Best 10 Embedded Systems Courses

Some of us want to learn about Embedded Systems but want to follow a recommended route 

And we bring to you some of best course about Embedded Systems 

1. Embedded Systems Course| edX
2. Embedded Systems Engineering- UCI Extension
3. Embedded Hardware and Operating Systems | Coursera
4. Embedded System Diploma | AMIT-Learning
5. German University in Cairo - Embedded Systems Course
6. Computek Training Center - Embedded Systems
7. Online Certificate in Embedded Systems Technology - CSU Online
8. Embedded Systems | Udacity
9. Free online course on Embedded Systems - EE Herald
10. multisoftvirtualacademy

SCADA Vulnerabilities Allow Ransomware Attacks

Security researchers alert that crooks and other malicious actors can hijack mission-critical control systems that don’t pose an obvious risk and use them for their attacks.

Nowadays, ransomware is more and more used by hackers to make an illegitimate profit by encrypting individuals` and business data. However, experts also warn that there is a possibility of ransomware developers to start targeting industrial control systems (ICS) as well.

The CRITIFENCE security company and the team at the Georgia Institute of Technology created a Proof-of-concept (PoC) ransomware, designed specially for ICS attacks, which rely on programmable logic controllers (PLCs).

Usually, the controllers are critical for operations and are an easy target for threat actors. However, on Thursday, at SecurityWeek’s 2017 Singapore ICS Cyber Security Conference, the ICS security consultant at Applied Risk, Alexandru Ariciu, revealed a different potential target. Ariciu demonstrated ransomware attacks, which he called “Scythe”, able to target inconspicuous and less risky SCADA devices.

The names of the targets are not revealed but Ariciu describes the affected devices as several types of I/O systems which stand between OPC servers and field devices. The devises run a web server and are powered by an embedded operating system. Ariciu says that a large number of these systems are unprotected and easily accessible online, which allows crooks to hijack them by replacing their firmware with a malicious one.

The demonstration of the attack which Applied Risk developed begins with the attacker performing s Web scan for potential targets. According to Ariciu, most of the devices can be found via the Shodan and Google search engines. The researcher tested four different devices from four different vendors and found out almost 10,000 systems which can be easily accessed through the Internet as they don’t have any authentication mechanism.

Ariciu says that the malicious actor could find devices which are widely used and focus on them. When a device is infected, the attacker would first have to acquire the device and conduct hardware debugging on it to find out how exactly does it work. Even though the attack process is the same for all devices, the exploit needs to be customized for each different device.

The Applied Risk company needed three months in order to determine how reach device works and how it can be attacked. Ariciu explained that the hands-on analysis is necessary to create and exploit but after that, the attack can be launched remotely on devices that are accessible from the Internet.

The attack itself is based on a firmware validation bypass vulnerability that is used to replace the original firmware with a malicious one. In the Applied Risk`s attack scenario, the attacker connects to the interface of the targeted device, creates a backup of the configuration and then install firmware with disrupts regular processes.

When the victim accesses the targeted device for analysis they see a ransomware message and realize that the device has been disconnected. The attacker can “disable” the firmware configuration update functionality so that the victim could not restore the firmware. Moreover, the “restore factory settings” feature doesn’t help too as it neither stops the attack nor restores the original firmware but it even if it did, the hacker could easily disable it as well.

WannaCry: What is ransomware and how to avoid it

 Malicious software or "ransomware" has been used in a massive hacking attack, affecting tens of thousands of computers worldwide.

Software security companies said a ransomware worm called "WannaCry" infected about 57,000 computer systems in 99 countries on Friday, with Russia, Ukraine, and Taiwan being the top targets.

The hack forced British hospitals to turn away patients, affected Spanish companies such as Telefonica, and threw other government agencies and businesses into chaos.

How it works:

WannaCry is a form of ransomware that locks up files on your computer and encrypts them in a way that you cannot access them anymore.

It targets Microsoft's widely used Windows operating system.

When a system is infected, a pop-up window appears with instructions on how to pay a ransom amount of $300.

The pop-up also features two countdown clocks; one showing a three-day deadline before the ransom amount doubles to $600; another showing a deadline of when the target will lose its data forever.

Payment is only accepted in bitcoin.

The ransomware's name is WCry, but analysts are also using variants such as WannaCry.

A hacking group called Shadow Brokers released the malware in April claiming to have discovered the flaw from the US' National Security Agency (NSA), according cyber-security providers.

How it spreads:

Ransomware is a programme that gets into your computer, either by clicking or downloading malicious files. It then holds your data as ransom.

Some security researchers say the infections in the case of WannaCry seem to be deployed via a worm, spreading by itself within a network rather than relying on humans to spread it by clicking on an infected attachment.

The programme encrypts your files and demands payment in order to regain access.

Security experts warn there is no guarantee that access will be granted after payment.

Some forms of ransomware execute programmes that can lock your computer entirely, only showing a message to make payment in order to log in again.

Others create pop-ups that are difficult or impossible to close, rendering the machine difficult or impossible to use.

Where it has spread:

Researchers with security software maker Avast said Russia, Ukraine, and Taiwan were the top targets of the attack, but dozens of other countries also reported system infections.

James Scott, from the Washington DC-based Institute of Critical Infrastructure Technology, said ransomware emerged "as an epidemic" back in 2016. He said the healthcare sector was particularly vulnerable because of poor digital security knowledge.

"The staff have no cyber-hygiene training, they click on phishing links all the time. The sad thing is they weren't backing up their data properly either, so that's a big problem. They should be doing that all the time," Scott told Al Jazeera.

"Everyone's vulnerable right now because you're only as strong as your weakest link within your organisation from a cyber-perspective."

What can you do to prevent infection:

According to Microsoft's Malware Protection Center, here are the steps you should take to protect yourself against ransomware:

- Install and use an up-to-date antivirus solution (such as Microsoft Security Essentials)

- Make sure your software is up-to-date

- Avoid clicking on links or opening attachments or emails from people you don't know or companies you don't do business with

- Ensure you have smart screen (in Internet Explorer) turned on, which helps identify reported phishing and malware websites and helps you make informed decisions about downloads

- Have a pop-up blocker running on your web browser

- Regularly backup your important files

WannaCry 'kill switch'

On Saturday, a cybersecurity researcher told AFP news agency that he had discovered a "kill switch" that can prevent the spread of WannaCry.

The researcher, tweeting as @MalwareTechBlog, said the discovery was accidental, but that registering a domain name used by the malware stops it from spreading.

Unfortunately computers already affected will not be helped by the solution.

@MalwareTechBlog warned that the "crisis isn't over" as those behind it "can always change the code and try again".

"I will confess that I was unaware registering the domain would stop the malware until after I registered it, so initially it was accidental," @MalwareTechBlog tweeted.

"So long as the domain isn't revoked, this particular strain will no longer cause harm, but patch your systems ASAP as they will try again."

Samsung Electronics to announce personnel moves for components business separately

South Korea's Samsung Electronics Co Ltd said on Thursday it plans to make a separate announcement about executive reshuffles at its components businesses.

The firm earlier on Thursday announced new appointments for product businesses such as smartphones and televisions.

A Samsung spokeswoman declined to comment on when similar announcements for other businesses such as semiconductors and displays will be made.

Scientists explore radical changes in electronics materials

Researchers have developed a biodegradable polymer for electronics, which could complicate e-scrap recycling if it were ever adopted for widespread use.

Conducted by researchers from Stanford University, the University of California, Santa Barbara and Hewlett-Packard Enterprise, the study aimed to cut down on mounting volumes of e-scrap. The team approached that goal by developing a semiconductive polymer that would decompose, which the researchers said has not been produced before.

They also looked at the use of iron rather than gold as an electronic component. The study further explored a cellulose substrate material on which to mount the components.

“Using an ultrathin biodegradable substrate, we successfully fabricated polymer transistors and logic circuits that show high performance and are ultralightweight, but they can be fully disintegrable,” the team wrote in a paper on its findings. “Our work significantly advances organic materials to enable environmentally friendly and biointegrated electronic applications.”

The resulting electronic device was flexible and degradable using a weak acid such as vinegar, according to a Stanford news release.

The researchers noted their findings’ significance for certain electronics, including wearable technology and implants inside humans, as well as electronic monitoring devices that are dropped into remote areas.

Microsoft wants Windows to play nice with iPhone and Android, announces fall update for operating system

Microsoft Corp. unveiled an update to Windows 10, adding key features that are likely to benefit users of gadgets that run rival mobile operating systems iOS and Android.

The features, which will be part of an upgrade for the computer operating system this fall, will let people sync different devices, Microsoft officials said in a briefing before they introduced the software. For example, users will be able to share information saved on a clipboard, or pick up tasks on one machine that were left off on another. ITunes, Apple Inc.’s music app, also is going to be available in the Windows App Store, Microsoft said.

The software maker is embracing more fully the notion that customers use multiple devices and that many, particularly the mobile gadgets, don’t run Windows. While Chief Executive Officer Satya Nadella pushed the Office and applications business to focus on versions for rival mobile operating systems three years ago, the role of Windows in that new world has been an open question. Now, Windows will engage with its competitors and look for ways to make customers’ experience with those devices better, the Redmond, Washington-based company said.

“In our fall update, for the first time Windows 10 will love all of your devices,” said Joe Belfiore, a Microsoft vice president for Windows software.

Microsoft Windows 10 S Update: New Version Faces Deal-Breaking Major Issue

The Microsoft Windows 10 S update shows that the popular operating system now faces a deal-breaking issue that could potentially push current and future users away. Windows is undoubtedly one of the most popular operating systems that's being utilized by computers worldwide.

Despite Microsoft's numerous attempts in coming up with update fixes to their OS, there always seems to be trade-offs. The recent Microsoft Windows 10 S is of no exception, given that it now presents users more problems than solutions.

According to Forbes, Microsoft will allow software to be installed on the new platform only if it comes straight from the official Windows store. This means users won't be able to install any other software coming from alternative third-party stores.

Furthermore, the source mentioned that only web browsers utilizing the appropriate Windows Platform engines will be allowed on the store. This makes popular web browsers such as Google Chrome, Firefox and Opera not qualified for the Windows Store unless they re-code the core of their entire browser.

When the new Microsoft Windows 10 S update was announced, it promised to be a cheaper and faster version of the famous operating system. However, the recent revelation only makes this updated version one that is a lot harder to utilize.

Not only is the Windows Store lacking when it comes to Apps, limiting users to such a small selection takes away one of the operating system's biggest selling points. Users revel on the sheer amount of freedom and customization that the Windows platform offers.

Unfortunately, the Microsoft Windows 10 S update takes away that freedom and actually limits and constraints users instead of giving them more options. According to CNBC, there's now 500 million devices that use Windows 10, which means Microsoft is now halfway from reaching their 1 billion goal.

However, the recent restrictions found in the Microsoft Windows 10 S update could deter future users from installing the OS on their devices. These limitations set by Microsoft in their new OS version could very well hinder the tech giant from reaching their 1 billion goal, or at least stall the process significantly. 

Fedora Linux getting native MP3 support, but who really cares?

Fedora is a wonderful Linux distribution, as it is both stable and modern. One of the biggest selling points of the operating system is that is relies on truly free open source software. This means it won't have patented or closed-source non-free packages by default. Of course, in-the-know Fedora users often added these needed packages after the fact by using third-party repositories, such as RPM Fusion.

Over the years, one of the biggest pain points for Fedora was a lack of MP3 playback due to its FOSS focus. For someone switching from Windows or Mac, it could be very surprising and upsetting that they couldn't do something as simple as play a song, or rip/convert a CD to MP3. This will soon become a thing of the past, as both MP3 decoding and encoding are coming to the operating system by default. Unfortunately, this is a case of "too little too late," as the concept of storing music locally is becoming obsolete.

"Both MP3 encoding and decoding will soon be officially supported in Fedora. Last November the patents covering MP3 decoding expired and Fedora Workstation enabled MP3 decoding via the mpg123 library and GStreamer. This update allowed users with the gstreamer1-plugin-mpg123 package installed on their systems to listen to MP3 encoded music," says James Hogarth, Fedora Project.

Hogarth also says, "A couple of weeks ago IIS Fraunhofer and Technicolor terminated their licensing program and just a few days ago Red Hat Legal provided the permission to ship MP3 encoding in Fedora. There will be a bit of time whilst package reviews are carried out and tools that are safe to add are identified, as only MP3 is cleared and not other MPEG technologies. However, it will soon be possible to convert physical media or other formats to MP3 in Fedora without 3rd party repositories."

In 2017, streaming music is all the rage, making this news very bittersweet. Yeah, it's cool that the operating system will finally get full MP3 support going forward, buy who really cares at this point? Linux users would be wise to just embrace web-based streaming solutions like Spotify or Google Play Music All Access.

The addition of MP3 decoding and encoding is not pointless, however, as some users may have older MP3s that are not available on streaming services, including files they created themselves. This could be from CDs, vinyl, or live recordings. There are even some new downloads that cannot be found on streaming, such as the new MC Chris "Apple Bum" album I bought this week. In the above image, you can see me playing it on Fedora 26 with Audacious. So yeah, some people will care.

Are you happy to get native MP3 encoding and decoding in Fedora, or is it no longer important to you? Tell me in the comments below.

Microsoft Surface comes with Windows 10 S

These days, Microsoft has released a couple of new things for its customers. We are talking about a new Surface laptop that rolls a new kind of operating system, the Windows 10 S.

The new Microsoft Surface laptop will be available at the price of 999 dollars, and it is recommended for students and executives. “Societal change requires more than technology,” wrote Satya Nadella, CEO of Microsoft, in a statement.

“I’m here today as a heretic,” declared Satya Nadella this week at a special event held in New York City. He was there to promote Microsoft’s massive education push.

Surprisingly, he said nothing about teachers and parents, who can also be the key to children’s education.

However, we agree that putting the right tools in the hands of kids also represents an important tool for their education.

Moving forward, it seems that Microsoft is coming with a new laptop and a new operating system. Of course, the star of this release is the new Windows 10 S.

This new operating system has the mission to compete with Google’s increasingly popular ChromeOS.

We are talking about budget devices here. The result of the Microsoft’s new OS? Well, as for interface it looks a lot like Windows 10, but in the end they are two very different operating systems. Let’s find out more.

We start with the good things about the new Windows 10 S. The biggest selling point to this new OS is the performance. If customers are wondering for what “S” stands out, well it stands out for “Speed.”

So, this means that the new Windows 10 S is very fast. The company claims that this OS will boot in just 15 seconds, which is amazing.

The new 10 S is built from the same core as the original Windows, but it is running on lesser hardware configurations. This means that it is able to run on cheaper PCs, which is another good thing, especially for customers who don’t want to spend more on a laptop.

To be added that the new Windows 10 S can be installed via USB with preconfigured options. This is another huge plus, especially for students, because it is a big time saver. Moving forward, we must add that Microsoft declared that the new Windows 10 S is a big battery life saver.

The company claims that the new Surface Laptop that runs the 10 S can go up to approximately 14 hours on a single charge. To be added that the new laptop comes with a 13-inch 1080 touchscreen display.

In the end, we must say that the new Windows 10 S is not only milk and sugar. Because, this new OS also comes with a few limitations.
For example, the new Windows 10 S wouldn’t run software that users will have to install from the desktop. This means that users will not have Firefox, iTunes, or Chrome.

Android 8.0 Beta to Arrive Sooner than Expected According to Google

For various PC problems, we recommend to use this tool.

This tool will repair most computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Quickly fix PC issues and prevent others from happening with this software:

1. Download ReimagePlus (100% safe download and endorsed by us).
2. Click “Start Scan” to find Windows issues that could be causing PC problems.
3. Click “Repair All” to fix all issues.

As all Android fans already know, Google’s latest Nougat operating system is running on cold fumes. What we mean by this is that Android 7.0 Nougat is going to be replaced soon enough. It all started as a rumor but then Google decided to stop keeping things under wraps and unveil that it’s already adding the finishing touches to the developer preview of Android 8.0. Even better, Google’s Senior VP has already hinted that the upcoming operating system is going to be codenamed Oreo.

Android 8.0 Release

Google has made a tradition to launch new operating systems during its annual developer conference “Google I/O” event but this time the Android parent is taking a different route. According to Google, Android 8.0 is closer that we might think. Even though many might be upset that Nougat OS is coming to an end, Google is going to make sure that Android 8.0 is so much better than it.

Google Statement

In regards to Android 8.0’s launch date Google stated the following in an interview: “Thank you for your interest in the Android Beta Programme. The beta for Android Nougat has concluded, and all devices that were opted in have been updated to the current public version”. Google has also added the following: “If you are still running a beta version of Nougat you may download the latest full OTA image for your device and sideload it. This will not wipe your device. We’ll update this site when the Android O Beta Programme beings”.

Public Version

In order to make things clear, we have to mention that Google is talking about the beta version of Android O. This means that we still have to wait a few more months until the public version finally comes out. Rumor has it that Google wants to launch the new operating system alongside the highly anticipated Pixel 2 smartphone.

This is highly plausible since Google will ensure Pixel 2’s success by pairing it with its latest operating system. As many might already know, Pixel smartphones are known for representing the best that Google has to offer and equipping them with Android O is highly likely to happen.

How secure operating systems can help protect endpoints

Endpoints are often the weakest links in any IT system, but protecting them effectively now means much more than simply guarding against malware.

As businesses rely more on the cloud and on web-based applications, the endpoint provides a gateway that can be vulnerable to attack.

Data security specialist Becrypt is taking an innovative approach with the use of a secure operating system to verify the integrity of devices. We spoke to Bernard Parsons, CEO of the company, to find out more.

BN: What are the key areas that protection is now focusing on, is it mainly encryption?

BP: Part of it is encryption but part of it is maintaining and improving the integrity of end use devices. At the start you have to assume that a device is in a good state, what we need to do is ensure that organizations can retain the confidence that a device will remain good. This means no malware has been able to compromise the device and remain resident on it.

One of the big challenges organizations have at the moment is that nobody is immune to compromise. But still companies have to spend to continuously monitor their systems, if there is an intrusion they need to know what it is, what the impact is and how to recover. This can be an expensive exercise from a resource perspective.

BN: How does your technology address this?

BP: We're focused on secure operating systems, so we're not just adding security components to existing platforms, we're creating secure platforms from the ground up. Target customers are typically those for which existing systems don't meet their requirement from a security perspective. We have our own lightweight OS called Paradox that's meeting a number of use cases, predominantly around businesses moving to cloud. We provide a locked-down user platform for accessing cloud-based services and web apps, removing the possibility that anything on the endpoint could be compromising the environment.

Paradox uses the hardware functionality that's present in many computing platforms these days to ensure that when a system is running, cryptographic checks are carried out on all of the components that are executing on it. It can therefore verify to the server delivering cloud apps that the device remains in a good state. It still uses encryption but it's about ensuring you have strength in depth and ensuring if there is an intrusion you can detect it very rapidly and take appropriate action.

BN: Is there a behavioral angle as well, such as were users can connect from?

BP: Yes, you can extend the security to include additional factors. So you can have a more granular set of decisions in terms of what you're going to allow individuals to have access to. Ideally you want users to be connecting from a device that you trust. For some organizations there may be different levels of sensitivity, so it may be fine to allow less sensitive material to be accessed from devices that can’t be trusted to the same extent.

You can also add things like hardware-based verification of the identity of users, location based factors and so on. It depends how you want to build your data protection policy.

BN: Are there differences in enterprise priorities based on geographical location?

BP: Yes, although the differences are more to do with market segments. In the US for example certain sectors, like healthcare, have very specific regulation aimed at protecting data. It can be a time consuming and costly exercise to ensure that you’re validating to the correct extent right down the supply chain.

What's central is where businesses need a mechanism for maintaining a high degree of integrity in a user device. So other parts of the supply chain, contractors for example, will also need to be using devices that are appropriate for the sensitivity of the data. Many of the high profile breaches that we hear about have at some point involved a supply chain attack. Platforms like Paradox allow you to push something out into the supply chain so you can be sure it isn’t a weak link.

BN: So is this going to become more important as GDPR comes into force?

BP: Absolutely, it does allow compliance to be simplified, particularly if organizations are stretched in terms of the resources needed to secure systems and manage architectures. Paradox has within it a whole range of security controls that can be mandated for end users, so it becomes easy to apply those controls to protect personal data.

BN: Is technology only part of the picture? Do we need to address the human angle too?

BP: User education is key, CYBERUK, the UK government cyber conference in March this year, highlighted that the traditional view needs to be stood on its head. The user needs to be considered the strongest link -- whereas traditionally they've been considered the weakest.

IT systems are built by techies and they often see users as a problem in terms of how they’re circumventing controls that are put in place. But people are in place to perform a particular task and are very good at doing that. This often involves quite complex reaction with technology in terms of navigating the validation and other mechanisms in front of them. In terms of designing systems it's important to recognize the human factor and build systems appropriately so as not to force users into unworkable situations.

Some of our technology has been designed with government departments. They have made it very clear that while there’s a huge amount of sensitivity around the data, usability and user satisfaction were not second class requirements. If the system didn’t deliver usability and prioritize the human factors then they were quite clear that it was not appropriate. This is a very different position to just five or six years ago where security products were almost designed in isolation. Now the industry is on a journey that is placing the user more centrally.

BN: So the other side of that is that the more complex it is the more users will try to circumvent it?

BP: There are limits to what technology can do on its own, but if we think about humans being ideal or technology being ideal, then we're not doing a good job. For problems like phishing for example there isn’t a perfect solution, however much you train your users there is still a percentage that will click the email, so you have to build your infrastructure to recognize that will happen.

Google’s mysterious new Fuchsia OS has a UI now

We’ve known for a while now that Google is working on a mysterious new operating system known as “Fuchsia.” Unlike Android or Chrome OS that are based on Linux, Fuchsia is built on a new, Google-built kernel called “Magenta” instead.

It turns out Fuchsia has come a long way from the command line form it existed in when it was first uncovered last August. Google has since added an early user interface to its new operating system featuring a card-based design, as can be seen in Ars Techinca’s gallery of images and the video below.

First discovered by Kyle Bradshaw at Hotfix, the user interface is called Armadillo and is said to serve as “the default system UI for Fuchsia.” Armadillo (along with, presumably, other forthcoming Fuchsia apps) is built in Google’s Flutter SDK, which is used to create cross-platform code that can run on multiple operating systems like Android, iOS, and apparently Fuchsia. All that adds up to mean that it’s possible to compile Armadillo and run it on an Android device today, giving us our first early look at what Google’s next OS could look like.

a simple, cost-effective home control system

THINGS USED IN THIS PROJECT

Arduino UNO & Genuino UNO Arduino Ethernet Shield 2 Relay (generic)

Hardware setup

The “hardware” is composed by three main components: Arduino, an Ethernet adapter and a relay board. All the devices I need to control - which at the moment are some lights, the car gate, the main door and the garage door - are hooked up to the relay board; the board is controlled by the Arduino, which is then connected via an Ethernet shield to my router. Additionally, I found a 2€ RFID reader, and decided to give it a try: it's now connected to the Arduino and allows me to open/close the gate using a RFID tag; unnecessary, but nice to have.

Communication protocol

All the instructions provided by the user inside the app are sent to the specified Arduino IP using the UDP protocol; the received string is then parsed and the desired device activated. The Arduino private IP and the router public IP are stored inside the app database; it's up to the application to decide which one to use, depending on the currently connected network. Once the Arduino has received the input, it sends back to the phone a confirmation code, to let the user know if the command has been run properly. The app also allows the user to input the router public IP in the form of an URL string: you can generate a unique URL using a dynamic dns service (such as no-ip.com) and register it in the router; this way you'll have a (sort of) static IP address, useful in the case your internet service provider doesn't provide you one - like mine.

In defining the communication protocol between the app and Arduino, the following requirements had to be taken into accounts: it had to tell Arduino which action to perform (turn on/off/trigger/simulate button pressure...) and on which pin and had to carry a unique id string to prevent malicious users to gain control of the house. The syntax I came up with is the following:

Here ‘MT’ identifies a multiple action - or scene - and ‘codecode’ the 8 chars unique code. After the 8 chars code the first command string is sent; in case of a multiple action, more strings are sent using the ‘+’ char as a divider.

Surely somebody out there could do this way better, so if you have any suggestions about this feel free to post them, I’d be more than happy to improve the code.

Arduino code

The Arduino sketch code is pretty simple:

• in checkUDP() the connection is checked; if any data is available it looks for the auth code, and once it has found it, the remaining string is sent to the corresponding processing method, depending if it is a single action, a multiple action (or “scene”), a connection check request or a sensor reading request.

• in checkRFID() Arduino checks the RFID reader; if any card is found, the read code is compared to the authorized ones and, if it is found between them, the corresponding action is launched.

• homotica.refresh() tells the homotica library to check if enough time has passed for a certain pin to be pulled high or low; this is set when the user send a “push” command; the library is available on Github (link at the bottom of the page).

Here is the sketch code; as I said, suggestions are the welcome!

Future development

I'm planning to keep the development going, at least on the app side, for I'm quite pleased with how this project came out. I’d like to add, in the near future, the following features:

• Time & location-based triggers

• Sensor readings & data processing

• Real time Arduino-to-app notifications

If you would like to take a look to the app, feel free to try it out; I made it available on the play store at this link. However, remember it's the first release,

Thank you for reading, have a good day! ;)

BlackArch Linux

BlackArch Linux is an Arch-derived Linux distribution designed for penetration testing and security research. It may be used as a standalone live CD or live USB, run from a virtual machine, or be installed to a computer's hard disk. It is also possible to add its Arch Linux unofficial repo to an existing installation of Arch Linux. It offers over 1700 tools organized by category, for security and forensic specialists.

BlackArch Linux is a lightweight expansion to Arch Linux for penetration testers and security researchers. As you would expect from all pentesting/ hacking distos, BlackArch has been designed to make our jobs all the much easier by centralizing all pentesting tools under one roof.

The toolset within BlackArch is distributed as an Arch Linux unofficial user repository so you can install BlackArch Linux on top of an existing Arch Linux installation if you so wish. Packages also have the benefit of being installed individually or by tool category.

The distro at the last count has over 700 tools in the tool set and the repository is, like any good Linux Distribution, constantly expanding. The team claim that all the tools are thoroughly tested before being added to the codebase to maintain the quality of the repository – which seems very likely considering the loyal support that this distro seems to be receiving.

Arch based distributions
There are a bunch of Arch based Linux distro’s in the wild. Here’s an awesome and comprehensive list of active Arch distro’s.

Arch Linux is a Linux based Operating System for i686, x86-64 and even ARM computers and processors. Arch is for the most part free and open source software, and supports community involvement. Whereas BlackArch is an Arch based derivative, Kali Linux is Debian and BackBox is Ubuntu based (BackTrack was also Ubuntu based).

A package manager written specifically for Arch Linux called pacman, is used to install, remove and update software packages and the repositories. Arch updates via ‘rolling release’.

In Summary
It’s awesome to see yet another Linux Hacking Distro join our ranks here at Concise Courses. As ever, designing, implementing, updating and managing these systems are very time consuming so we would certainly urge that you donate to the team for their huge efforts. Here’s our full list of Linux Hacking Distro’s which also contains a couple of digital forensic releases.

Our Linux Pentesting Course: Learn To Pentest With Linux Distros

Here’s more info on the interactive three hour class: Learn To Pentest With Linux Distros including a full breakdown of the course [hint: the course is only $49.95!]

Our Linux pentesting distro course is taught by an expert penetration tester who has literally written ‘the book’ on how to hack efficiently and effectively using linux distro’s. The course has three main learning outcomes:

To learn more about our After taking this 3-hour live online beginners course, you will have:

• A deep understanding of how to use and organize files in Linux.
• Understand where all the tools are, how to use them and when to use them.
• You will learn Pentesting Methodologies and ‘best-practices’.

We have been running this course for several years now and it just keeps getting better!

Let us know your thoughts to using BlackArch – why would you recommend it over say, Kali Linux or BackBox?

How hospitals can help ensure the security of IoT devices

More patients are using internet-connected medical devices, raising cyber safety and security concerns.

As internet-connected medical devices become more pervasive, enabling innovative care and remote monitoring of patients, cyber criminals are finding new ways to breach hospital networks through advanced malware.

The Food and Drug Administration (FDA) launched an investigation of possible cyber vulnerabilities with St. Jude Medical heart implants last year after short-seller Muddy Waters and cybersecurity firm MedSec claimed the devices were easy targets for cyber criminals. Earlier this year, the agency issued a safety alert citing vulnerabilities in St. Jude’s Merlin@home Transmitter that could allow unauthorized access to a patient’s RF-enabled cardiac implant.

While St. Jude deployed a patch to mitigate what it called an “extremely low” risk of a hack, the company didn’t stop there. Month earlier, it announced it was creating a medical advisory board to focus on cybersecurity of connected medical devices. In a nod to growing concerns, the FDA named cybersecurity one of 10 top regulatory science priorities for 2017.

Identify the risks

“The biggest threat is someone hacking in and threatening a life,” says Mandeep Khera, chief marketing officer at Arxan, a San Francisco-based cybersecurity firm. “It’s not visible yet, but we think it’s going to happen as we have more and m ore connected medical devices.” He notes that hackers will often break into a system and hide for a time, waiting for the right time to attack.

But connected packers, insulin pumps and other IoT medical devices are also at risk from breaches and ransomware attacks at the hospital network level.

Many medical devices are connected to special legacy systems that communicate the telemetry and test results back to a centralized server, and if that system is hit with ransomware, those results are frozen in time and doctors can’t make clinical decisions based on that data, says Richard Henderson, global security strategist at Vancouver-based Absolute Software. But if a hospital is stuck with an older system, they often will pay the ransom because it’s cheaper than replacing the legacy system or cheaper than the incident response fees it would cost to replace all the data, assuming a backup is available, he adds.

When a medical device fails, a lot of the usual cybersecurity risks that hospitals face are amplified because patients are directly involved. To reduce the risks, IT departments need to pay attention to what happens to the data these devices collect and ensure that the data they are communicating the correct, Henderson says.

Another risk is when connected medical devices leverage third-party libraries and other open-source software, which may have vulnerabilities that can be exploited by hackers, Henderson says. If that happens, devices may be at risk for denial-of-service (DDoS) attacks. Botnets like Mirai, which disrupted internet service for millions of users last year, also pose a danger because IoT medical devices may not work as expected.

Assess manufacturers

“One of the questions that healthcare organizations need to ask is what types of solutions are in place with the manufacturers they partner with,” Henderson tells Healthcare Dive. Providers should ask if manufacturers have the ability to patch software and how quickly they can respond to a vulnerability or breach. They also need to ensure the device have proper authentication so that they can be tracked down and accessed if remediation is required.

Mark Kadrich, interim CISO at Antelope Valley Hospital in Lancaster, CA, says providers should also make sure that the manufacturers they use perform software assurance. A lot of companies will do functional testing and call it quality assurance, he tells Healthcare Dive. “SA is much more than that. It is an analysis and tracking of feature requests through the software development process, bug reporting, defect resolution, to actual security testing,” Kadrich says. “Software is analyzed as it is being created in order to discover conflicting requirements, poorly selected coding techniques and poorly architected programs.”

The FDA has issued guidance on premarket design considerations and postmarket management of device cybersecurity, as well as guidance on cybersecurity for networked devices containing off-the-shelf software. Khera says the FDA is taking the threat of hackers meddling with medical devices very seriously and not approving any products that aren’t in compliance with its guidelines. That’s forcing manufacturers to buckle down on security, he says. “The next-generation product line … of connected insulin pumps and pacemakers and those sorts of things can’t have the product release without security embedded in it.”

To protect against attacks, manufacturers should have a complete security posture plan that ensures the software application codes on their products, the mobile devices their connected to and all communication between those medical devices and the endpoint are protected, Khera says. “It should be strong enough to make it really difficult for hackers,” he tells Healthcare Dive. The security plan should also include a backup strategy in case of a hack, and a roadmap for responding — from shutting off the system to data recovery. There also needs to be strong security awareness training, from manufacturing staff to providers — something Khera believes companies don’t spend enough time or money on.

“Companies need to make sure that they have done everything in their power to raise the barriers so that hackers cannot get through them,” he says. “Don’t worry about compliance and guidelines as much, because if you have a strong software security posture and it you’ve done everything right, you’ll get compliance.”

Segment hospital networks

For providers, the challenge is being able to provide patients with the most up-to-dare and effective tools while ensuring the security of those devices and the security and privacy of their data.

“I think hospitals really have to think twice about how they segment their networks, physically and logically, so that these medical device systems are segregated from other systems inside the hospital,” Henderson says. “If a breach happens somewhere inside the hospital … they can ‘air gap’ these systems.” They also want to limit access from outside the hospital and on the internet. That can make patching and fixing vulnerabilities more difficult, but it also makes it harder for someone to hack inside the network, he adds.

Kadrich agrees. “A key element of a trustworthy network is a well-engineered compartmentalization and segmentation architecture.” He likens it going through security at a stadium, with metal detectors and seating and tier specifications. “It won’t eliminate risk, but it makes things much more manageable,” he says.

It also helps to plan ahead before deploying new connected technologies, says Henderson. Hospitals should ask questions like: What common security controls are already have in our healthcare network — whether firewalls or antivirus or encryption — and can they be used for medical devices? They should also ensure that IT is involved in any decision to buy a connected device. “You often see these devices popping up on the network and the IT department has not idea because someone else made the purchasing decision,” he says.

Kadrich offers another tip for hospitals: engineer a “purpose built” network. “By having a set of design rules that form a set of guidelines, we can make decisions that enable us to embrace new technology with a much better understanding of the risks associated with it,” he says.