STM Announces New Cyber Threat Status Report

Tarih: Issue 96 - December 2019

Raw Materials of Cyber Attacks: Personal Data

The Cyber Threat Report published quarterly by STM emphasized the risks posed to both states and the public due to the threat of personal data that is shared on the internet being maliciously processed.

In cyberspace, where information is commercialized and transformed into a threat risk, policies regarding the protection of personal data and data privacy are of great importance. The report noted that with every interaction on the internet, individuals are transforming into cyber tools that are used and manipulated for commercial or political purposes, while the stored information is processed like digital raw material through technologies such as data mining, artificial intelligence and machine learning. In this way, an infrastructure containing profiles of individuals and their tendencies is obtained. It was emphasized that according to the intention of those holding the data, there are serious threats, the target and scale of which vary, in political and social terms.

Personal Data in Turkey Protected with Superior Measures

Issues on personal data protection and data privacy are evaluated within the scope of the Law on Protection of Personal Data, which is regarded as a protection and evaluation guide in Turkey. The circular on “Information and Communication Security Measures” prepared with the contributions of the Presidential Digital Transformation Office and published on July 6, 2019 by the Presidential decree, carries the measures taken in our country to a higher level. The Circular is an important guideline for the protection of highly critical information such as population, health, communication, genetic and biometric data. The guideline that describes the measures to be taken and the principles for implementation of these measures aims to minimize security risks and escalate the security of critical data to the top level.

Acoustic Systems May Turn into Cyber Weapons!

STM's Cyber Threat Status Report warned against the vulnerabilities contained in smart devices that we use in our daily lives. The fact that the speakers used in devices such as computers, telephones, televisions and sound systems can emit frequencies beyond hearing range gives  this feature the possibility to be used as a weapon. Research reveals that manipulated speakers may cause not only simple physical reactions in humans, such as browsing specific web pages, but also hearing loss or psychological discomfort depending on the volume of sound. It was mentioned that in order to prevent such acoustic attacks, both hardware and software related measures should be taken.

Driver Systems in Vehicles also on Attackers’ Radar 

Autonomous systems that support users in their daily lives to increase security levels turn into a new attack area for attackers. The report pointed out that Advanced Driver Assistance Systems (ADAS), the key component of autonomous systems that aim to prevent accidents, can be deceived by machine learning. Tests on the Mobileye system that directs the driver with capabilities such as lane departure warning, collision avoidance and recognition of traffic signs indicate that attacks can be carried out to risk human life by deceiving the ADAS systems. Although it seems that risks can be mitigated, experts say that the systems are exposed to new attack vectors such as GPS deception, imitation of transceivers by radio frequencies and interference generation.

Bluetooth Makes Credit Card Cloning Easier 

Misuse of Bluetooth technologies makes credit card users extremely vulnerable to theft attacks. Referring to the security gaps in practice, the report mentioned a method of theft through hardware called a "skimmer" that is placed on devices where the credit cards are read. The Bluetooth connection of this malicious hardware, which allows the cloning of credit card information and passwords and which is extremely difficult to detect, facilitates the attack by providing remote access to the attacker. Investigations to prevent this vulnerability make the detection of it quite difficult, while the devices using Bluetooth make it easier to detect the attack.

Cyber Threat at Home!

The security gaps of systems having Internet of Things (IoT) technology, which are becoming increasingly common today, make devices vulnerable to several attacks. The report emphasized the risks posed by the systems used in homes and referred to a study which reveals access vulnerability of 20 to 50 percent of 83 million IoT devices in 16 million households across the world. The security gaps encourage attackers towards cost-effective attacks such as seizing the local network at home with Distributed Denial-Of-Service (DDoS) methods. Experts underlined that more strict measures should be taken against vulnerabilities in IoT devices that are protected by weak passwords.