perimeters and infrastructure.  Its patented video analytics leverage thermal cameras, radars and other perimeter sensors to detect, geo-locate, classify, and...
PureTech Systems is a technology leader in the use of geospatial video, focusing on perimeter security.  When combining geospatial capabilities with video analytics and PTZ camera control, managers of critical facilities can benefit by allowing the video management system to aid them in the process...