6,080 research outputs found

    The Viability and Potential Consequences of IoT-Based Ransomware

    Get PDF
    With the increased threat of ransomware and the substantial growth of the Internet of Things (IoT) market, there is significant motivation for attackers to carry out IoT-based ransomware campaigns. In this thesis, the viability of such malware is tested. As part of this work, various techniques that could be used by ransomware developers to attack commercial IoT devices were explored. First, methods that attackers could use to communicate with the victim were examined, such that a ransom note was able to be reliably sent to a victim. Next, the viability of using "bricking" as a method of ransom was evaluated, such that devices could be remotely disabled unless the victim makes a payment to the attacker. Research was then performed to ascertain whether it was possible to remotely gain persistence on IoT devices, which would improve the efficacy of existing ransomware methods, and provide opportunities for more advanced ransomware to be created. Finally, after successfully identifying a number of persistence techniques, the viability of privacy-invasion based ransomware was analysed. For each assessed technique, proofs of concept were developed. A range of devices -- with various intended purposes, such as routers, cameras and phones -- were used to test the viability of these proofs of concept. To test communication hijacking, devices' "channels of communication" -- such as web services and embedded screens -- were identified, then hijacked to display custom ransom notes. During the analysis of bricking-based ransomware, a working proof of concept was created, which was then able to remotely brick five IoT devices. After analysing the storage design of an assortment of IoT devices, six different persistence techniques were identified, which were then successfully tested on four devices, such that malicious filesystem modifications would be retained after the device was rebooted. When researching privacy-invasion based ransomware, several methods were created to extract information from data sources that can be commonly found on IoT devices, such as nearby WiFi signals, images from cameras, or audio from microphones. These were successfully implemented in a test environment such that ransomable data could be extracted, processed, and stored for later use to blackmail the victim. Overall, IoT-based ransomware has not only been shown to be viable but also highly damaging to both IoT devices and their users. While the use of IoT-ransomware is still very uncommon "in the wild", the techniques demonstrated within this work highlight an urgent need to improve the security of IoT devices to avoid the risk of IoT-based ransomware causing havoc in our society. Finally, during the development of these proofs of concept, a number of potential countermeasures were identified, which can be used to limit the effectiveness of the attacking techniques discovered in this PhD research

    Design Justice Principles and Do-It-Yourself Assistive Technology: Case Study

    Get PDF
    In this project, we focus on the Principles of Design Justice, as developed by the Design Justice Network, a community committed to challenging structural inequalities of design. Our thesis research project is aligned with the premise of user-centered design and the situated knowledge in third paradigm of HCI. We examine some of the current processes for Do-It-Yourself Assistive Technology (DIY-AT) development and deployment using the works of Makers Making Change (MMC). MMC connects the makers of DIY-AT devices to people who need AT devices. We also examine the impacts of the ongoing COVID-19 pandemic on the need for DIY-AT and the challenges it might have caused. Our findings include MMC's positive impact regarding DIY-AT service delivery, engaging local makers into making DIY-AT, and a modest job in integrating Design Justice Principles. The findings of our study also suggest an increase in the demand for AT due to the pandemic

    A productive response to legacy system petrification

    Get PDF
    Requirements change. The requirements of a legacy information system change, often in unanticipated ways, and at a more rapid pace than the rate at which the information system itself can be evolved to support them. The capabilities of a legacy system progressively fall further and further behind their evolving requirements, in a degrading process termed petrification. As systems petrify, they deliver diminishing business value, hamper business effectiveness, and drain organisational resources. To address legacy systems, the first challenge is to understand how to shed their resistance to tracking requirements change. The second challenge is to ensure that a newly adaptable system never again petrifies into a change resistant legacy system. This thesis addresses both challenges. The approach outlined herein is underpinned by an agile migration process - termed Productive Migration - that homes in upon the specific causes of petrification within each particular legacy system and provides guidance upon how to address them. That guidance comes in part from a personalised catalogue of petrifying patterns, which capture recurring themes underlying petrification. These steer us to the problems actually present in a given legacy system, and lead us to suitable antidote productive patterns via which we can deal with those problems one by one. To prevent newly adaptable systems from again degrading into legacy systems, we appeal to a follow-on process, termed Productive Evolution, which embraces and keeps pace with change rather than resisting and falling behind it. Productive Evolution teaches us to be vigilant against signs of system petrification and helps us to nip them in the bud. The aim is to nurture systems that remain supportive of the business, that are adaptable in step with ongoing requirements change, and that continue to retain their value as significant business assets

    Chinese Benteng Women’s Participation in Local Development Affairs in Indonesia: Appropriate means for struggle and a pathway to claim citizen’ right?

    Get PDF
    It had been more than two decades passing by aftermath the devastating Asia’s Financial Crisis in 1997, subsequently followed by Suharto’s step down from his presidential throne which he occupied for more than three decades. The financial turmoil turned to a political disaster furthermore has led to massive looting that severely impacted Indonesians of Chinese descendant, including unresolved mystery of the most atrocious sexual violation against women and covert killings of students and democracy activists in this country. Since then, precisely aftermath May 1998, which publicly known as “Reformasi”1, Indonesia underwent political reform that eventually corresponded positively to its macroeconomic growth. Twenty years later, in 2018, Indonesia captured worldwide attention because it has successfully hosted two internationally renowned events, namely the Asian Games 2018 – the most prestigious sport events in Asia – conducted in Jakarta and Palembang; and the IMF/World Bank Annual Meeting 2018 in Bali. Particularly in the IMF/World Bank Annual Meeting, this event has significantly elevated Indonesia’s credibility and international prestige in the global economic powerplay as one of the nations with promising growth and openness. However, the narrative about poverty and inequality, including increasing racial tension, religious conservatism, and sexual violation against women are superseded by friendly climate for foreign investment and eventually excessive glorification of the nation’s economic growth. By portraying the image of promising new economic power, as rhetorically promised by President Joko Widodo during his presidential terms, Indonesia has swept the growing inequality in this highly stratified society that historically compounded with religious and racial tension under the carpet of digital economy.Arte y Humanidade

    Managing global virtual teams in the London FinTech industry

    Get PDF
    Today, the number of organisations that are adopting virtual working arrangements has exploded, and the London FinTech industry is no exception. During recent years, FinTech companies have increasingly developed virtual teams as a means of connecting and engaging geographically dispersed workers, lowering costs, and enabling greater speed and adaptability. As the first study in the United Kingdom regarding global virtual team management in the FinTech industry, this DBA research seeks answers to the question, “What makes for the successful management of a global virtual team in the London FinTech industry?”. Straussian grounded-theory method was chosen as this qualitative approach lets participants have their own voice and offers some flexibility. It also allows the researcher to have preconceived ideas about the research undertaking. The research work makes the case for appreciating the voice of people with lived experiences. Ten London-based FinTech Managers with considerable experience running virtual teams agreed to take part in this study. These Managers had spent time working at large, household-name firms with significant global reach, and one had recently become founder and CEO of his own firm, taking on clients and hiring contract staff from around the world. At least eight of the other participants were senior ‘Heads’ of various technology teams and one was a Managing Director working at a ‘Big Four’ consultancy. They had all (and many still did) spent years running geographically distributed teams with members as far away as Pacific Asia and they were all keen to discuss that breadth of experience and the challenges they faced. Results from these in-depth interviews suggested that there are myriad reasons for a global virtual team, from providing 24 hour, follow-the-sun service to locating the most cost-effective resources with the highest skills. It also confirmed that there are unique challenges to virtual management and new techniques are required to help navigate virtual managers through them. Managing a global virtual team requires much more than the traditional management competencies. Based on discussion with the respondents, a set of practical recommendations for global virtual team management was developed and covered a wide range of issues related to recruitment and selection, team building, developing standard operating procedures, communication, motivation, performance management, and building trust

    Empowering People Living with Dementia Through Designing

    Get PDF
    The ‘wicked problem’ (Rittel and Webber, 1973) of dementia is a leading global healthcare concern. The prevalence of diagnosis is increasing significantly and correlats with longer life expectancy (Spijker and Macinnes, 2013). In the UK has an estimated 850,000 people living with dementia (PLWD). For whom the greatest burden of care is placed on loved ones and privately funded approaches (Alzheimer Society, 2015). The result can be hugely challenging for the person diagnosed with dementia and their loved ones, leading to further issues of ill-health (Marriot, 2009). The Prime Minister’s challenge on dementia (2012) has encouraged development of multi-faceted responses and interventions to deliver improvements in care and research. As a result, designers have been encouraged to become skilled specialists engaged in thinking differently around dementia and the associated problems. This research explores co-design (Scrivener, 2005) with people living with dementia in order to understand their complex problems, and to propose and to shape interventions or solutions that can alleviate pressures which include, social isolation, stress, infantilisation and a sense of hopelessness (Kitwood, 1990). Through fifteen projects achieved within series of co-design workshops, the research explores empowerment of PLWD through their own advocacy. The research shares how co-design can be an enduring process that stimulates new behaviours and memories whilst building resilience and keeping people active in society. Which, ultimately asks questions as to how common practices of co-design can change hierarchy and ownership in order to transform practices of design done ‘to’or ‘for’ PLWD to integrated projects ‘with’ and ‘by’ them. The results propose that people living with dementia can maintain highly significant efficacy in shaping lived experiences, making decisions, building relationships, and producing impactful designs. The resultant projects and proceses supports their right to make decisions and to develop their own prowess through meaningful, deeply involved, and astutely delivered designs

    Trust and transparency in an age of surveillance

    Get PDF
    Investigating the theoretical and empirical relationships between transparency and trust in the context of surveillance, this volume argues that neither transparency nor trust provides a simple and self-evident path for mitigating the negative political and social consequences of state surveillance practices. Dominant in both the scholarly literature and public debate is the conviction that transparency can promote better-informed decisions, provide greater oversight, and restore trust damaged by the secrecy of surveillance. The contributions to this volume challenge this conventional wisdom by considering how relations of trust and policies of transparency are modulated by underlying power asymmetries, sociohistorical legacies, economic structures, and institutional constraints. They study trust and transparency as embedded in specific sociopolitical contexts to show how, under certain conditions, transparency can become a tool of social control that erodes trust, while mistrust - rather than trust - can sometimes offer the most promising approach to safeguarding rights and freedom in an age of surveillance. The first book addressing the interrelationship of trust, transparency, and surveillance practices, this volume will be of interest to scholars and students of surveillance studies as well as appeal to an interdisciplinary audience given the contributions from political science, sociology, philosophy, law, and civil society

    Issues Management of Compounding Wicked Problems by Critical Infrastructure Utilities: Cybersecurity and COVID-19

    Get PDF
    “Wicked problems” present issues managers in public relations with complex challenges and no definitive resolutions. Multiple concurrent wicked problems may compound these challenges. This study extends understanding of how issues managers address compounding wicked problems with a multiple-case study. The multiple-case study focuses on the experiences of issues managers at public cooperative electric distribution utilities and includes interviews with issues management personnel at multiple levels of oversight and influence, including regional, national, and federal organizations. Interviews with issues managers explore strategies for identifying and addressing wicked problems and reactions to messaging from other organizations. Examination of publicly available organizational communications and media triangulate conclusions. This study illustrated that compounding wicked problems require issues management, issues managers do not directly address the wicked problem(s), education alone or enforced by policy did not produce lasting changes in behavior advocated to publics, that study of compounding problems requires the problems also have common publics; and issues management by critical infrastructure seeks cocreation. Specific observations include that cultivated networks of communication improved perceptions of legitimacy in sources of information and guidance, attempts to convey legitimacy from the cultivated network to other publics were not successful, utilities were subject to and responded to power imposed upon them by state authorities, and that utilities relied heavily on establishing organizational legitimacy with member/owner publics when communicating about changes resulting from external influences of either legitimacy or power. In addition, this study illustrated that resilience is the overwhelming priority of critical infrastructure utilities when responding to wicked problems, and both supply chain and utility personnel play indispensable roles in organizational resilience. This study extends existing issues management literature of critical infrastructure utilities, which are currently under-represented in issues management literature

    The geographies of care and training in the development of assistance dog partnerships

    Get PDF
    Human-assistance-dog partnerships form a significant phenomena that have been overlooked in both animal geographies and disability geographies. By focusing on one Assistance Dogs UK (ADUK) charity, ‘Dog A.I.D’., a charity that helps physically disabled and chronically ill people to train their own pets to be assistance dogs, I detail the intimate entangled lifeworlds that humans and dogs occupy. In doing so, I also dialogue between the sub-disciplinary fields of animal geographies and disability geographies, by exploring two broad thematic areas – embodiment and care. As such, this thesis examines the geographies of assistance dog partnership, the care and training practices involved, the benefits and challenges of sharing a lifeworld with a different species, and the changing relationship from a human-pet bond to a human-assistance-dog partnership. Drawing on lived experience and representations of assistance dog partnerships gathered through qualitative (and quantitative) research methods, including a survey, semi-structured interviews (face-to-face, online, and telephone), video ethnography, and magazine analysis, I contribute to research on the assistance dog partnerships and growing debates around the more-than-human nature of care. The ethnomethodological approach to exploring how training occurs between disabled human and assistance dog is also noteworthy as it centres the lively experiences of practice at work between species. The thesis is organised around interconnected themes: the intimate worlds of assistance dog partnerships, working bodies, and caring relations. These thematics allow for a geographical interpretation into the governance, spatial organisation, and representations of dog assistance partnerships. I also explore the training cultures of Dog A.I.D. whilst also spotlighting the lived experiences of training through the early stages of ‘socialisation’, ‘familiarisation’, ‘life skills training’, through to ‘task work’. Finally, the thesis focuses on the practices of care that characterise the assistance dog partnership, showing how care is provided and received by both human and nonhuman. I pay attention to the complex potentiality of the partnership, illustrating how dogs are trained to assist, but also how dogs appear to embody lively, agentic, moments of care. The thesis contributes original work which speaks to animal and disability geographies and attends to the multiple geographies of care-full cross-species lives
    corecore