Working to deter cyber theft, attacks

That drone flying outside an office window could be more than just a physical annoyance - it may actually be intercepting confidential documents sent to wireless printers on unsecured networks.

As more companies make use of connected devices and machines, there will be more avenues for cyber attacks to happen, and cyber security must be a fundamental design element for new technologies, said Mr David Koh, chief executive of the Cyber Security Agency of Singapore.

It is working with the Singapore University of Technology and Design (SUTD), among others, on projects to strengthen the safety of cyber physical systems, or devices that are not computers, but that can connect wirelessly.

"We are partnering with SUTD, together with the National Research Foundation and Mindef, to fund several of the projects. Our plan is ultimately to roll these solutions out to the industry and critical infrastructure," said Mr Koh, referring to the likes of water, energy and finance institutions.

Researchers from SUTD's cybersecurity facility, iTrust, showed two such projects to Minister for Communications and Information Yaacob Ibrahim at the university's campus yesterday.

They were the Cyber Security Patrol, an app which detects unsecured Wi-Fi networks and informs the user, and the Secure Water Treatment testbed, which is used to simulate cyber attacks and potential solutions.

Companies may think their wireless printers are safe because hackers do not have physical access to them. But Mr Toh Jing Hui, 27, an SUTD researcher, said with the availability of cheap drones, a hacker can fly one outside an office building and come within range of its wireless networks.

A smartphone attached to the drone can run a program to scan for access to unencrypted wireless office printers. When it finds one, it is able to mimic the printer's network so that print jobs are transferred to it instead.

"The Cyber Security Patrol app prevents such attacks by detecting unsecured wireless networks on such devices," said Mr Toh. It then sends a message to the company's technology officer "informing what devices are vulnerable and how to secure them".

A version of this article appeared in the print edition of The Straits Times on December 09, 2015, with the headline 'Working to deter cyber theft, attacks'. Print Edition | Subscribe