DOCSLIB.ORG

Threat Analysis of Smart Home Assistants Involving Novel Acoustic Based Attack-Vectors

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Threat Analysis of Smart Home Assistants Involving Novel Acoustic Based Attack-Vectors Master of Science in Engineering: Computer Security June 2019 Threat Analysis of Smart Home Assistants Involving Novel Acoustic Based Attack-Vectors Adam Björkman Max Kardos Faculty of Computing, Blekinge Institute of Technology, 371 79 Karlskrona, Sweden This thesis is submitted to the Faculty of Computing at Blekinge Institute of Technology in partial fulfilment of the requirements for the degree of Master of Science in Engineering: Computer Security. The thesis is equivalent to 20 weeks of full time studies. The authors declare that they are the sole authors of this thesis and that they have not used any sources other than those listed in the bibliography and identified as references. They further declare that they have not submitted this thesis at any other institution to obtain a degree. Contact Information: Author(s): Adam Björkman E-mail: [email protected] Max Kardos E-mail: [email protected] University advisers: Assistant Professor Fredrik Erlandsson Assistant Professor Martin Boldt Department of Computer Science and Engineering Faculty of Computing Internet : www.bth.se Blekinge Institute of Technology Phone : +46 455 38 50 00 SE–371 79 Karlskrona, Sweden Fax : +46 455 38 50 57 Abstract Background. Smart home assistants are becoming more common in our homes. Often taking the form of a speaker, these devices enable communication via voice commands. Through this communication channel, users can for example order a pizza, check the weather, or call a taxi. When a voice command is given to the assistant, the command is sent to cloud services over the Internet, enabling a multi- tude of functions associated with risks regarding security and privacy. Furthermore, with an always active Internet connection, smart home assistants are a part of the Internet of Things, a type of historically not secure devices. Therefore, it is crucial to understand the security situation and the risks that a smart home assistant brings with it. Objectives. This thesis aims to investigate and compile threats towards smart home assistants in a home environment. Such a compilation could be used as a foundation during the creation of a formal model for securing smart home assistants and other devices with similar properties. Methods. Through literature studies and threat modelling, current vulnerabili- ties towards smart home assistants and systems with similar properties were found and compiled. A few vulnerabilities were tested against two smart home assistants through experiments to verify which vulnerabilities are present in a home environ- ment. Finally, methods for the prevention and protection of the vulnerabilities were found and compiled. Results. Overall, 27 vulnerabilities towards smart home assistants and 12 towards similar systems were found and identified. The majority of the found vulnerabilities focus on exploiting the voice interface. In total, 27 methods to prevent vulnerabili- ties in smart home assistants or similar systems were found and compiled. Eleven of the found vulnerabilities did not have any reported protection methods. Finally, we performed one experiment consisting of four attacks against two smart home assis- tants with mixed results; one attack was not successful, while the others were either completely or partially successful in exploiting the target vulnerabilities. Conclusions. We conclude that vulnerabilities exist for smart home assistants and similar systems. The vulnerabilities differ in execution difficulty and impact. How- ever, we consider smart home assistants safe enough to usage with the accompanying protection methods activated. Keywords: Smart home assistants, threats, voice interface, vulnerability, exploit i Sammanfattning Bakgrund. Smarta hemassistenter blir allt vanligare i våra hem. De tar ofta formen av en högtalare och möjliggör kommunikation via röstkommandon. Genom denna kommunikationskanal kan användare bland annat beställa pizza, kolla väderleken eller beställa en taxi. Röstkommandon som ges åt enheten skickas till molntjänster över internet och möjliggör då flertalet funktioner med associerade risker kring säker- het och integritet. Vidare, med en konstant uppkoppling mot internet är de smarta hemassistenterna en del av sakernas internet; en typ av enhet som historiskt sett är osäker. Således är det viktigt att förstå säkerhetssituationen och riskerna som medföljer användningen av smarta hemassistenter i en hemmiljö. Syfte. Syftet med rapporten är att göra en bred kartläggning av hotbilden mot smarta hemassistenter i en hemmiljö. Dessutom kan kartläggningen fungera som en grund i skapandet av en modell för att säkra både smarta hemassistenter och andra enheter med liknande egenskaper. Metod. Genom literaturstudier och hotmodellering hittades och sammanställdes nuvarande hot mot smarta hemassistenter och system med liknande egenskaper. Nå- gra av hoten testades mot två olika smarta hemassistenter genom experiment för att säkerställa vilka hot som är aktuella i en hemmiljö. Slutligen hittades och sam- manställdes även metoder för att förhindra och skydda sig mot sårbarheterna. Resultat. Totalt hittades och sammanställdes 27 stycken hot mot smarta hemassis- tenter och 12 mot liknande system. Av de funna sårbarheterna fokuserar majoriteten på manipulation av röstgränssnittet genom olika metoder. Totalt hittades och sam- manställdes även 27 stycken metoder för att förhindra sårbarheter i smarta hemas- sistenter eller liknande system, varav elva sårbarheter inte förhindras av någon av dessa metoder. Slutligen utfördes ett experiment där fyra olika attacker testades mot två smarta hemassistenter med varierande resultat. En attack lyckades inte, medan resterande antingen helt eller delvis lyckades utnyttja sårbarheterna. Slutsatser. Vi konstaterar att sårbarheter finns för smarta hemassistenter och för liknande system. Sårbarheterna varierar i svårighet att uföra samt konsekvens. Dock anser vi att smarta hemassistenter är säkra nog att använda med medföljande sky- ddsmetoder aktiverade. Nyckelord: Smarta hemassistenter, hotbild, röstgränssnitt, sammanställning, at- tack iii Acknowledgments We want to thank Martin Boldt and Fredrik Erlandsson for their supervision and guidance during the thesis. We also want to thank Knowit Secure, its employees, and our company supervisor Mats Persson, for their motivation and expertise. Finally, we would like to thank our families for their unrelenting support. v Contents Abstract i Sammanfattning iii Acknowledgments v 1 Introduction 1 1.1 Problem Description and Research Gap . 2 1.2 Aim and Research Questions . 2 1.3 Scope and Limitations . 3 1.4 Document Outline . 3 2 Background 5 2.1 Smart Home Assistant . 5 2.1.1 Amazon Echo . 6 2.1.2 Google Home . 6 2.2 Application Programming Interface . 6 2.3 Automatic Speech Recognition . 7 2.4 Speaker Recognition . 7 2.5 Threats Towards Smart Home Assistants . 7 2.5.1 Threat Mitigation . 8 2.5.2 Threat Classification . 8 2.5.3 Vulnerability Databases . 8 2.6 Threat Modelling . 8 2.6.1 STRIDE . 8 3 Related Works 11 4 Method 13 4.1 Systematic Literature Review . 13 4.1.1 Database Selection . 13 4.1.2 Selection Criteria . 14 4.1.3 Quality Assessment . 14 4.1.4 Data Extraction Strategy and Synthesis . 15 4.2 Threat Assessment of Smart Home Assistants . 15 4.2.1 Keywords . 15 4.2.2 Quality Assessment Criteria . 16 4.3 Threat Assessment of Similar Systems . 17 vii 4.3.1 Keywords . 17 4.3.2 Quality Assessment Criteria . 18 4.4 Threat Modelling . 18 4.4.1 Generalised STRIDE Analysis . 18 4.5 Experiment Design . 19 4.5.1 Experiment Environment . 20 4.5.2 Functionality Test of SHA . 20 4.5.3 Chosen Attacks . 20 4.5.4 Experiment Layout . 20 4.6 Experiment Execution . 21 4.6.1 Replay Attack . 22 4.6.2 Adversarial Attack Using Phsychoacoustic Hiding . 23 4.6.3 Harmful API Behaviour . 24 4.6.4 Unauthorised SHA Functionality . 25 5 Results 27 5.1 Threat Status of Smart Home Assistants . 27 5.1.1 Vulnerabilities . 28 5.1.2 Protection Methods . 31 5.2 Threat Status on Similar Systems . 33 5.2.1 Vulnerabilities . 34 5.2.2 Protection Methods . 36 5.3 Threat Modelling . 37 5.3.1 Possible Threats . 37 5.3.2 Protection Methods . 39 5.4 Threat Validation on SHA . 40 5.4.1 Replay Attack . 42 5.4.2 Harmful API Behaviour . 42 5.4.3 Unauthorised SHA Functionality . 43 5.4.4 Threat Validation Summary . 44 6 Analysis and Discussion 47 6.1 Research Implications . 47 6.2 Research Question Analysis . 48 6.3 Literature Reviews . 49 6.4 Threat Modelling . 50 6.5 Experiments . 51 6.5.1 Features Not Supported . 51 6.5.2 Vulnerability Score . 52 7 Conclusions and Future Work 53 7.1 Future Works . 53 Appendices 63 A Permission Forms 65 A.1 Permission IEEEXplore . 65 viii B Scripts 67 B.1 Script for Search Result Extraction . 67 ix List of Figures 2.1 A command flow example as found in an Amazon SHA ©2018 IEEE. See Appendix A.1 for permission. 6 4.1 A generalised system targeted in the STRIDE analysis process . 19 5.1 The amount of protection methods addressing each vulnerability found during threat assessment of SHAs . 33 5.2 The amount of protection methods addressing each vulnerability found during threat assessment of similar systems . 37 5.3 The amount of protection methods addressing each SHA vulnerability generated during the threat modelling process . 40 xi List of Tables 4.1 Form describing the data extracted from the literature review papers 15 4.2 Search keywords, sorted by category, used in the threat assessment of home assistants . 16 4.3 Search keywords, sorted by category, used in the threat assessment of systems similar to smart home assistants . 17 4.4 Attacks and their corresponding target, found during the threat as- sessments, chosen for the experimentation phase . 21 5.1 The amount of papers found through each database for the threat assessment of smart home assistants . 27 5.2 Papers remaining for the threat assessment of smart home assistants, after application of selection criteria . 28 5.3 Papers remaining for the threat assessment of smart home assistants, after application of quality assessment criteria .
Load more

Recommended publications
  • Smart Speakers & Their Impact on Music Consumption
    Everybody’s Talkin’ Smart Speakers & their impact on music consumption A special report by Music Ally for the BPI and the Entertainment Retailers Association Contents 02"Forewords 04"Executive Summary 07"Devices Guide 18"Market Data 22"The Impact on Music 34"What Comes Next? Forewords Geoff Taylor, chief executive of the BPI, and Kim Bayley, chief executive of ERA, on the potential of smart speakers for artists 1 and the music industry Forewords Kim Bayley, CEO! Geoff Taylor, CEO! Entertainment Retailers Association BPI and BRIT Awards Music began with the human voice. It is the instrument which virtually Smart speakers are poised to kickstart the next stage of the music all are born with. So how appropriate that the voice is fast emerging as streaming revolution. With fans consuming more than 100 billion the future of entertainment technology. streams of music in 2017 (audio and video), streaming has overtaken CD to become the dominant format in the music mix. The iTunes Store decoupled music buying from the disc; Spotify decoupled music access from ownership: now voice control frees music Smart speakers will undoubtedly give streaming a further boost, from the keyboard. In the process it promises music fans a more fluid attracting more casual listeners into subscription music services, as and personal relationship with the music they love. It also offers a real music is the killer app for these devices. solution to optimising streaming for the automobile. Playlists curated by streaming services are already an essential Naturally there are challenges too. The music industry has struggled to marketing channel for music, and their influence will only increase as deliver the metadata required in a digital music environment.
    [Show full text]
  • Schlage Electronics Brochure
    Safer. Smarter. More stylish. SCHLAGE KEYLESS LOCKS Deliver quality and innovation with reliable access control systems from Schlage. PROVIDE YOUR CUSTOMERS WITH SIMPLE, KEYLESS SECURITY. HUB HUB HUB CONNECTION CONNECTION CONNECTION HUB HUB HUB CONNECTION CONNECTION CONNECTION FREE FREE FREE APP APP APP BUILT-IN BUILT-IN BUILT-IN WIFI WIFI WIFI SMART WIFI DEADBOLT HANDS-FREE HANDS-FREE HANDS-FREE VOICE CONTROL VOICE CONTROL VOICE CONTROL A smarter way in. The built-in WiFi of the Schlage EncodeTM Smart WiFi Deadbolt provides secure remote access from anywhere – no hubs or adapters required – making integration with smart home technology seamless and simple. LIFETIME LIFETIME LIFETIME GUARANTEE GUARANTEE GUARANTEE SMART LOCK. SMART INVESTMENT. ● Works with Schlage Home app, Key by Amazon and Ring Video Doorbell ● Use the Schlage Home app to update the lock to the latest features SECURITY AND DURABILITY EASY EASY EASY INSTALLATION INSTALLATION INSTALLATION ● Built-in alarm technology senses potential door attacks ● Highest industry ratings for residential Security, Durability and Finish ACCESS CODES ● Schedule access codes so guests can only enter when you want them to ● Lock holds up to 100 access codes The Schlage Home app provides simple setup, remote connectivity and future compatibility exclusively for the Schlage Encode Smart WiFi Deadbolt and Schlage Sense Smart Deadbolt. 3 SMART DEADBOLT Smart made easy. The Schlage Sense® Smart Deadbolt makes it easy to set up and share access with the Schlage Home app for iOS and Android™ smartphones.
    [Show full text]
  • Internet AI Roadmap: Smart Speakers in B2C and Cloud Services in B2B
    Internet AI roadmap: Smart speakers in B2C and cloud services in B2B Internet firms’ AI businesses taking shape Overweight (Maintain) The artificial intelligence (AI) businesses of global and domestic internet companies are increasingly taking shape and entering the execution phase. The most notable Industry Report development in the B2C space is the launch of AI-based voice-controlled speakers. In the B2B space, cloud services supported by AI are gaining increasing attention. June 19, 2017 B2C: Launch of voice-activated speakers and everyday services Mirae Asset Daewoo Co., Ltd. An increasing number of everyday services integrated with voice-controlled speakers and AI platforms are coming onto the scene. Amazon (NASDAQ: AMZN, [Internet/Game/Advertising] CP: US$995.17) is the current leader of this market, with its Echo smart speaker and Jee-hyun Moon Alexa virtual assistant. Last week, the company launched an Alexa-enabled smart +822-3774-1640 shopping device called Dash Wand the same day it announced its US$13.7bn [email protected] acquisition of the Whole Foods grocery chain. Also last week, NAVER’s Japanese subsidiary, LINE, unveiled smart speakers, named Wave and Champ, to which LINE will tie services like shopping and delivery. Domestically, both NAVER (035420 KS, BUY, TP: W1,160,000, CP: W878,000) and Kakao (035720 KQ, BUY, TP: W125,000, CP: W103,800) plan to release their own voice-controlled speakers this summer. B2B: Rapid growth of cloud services among firms strong in AI IT companies with strong AI capabilities are seeing rapid growth in their cloud revenue. Amazon , IBM (NYSE: IBM, CP: US$154.84), and Microsoft (NASDAQ: MSFT, CP: US$70.87) - with the Alexa, Watson, and Cortana, respectively - are enjoying double-digit growth in cloud revenue, which now makes up a meaningful percentage of overall revenue at all three companies.
    [Show full text]
  • How to Set up the Echo Spot R S PRODUCT REVIEWS 2018 HOLIDAY GIFT GUIDE DEALS HOW to FORUM
    11/29/2018 How to Set Up the Echo Spot r s PRODUCT REVIEWS 2018 HOLIDAY GIFT GUIDE DEALS HOW TO FORUM Tom's Guide / Tom's Hardware / Laptop Mag / TopTenReviews / AnandTech CYBER MONDAY DEALS Airpods Amazon Deals Apple Deals Xbox External Hard Drives 4K Smart TVs iPads Robot Vacuums All Tech Deals SMART HOME REVIEW How to Set Up the Echo Spot by MONICA CHIN Jun 8, 2018, 8:38 AM Like other Alexa-enabled smart speakers, you can use the Echo Spot to control your smart-home devices, read your texts, organize your shopping list, stream music and audiobooks, and call other Echo devices and phone lines. However, with its screen and built-in camera, the Spot can also be used to watch videos, to video chat with friends, and even to “drop in” on family members. Before you start listening, calling, and connecting your smart home, however, you’ll need to get the device up and running. Here’s our step-by-step guide. × myTo… GE Z-… Jasco… Jasco… Hone… myTo… GE Z-… 1. Turn on your Echo Spot. $14.99 $39.99 $79.99 $109.99 $39.99 $24.99 $44.99 https://www.tomsguide.com/us/hot-to-set-up-echo-spot,review-5478.html 1/6 11/29/2018 How to Set Up the Echo Spot Plug your Echo Spot into a power outlet via the included adapter. Once it’s plugged in, the Spot’s display will light up with the AmazonPRODU logoCT R andEVIE AlexaWS (the20 1artificially8 HOLIDA Yintelligent GIFT GUI DvoiceE assistantDEALS thatHOW TO FORUM powers Amazon’s smart speakers) will greet you.
    [Show full text]
  • “Clova”, an AI Assistant by LINE Users Can Get Dinner
    August 7, 2018 transcosmos inc. transcosmos offers a new skill for “Clova”, an AI assistant by LINE Users can get dinner menu ideas by saying “Clova, start Harapeco Bangohan” transcosmos inc. (Headquarters: Tokyo, Japan; President and COO: Masataka Okuda), on August 7, 2018, released its proprietary service “Harapeco Bangohan (“Hungry, let’s have dinner!”)” as a new skill for “Clova”, an AI assistant offered by LINE Corporation (Headquarters: Tokyo, Japan; Chief Executive Officer: Takeshi Idezawa). “Harapeco Bangohan!” helps anyone who has trouble coming up with everyday dinner menus. Just by saying “Clova, open “Harapeco Bangohan!” and “give me some menu ideas for tonight”, the service comes up with dinner menu suggestions from as many as 145 main dishes and 55 side dishes. What’s more, users can also get suggestions for “one more dish” (a side dish or soup) from “Japanese”, “Western”, “Chinese”, and “Korean” cuisines by simply saying “Clova, open “Harapeco Bangohan!” ” and “give me some ideas for one more dish.” With this new hands-free service, users can get dinner menu ideas - which isn’t as easy as you think - whilst taking care of household chores and their kids, without the use of a smartphone, a must-have item before. <How to use> Users can start the service simply by selecting “Harapeco Bangohan” at LINE Clova in-app skills or using voice command to activate the app by saying “Clova, start Harapeco Bangohan” directly to Clova compatible devices. Visit Clova skill store here: https://clova-skill-store.line.me/appbridge?target=main * If LINE Clova app is not installed, users will be redirected to the app store to download the app.
    [Show full text]
  • Scrolling, Swiping, Selling: Understanding Webtoons and the Data-Driven Participatory Culture Around Comics
    . Volume 17, Issue 2 November 2020 Scrolling, swiping, selling: Understanding Webtoons and the data-driven participatory culture around comics Nicolle Lamerichs, HU University of Applied Sciences Utrecht, The Netherlands Abstract: Comics cannot be isolated from their active audiences. Scholars have investigated the fans who attend San Diego Comic Con (Scott 2011), who draw their own manga (Lamerichs 2014), and who socialize at comic stores (Woo 2011). Despite this deep entwinement of comics with their audiences, comic studies and fan studies have developed as two different disciplines, which could work together more closely. Whereas comic studies often tend to center on the medium comics, fan scholars commonly investigate how audiences respond to a particular source-text, and remix or rewrite the story. In this article, I argue that comic books and their fandom is in a shift towards different platforms, business models and technologies. The platform economy is drastically changing the relationship between fans and creators. Through a case-study of the platform Webtoon, I demonstrate how contemporary comics and their interfaces are changing from texts to systems and business models. I argue that this changes the nature of the participatory culture around digital comics and their fandom from a bottom-up subculture to a data-driven economy. Keywords: Fan studies, fandom, webtoons, web comics, platform economy, comic studies Introduction Contemporary comic book fandom is rapidly developing. One reason is that the narratives and characters of comic books are increasingly rewritten for television, games and film. The conclusion of the first phase of the Marvel Cinematic Universe, Avengers: Endgame (2019), grossed nearly $2.8 billion worldwide, and became the highest-grossing film of all time (Whitten 2019).
    [Show full text]
  • Synaptics Selected by Naver to Develop AI Products Based on Audiosmart Far-Field Voice
    October 26, 2017 Synaptics Selected by Naver to Develop AI Products Based on AudioSmart Far-Field Voice Naver's Subsidiary, Line Corporation Building Broad Portfolio for Smart Home SAN JOSE, Calif., Oct. 26, 2017 (GLOBE NEWSWIRE) -- Synaptics Incorporated (NASDAQ:SYNA), the leading developer of human interface solutions, today announced it was selected by Naver Corporation of Korea, and its subsidiary, Line Corporation of Japan, to develop a variety of products that leverage Synaptics® AudioSmart® far-field voice DSPs and Line's virtual assistant, Clova. Naver's Clova-based lineup with integrated AudioSmart is focused on the Japanese and Korean markets and includes creative form-factor smart speakers, speakers with displays, and many other innovative projects. Naver/Line Products with AudioSmart Far-Field Voice DSPs: Wave: Clova-based smart speaker Face: Clova-based smart speaker with display Friends: Clova-based smart speaker with whimsical form-factors "Naver is very pleased with the design consultation and advanced audio processor technology from Synaptics in support of the development of exciting new products and the huge benefit of getting to market much faster," said Han Seong-sook, CEO at Naver. "It has been terrific working with Naver and Line on these projects. The opportunity for Clova-based products integrated with Synaptics' far-field voice for the Japan and Korea markets is broad, with large OEMs interested in deploying voice compatibility with interactive toys, robotics, and household appliances among the more traditional smart speaker applications," said Saleel Awsare, vice president and general manager, Audio and Imaging Business at Synaptics. Synaptics' AudioSmart far-field voice DSPs separate speech signals from background noise and processes only the speech signal for industry-leading speech recognition engine accuracy.
    [Show full text]
  • “Hey Speaker - Why Should I Use You?”
    “HEY SPEAKER - WHY SHOULD I USE YOU?” Exploring the user acceptance of smart speakers by Jonas Hoffmann and Kasper Thuesen Master’s Thesis Business Administration and Information Systems, E-Business Supervision: Ather Nawaz Date of submission: 17th of September 2018 Character count: 222.376 / 97.7 pages Kasper Thuesen, 107905, [email protected] Jonas Hoffmann, 107594, [email protected] Abstract Voice-assistant powered smart speakers are entering private homes by storm, with the purpose of facilitating everyday tasks and simplifying their users’ lives. At the same time, they bring along an array of new challenges due to their purely voice-based interface and their fixed location inside the heart of consumer homes. Motivated by the soaring success of the technology and backed by literature about technology acceptance and user experience, this research investigates what motivates users to continuously use smart speakers in their daily lives and what makes them stop using them. In addition, it explores the gap between expectation and experience for this technology and analyses its influence on smart speaker usage. The research is carried out in two steps. First, 10 selected users are provided with a smart speaker with the task of using the product over the course of four weeks. Consequently, a focus group and several in-depth interviews are conducted with the participants about their experience. The analysis reveals that Usability, Usefulness and Sociality – each consisting of several sub- components – are the main factors that affect smart speaker usage. This research depicts one of the first user-centered analyses of smart speaker usage and opens a door for future research in the area of smart speakers.
    [Show full text]
  • Speciale Officielt
    “I Know They Are Listening”: Understandings of In-Home Physical Digital Assistants Katrine Theilmann Gregersen Aalborg University Aalborg, Denmark [email protected] ABSTRACT physical DAs, leaving out the other physical DAs, such as In recent years, Digital Assistants have become a popular Google Home. Further, just one study was found that dealt topic of discussion in the field of human-computer with physical DAs in the home setting[8]. interaction(HCI) as well as becoming increasingly common in households across the globe. This paper presents findings This study is based a total of 13 semi structured interviews of in-home physical DAs based on semi-structured with participants from different households that are interviews with people from 13 households. The findings everyday users of physical DAs. To broaden the scope this are summarized in seven themes that provide study have included findings from households located in understandings of people’s experience of in-home physical two different countries, Denmark and Japan. These data are DAs. Participants reported similar use cases, motivation analysed using the method of Thematic Network and challenges of their in-home digital assistant. I Analysis(TNA)[9] in which I have derived seven main discovered varying ways the participants’ perceived their themes in this process: 1. Usage; 2. Motivation; 3. Learning in-home physical DA. It was also found that there were how to use in-home DAs; 4. Placement; 5. Challenges; 6. minimal privacy concerns amongst participants in regard to Perception of in-home DA; 7. Trust and Privacy. physical placement of the in-home DAs.
    [Show full text]
  • OSINT Handbook September 2020
    OPEN SOURCE INTELLIGENCE TOOLS AND RESOURCES HANDBOOK 2020 OPEN SOURCE INTELLIGENCE TOOLS AND RESOURCES HANDBOOK 2020 Aleksandra Bielska Noa Rebecca Kurz, Yves Baumgartner, Vytenis Benetis 2 Foreword I am delighted to share with you the 2020 edition of the OSINT Tools and Resources Handbook. Once again, the Handbook has been revised and updated to reflect the evolution of this discipline, and the many strategic, operational and technical challenges OSINT practitioners have to grapple with. Given the speed of change on the web, some might question the wisdom of pulling together such a resource. What’s wrong with the Top 10 tools, or the Top 100? There are only so many resources one can bookmark after all. Such arguments are not without merit. My fear, however, is that they are also shortsighted. I offer four reasons why. To begin, a shortlist betrays the widening spectrum of OSINT practice. Whereas OSINT was once the preserve of analysts working in national security, it now embraces a growing class of professionals in fields as diverse as journalism, cybersecurity, investment research, crisis management and human rights. A limited toolkit can never satisfy all of these constituencies. Second, a good OSINT practitioner is someone who is comfortable working with different tools, sources and collection strategies. The temptation toward narrow specialisation in OSINT is one that has to be resisted. Why? Because no research task is ever as tidy as the customer’s requirements are likely to suggest. Third, is the inevitable realisation that good tool awareness is equivalent to good source awareness. Indeed, the right tool can determine whether you harvest the right information.
    [Show full text]
  • Would Satisfaction with Smart Speakers Transfer Into Loyalty Towards the Smart Speaker Provider?
    A Service of Leibniz-Informationszentrum econstor Wirtschaft Leibniz Information Centre Make Your Publications Visible. zbw for Economics Hwang, ShinYoung Conference Paper Would satisfaction with smart speakers transfer into loyalty towards the smart speaker provider? 22nd Biennial Conference of the International Telecommunications Society (ITS): "Beyond the Boundaries: Challenges for Business, Policy and Society", Seoul, Korea, 24th-27th June, 2018 Provided in Cooperation with: International Telecommunications Society (ITS) Suggested Citation: Hwang, ShinYoung (2018) : Would satisfaction with smart speakers transfer into loyalty towards the smart speaker provider?, 22nd Biennial Conference of the International Telecommunications Society (ITS): "Beyond the Boundaries: Challenges for Business, Policy and Society", Seoul, Korea, 24th-27th June, 2018, International Telecommunications Society (ITS), Calgary This Version is available at: http://hdl.handle.net/10419/190336 Standard-Nutzungsbedingungen: Terms of use: Die Dokumente auf EconStor dürfen zu eigenen wissenschaftlichen Documents in EconStor may be saved and copied for your Zwecken und zum Privatgebrauch gespeichert und kopiert werden. personal and scholarly purposes. Sie dürfen die Dokumente nicht für öffentliche oder kommerzielle You are not to copy documents for public or commercial Zwecke vervielfältigen, öffentlich ausstellen, öffentlich zugänglich purposes, to exhibit the documents publicly, to make them machen, vertreiben oder anderweitig nutzen. publicly available on the internet, or to distribute or otherwise use the documents in public. Sofern die Verfasser die Dokumente unter Open-Content-Lizenzen (insbesondere CC-Lizenzen) zur Verfügung gestellt haben sollten, If the documents have been made available under an Open gelten abweichend von diesen Nutzungsbedingungen die in der dort Content Licence (especially Creative Commons Licences), you genannten Lizenz gewährten Nutzungsrechte.
    [Show full text]
  • The Toon Boon,Digital Comics Are on a Roll in Stony Brook Exhibit
    WEDNESDAY,MARCH 30,2016 B21 N B2 BRENNAN NIEL DA SWEET ENDINGS Thecrème de la crème of desserts on Long Island newsday.com/restaurants B2 PHOTO GALLERY 10 best museums forkids on LI exploreLI newsday.com/museums I eL happyfeet Explor Youdon’t need experienceora partner to getinonthe fun at Swing Dance Long Island’s danceat8p.m. Saturdayatthe SmithtowN Historical Society’s Frank Brush Barn (211 Middle Country Rd.). Brian Lewis and the NewVintageSwing Band provide the tunes. Afew ballroom dances will be in the mix. Arrive30 minutes early foralesson. ADMISSION $15 INFO 631-476-3707, sdli.org CK TO IS govintage Browse crafts, collectibles, DVDs, BRENNAN souvenirs, coins, recordsand more, NIEL 10 a.m.-3 p.m. Sunday at the VFW DA Medford. Students stroll through adisplayofwebtoon artwork in the Charles B. Wang Center at StonyBrook University. ADMISSION Free INFO 516-485-1424 The toon boon Digital comics areonaroll in StonyBrook exhibit BY JANELLE GRIFFITH China, Indonesia, Japan, Taiwan m ‘Webtoon: TheEvolution of [email protected] and Thailand formorethan a co decade,thereisnow agrowing y. da Korean Digital Comics’ outh Korean cartoonists push forwebtoons in Western ws WHEN |WHERE 9a.m.-8 p.m. weekdays, have ditched the strip —as societies, industry experts say. ne noon-8 p.m. weekends through May 31 at farascomics arecon- Long Islanderscan see this new 6 StonyBrook University’s Charles B. Wang cerned. wave of entertainment at the 01 Center,100 Nicolls Rd. S Charles B. Wang Center at Stony Thewebtoon —adigi- ,2 INFO 631-632-4400, tallybased comic createdinSouth Brook Universitywith the free 30 stonybrook.edu/commcms/wang Koreain2003 —continues to exhibit “Webtoon: TheEvolution SPENCER CH ADMISSION Free AR changethe wayreadersengage of Korean Digital Comics,” open KEN ALSO “Korea’s Digital Comics: TheEvolution with traditional comic books.
    [Show full text]