0000000000148851
AUTHOR
Hannu Turtiainen
Brima: Low-Overhead Browser-Only Image Annotation Tool (Preprint)
Image annotation and large annotated datasets are crucial parts within the Computer Vision and Artificial Intelligence this http URL the same time, it is well-known and acknowledged by the research community that the image annotation process is challenging, time-consuming and hard to scale. Therefore, the researchers and practitioners are always seeking ways to perform the annotations easier, faster, and at higher quality. Even though several widely used tools exist and the tools' landscape evolved considerably, most of the tools still require intricate technical setups and high levels of technical savviness from its operators and crowdsource contributors. In order to address such challenge…
On the (In)Security of 1090ES and UAT978 Mobile Cockpit Information Systems : An Attacker Perspective on the Availability of ADS-B Safety- and Mission-Critical Systems
Automatic dependent surveillance-broadcast (ADS-B) is a key air surveillance technology and a critical component of next-generation air transportation systems. It significantly simplifies aircraft surveillance technology and improves airborne traffic situational awareness. Many types of mobile cockpit information systems (MCISs) are based on ADS-B technology. MCIS gives pilots the flight and traffic-related information they need. MCIS has two parts: an ADS-B transceiver and an electronic flight bag (EFB) application. The ADS-B transceivers transmit and receive the ADS-B radio signals while the EFB applications hosted on mobile phones display the data. Because they are cheap, lightweight, an…
Towards CCTV-aware Routing and Navigation for Privacy, Anonymity, and Safety - Feasibility Study in Jyväskylä
AbstractIn order to withstand the ever-increasing invasion of privacy by CCTV cameras and technologies, on par CCTV-aware solutions must exist that provide privacy, safety, and cybersecurity features. We argue that a first important step towards such CCTV-aware solutions must be a mapping system (e.g., Google Maps, OpenStreetMap) that provides both privacy and safety routing and navigation options. Unfortunately, to the best of our knowledge, there are no mapping nor navigation systems that support CCTV-privacy and CCTV-safety routing options. At the same time, in order to move the privacy vs. safety debate related to CCTV surveillance cameras from purely subjective to data-driven and evide…
BRIMA : Low-Overhead Browser-Only Image Annotation Tool
Image annotation and large annotated datasets are crucial parts within the Computer Vision and Artificial Intelligence fields. At the same time, it is well-known and acknowledged by the research community that the image annotation process is challenging, time-consuming and hard to scale. Therefore, the researchers and practitioners are always seeking ways to perform the annotations easier, faster, and at higher quality. Even though several widely used tools exist and the tools’ landscape evolved considerably, most of the tools still require intricate technical setups and high levels of technical savviness from its operators and crowdsource contributors.In order to address such challenges, w…
CCTV-FullyAware: toward end-to-end feasible privacy-enhancing and CCTV forensics applications
It is estimated that over 1 billion Closed-Circuit Television (CCTV) cameras are operational worldwide. The advertised main benefits of CCTV cameras have always been the same; physical security, safety, and crime deterrence. The current scale and rate of deployment of CCTV cameras bring additional research and technical challenges for CCTV forensics as well, as for privacy enhancements. This paper presents the first end-to-end system for CCTV forensics and feasible privacy-enhancing applications such as exposure measurement, CCTV route recovery, CCTV-aware routing/navigation, and crowd-sourcing. For this, we developed and evaluated four complex and distinct modules (CCTVCV [1], OSRM-CCTV [2],…
On Apache Log4j2 Exploitation in Aeronautical, Maritime, and Aerospace Communication
Apache Log4j2 is a prevalent logging library for Java-based applications. In December 2021, several critical and high-impact software vulnerabilities, including CVE-2021-44228, were publicly disclosed, enabling remote code execution (RCE) and denial of service (DoS) attacks. To date, these vulnerabilities are considered critical and the consequences of their disclosure far-reaching. The vulnerabilities potentially affect a wide range of internet of things (IoT) devices, embedded devices, critical infrastructure (CI), and cyber-physical systems (CPSs). In this paper, we study the effects and feasibility of exploiting these vulnerabilities in mission-critical aviation and maritime environment…
Cybersecurity Attacks on Software Logic and Error Handling Within ADS-B Implementations: Systematic Testing of Resilience and Countermeasures
Automatic Dependent Surveillance-Broadcast (ADS-B) is a cornerstone of the next-generation digital sky and is now mandated in several countries. However, there have been many reports of serious security vulnerabilities in the ADS-B architecture. In this paper, we demonstrate and evaluate the impact of multiple cyberattacks on ADS-B via remote radio frequency links that affected various network, processing, and display subsystems used within the ADS-B ecosystem. Overall we implemented and tested 12 cyberattacks on ADS-B in a controlled environment, out of which 5 attacks were presented or implemented for the first time. For all these attacks, we developed a unique testbed that consisted of 1…
CCTVCV: Computer Vision model/dataset supporting CCTV forensics and privacy applications
The increased, widespread, unwarranted, and unaccountable use of Closed-Circuit TeleVision (CCTV) cameras globally has raised concerns about privacy risks for the last several decades. Recent technological advances implemented in CCTV cameras, such as Artificial Intelligence (AI)-based facial recognition and Internet of Things (IoT) connectivity, fuel further concerns among privacy advocates. Machine learning and computer vision automated solutions may prove necessary and efficient to assist CCTV forensics of various types. In this paper, we introduce and release the first and only computer vision models are compatible with Microsoft common object in context (MS COCO) and capable of accurately…
Cybersecurity Attacks on Software Logic and Error Handling Within AIS Implementations: A Systematic Testing of Resilience
To increase situational awareness of maritime vessels and other entities and to enable their exchange of various information, the International Maritime Organization mandated the use of the Automatic Identification System (AIS) in 2004. The AIS is a self-reporting system that uses the VHF radio link. However, any radio-based self-reporting system is prone to forgery, especially in situations where authentication of the message is not designed into the architecture. As AIS was designed in the 1990s when cyberattacks were in their infancy, it does not implement authentication or encryption; thus, it can be seen as fundamentally vulnerable against modern-day cyberattacks. This paper demonstrat…
GDL90fuzz: Fuzzing - GDL-90 Data Interface Specification Within Aviation Software and Avionics Devices–A Cybersecurity Pentesting Perspective
As the core part of next-generation air transportation systems, the Automatic Dependent Surveillance-Broadcast (ADS-B) is becoming very popular. However, many (if not most) ADS-B devices and implementations support and rely on Garmin’s GDL-90 protocol for data exchange and encapsulation. In this paper, we research GDL-90 protocol fuzzing options and demonstrate practical Denial-of-Service (DoS) attacks on popular Electronic Flight Bag (EFB) software operating on mobile devices. For this purpose, we specifically configured our own avionics pentesting platform. and targeted the popular Garmin’s GDL-90 protocol as the industry-leading devices operate on it. We captured legitimate traffic from …
HALE-IoT: HArdening LEgacy Internet-of-Things devices by retrofitting defensive firmware modifications and implants
Internet-Of-Things (IoT) devices and their firmware are notorious for their lifelong vulnerabilities. As device infection increases, vendors also fail to release patches at a competitive pace. Despite security in IoT being an active area of research, prior work has mainly focused on vulnerability detection and exploitation, threat modelling, and protocol security. However, these methods are ineffective in preventing attacks against legacy and End-Of-Life devices that are already vulnerable. Current research mainly focuses on implementing and demonstrating the potential of malicious modifications. Hardening emerges as an effective solution to provide IoT devices with an additional layer of d…