From large technology corporations to startups, from computer science students to indie developers, using git services is as common as opening a word document is for most of the rest of us. Git services are online repositories, indispensable in the IT industry, that manage and store projects that may contain sensitive information or trade secrets such as emerging artificial intelligence models.

However, this makes git services vulnerable to frequent cybersecurity threats. There is also the risk of malicious code being inserted into existing projects without the developer’s knowledge.

University of Sydney researchers are part of a team that have developed end-to-end encryption that can be deployed to protect git services. The encryption is compatible with existing git platforms such as Github and Bitbucket. When it is deployed, the researchers say, it will align seamlessly for storage and the time it takes for data to be synchronized among devices and git servers.

Initial testing on existing git services and public repositories (data sources available for researchers to test algorithms) has been successful.

“Privacy and security of software code has long been a concern for industry and individual users that rely on git services,” said one of the lead developers Associate Professor Qiang Tang, from the School of Computer Science, Faculty of Engineering. “Just like we want our messages to be private and safe, the IT industry also wants their code to be protected. End-to-end encryption is currently the gold standard to protect data.”

End-to-End encryption works by securing data from start to finish, meaning the data sent is protected from the source to the destination, even if the service platform is hacked. It is currently used in messaging services such as WhatsApp.

The researchers say the threat of security breaches to git services is becoming more commonplace. Earlier in the year cryptocurrency exchange CoinBase was a target. In 2022 Okta had source code stolen.

But Associate Professor Tang says current efforts on git security are not strong enough and with large overheads, which means when a significant amount of computational resources such as processing time, bandwidth, or storage is being used.

The researchers hope to introduce the code to git services for widespread use or intend to make it open source. The results will be presented at the ACM Conference on Computer and Communications Security in October.

Collaborator Moti Yung, distinguished research scientist from Google, said that this was an excellent opportunity to protect the git services system and its users.

“The evolution of computing ecosystems always start with a new utility designed for trusted entities: the internet, the mobile networks, chat apps, and so on.

“Therefore, due to these utilities maturing and expanding, one has then to deal with less trusted and malicious players within the ecosystem. git services, enabling collaborations and version control among participants also started without thoroughly taking care of potential bad players, and the system proposed now is a necessary step to its maturity.”

Creating the security box for the world’s code and the rising demand for end- to-end security online

Imagine git services as a giant word document where countless people can write, edit and update content, but for computer code.

“What makes git services such as Github indispensable is their ability to host a large number of collaborators working on the same coding project at the same time, without losing any efficiency,” said Associate Professor Tang. “However, this advantage is also an obstacle that prevented git services from getting end-to-end encryption.”

When you use a messaging service, the content or text remains relatively unchanged, or the edits will be very minor.

But in GitHub, countless lines of code are being written, edited and updated constantly at a such a rapid rate, standard end-to-end encryption cannot keep up. It would constantly need to refresh to encrypt new versions.

“It’s a balancing act—keep the code safe but not where it impacts the user’s computer so much that it becomes a hindrance,” Tang added.

The research team was able to achieve this balance with a tradeoff—by using only small bits of computational power at a time to significantly reduce the level of communication and storage needed. Specifically, using character-level encryption where only edits are treated as new data to be encrypted and appended (added to an existing data collection). In this way, the pressure on computational resources becomes minimal.

Another way of putting it is if you removed a word from a sentence in a document, the code would recognize that and encrypt the change, instead of encrypting the entire document.

By doing this, it would save a large amount of bandwidth and storage otherwise used on each entire new version of the code.

Co-author Dr. Ya-Nan Li from the University of Sydney said another challenge was to identify the necessary security requirements, which at times could be subtle. For example, when to enable the tracking and public verification of the source of all edits.

“With addressing this issue, it leaves the git server vulnerable to the potential injection of malicious code and sometimes can even directly hinder confidentiality,” said Dr. Li.

I’ve tested over a dozen pet cameras, and they are not all created equal. A pet camera sets itself apart from a regular indoor security camera with special, pet-related features like treat tossing or interactive two-way audio. Each usually has a subscription service, where you can review pet footage historically and get alerts when things seem amiss, like odd behavior or continuous barking or meowing.

At an already super-affordable price, this Petcube camera has 360 PTZ rotation capabilities (it can not only rotate horizontally, but vertically as well for full coverage), super clear 1080p HD resolution, the ability to digitally zoom eight times, two-way audio to speak and hear your pet, and night vision. It’s already super affordable at its usual $53, but for Amazon Prime Big Deal Days, it’s only $38, a crazy-good price for a pet camera of this caliber.

Although I love (and highly recommend) this camera, the Petcube Cam 360 suffers from one of the pitfalls I have with the rest of the brand’s lineup—the features are seriously limited if you don’t want to pay for Petcube’s upgraded Care plan (which starts at $4 a month). You need to subscribe to get the full benefit of the luxury pet camera; with the plan, you’ll get video storage capabilities, automatic pet detection, and automatic video recording capabilities. The price point for the subscription plan is one of the lowest I’ve seen while testing similar models, and I don’t think I’d be able to go on vacation with peace of mind again without the extra plan. (At less than I spend on a cup of coffee, I find the subscription plan to be really worth it.)

There’s an optional mounting that requires some tools, so setup is a bit tricky. (You’ll want to make sure it’s anchored since it needs to be stable while rotating.) The camera feed rotates smoothly without much lag, and because of the wide fish-eye lens and complete panning abilities, I was able to clearly see more of the room I was monitoring than the majority of other cameras I’ve tested.

There’s a bit of inherent risk when having indoor security cameras in your home, and with the camera’s new privacy mode, you can easily turn off the camera lens for even more security while you’re at home so that it’s not catching anything that you don’t want it to.

Petcube is running deals on most of the cameras from its pet camera line for Amazon’s Prime Big Deal Days, so I’d check its brand page for even more sales.

If you want to save even more on security for your whole house, check out the camera bundles below that are also on a steep discount.

Power up with unlimited access to WIRED. Get best-in-class reporting and exclusive subscriber content that’s too important to ignore. Subscribe Today.

Fooled into following a hacker’s rogue commands, a drone is liable to do any number of things. Fly erratically. Speed up. Slow down. Hang suspended in the air. Reverse course. Take a new course. And, most dangerously: Crash.

What the compromised drone cannot do, however, is regain control. Lost to its original assignment—whether it’s delivering a package, inspecting an aging bridge or monitoring the health of crops—the machine is essentially useless.

At FIU, cybersecurity researchers have developed a series of countermeasures to fight back mid-flight against hostile takeovers.

Because drones are essentially flying computers, they are subject to the same software and hardware exploitation as their land-bound counterparts. But current drone-defense techniques fail to monitor all possible vulnerabilities.

FIU’s technology, called SHIELD, is different. Keeping watch over the entire control system, it picks up on subtle cues of malicious activity. It then identifies the kind of attack—even the stealthiest ones that often slip under the radar—before launching an attack-specific recovery process. The findings were presented at the IEEE/IFIP International Conference on Dependable Systems and Networks.

“Without robust recovery mechanisms, a drone cannot complete its mission under attacks, because even if it is possible to detect the attacks, the mission often gets terminated as a fail-safe move,” said Mohammad Ashiqur Rahman, lead researcher and associate professor in FIU’s Knight Foundation School of Computing and Information Sciences.

“What’s important about our framework is that it helps the system recover, so the mission can be completed.”

Safeguarding the security of drones may soon become more important than ever before. This summer, the Federal Aviation Administration proposed expanding commercial drone use across industries. From Amazon deliveries to agriculture, the FAA expects more businesses to deploy unmanned aircraft, raising questions about safety in the face of increasingly sophisticated cyber threats.

Traditionally, attack detection has revolved around sensors that help the drone perceive its surroundings and fly safely. But these sensors can be easily manipulated. For example, in “GPS spoofing,” hackers transmit fake coordinates to trick the drone into taking a different trajectory.

Sophisticated cyberattacks, though, bypass the sensors and go straight for the control or actuation system, sneaking malware into the drone’s hardware.

“This is why a detection and recovery system that only takes into account the sensors misses the bigger picture,” says Muneeba Asif, Ph.D. candidate in Rahman’s research group and study author. “It will be blind to other attacks that happen across the system and at different levels.”

SHIELD goes further by monitoring the drone’s entire control system. It detects abnormalities not just in sensors but also in the hardware. For example, the battery and computer components reveal a lot. Sudden surges in battery power or overworked processors are strong indicators that an attack is in progress.

The research team, which also includes FIU students Jean Tonday Rodriguez and Mohammad Kumail Kazmi, compares their approach to how a doctor arrives at a final diagnosis. A symptom (in this case, sensor data) doesn’t always reveal the underlying cause of an illness. Physical evidence (what’s happening with the battery), though, can provide a better idea of what’s going on.

And, just as every diagnosis dictates a different treatment, the researchers also find each attack needed a more tailored recovery plan.

Through multiple hardware-in-the-loop simulations in the lab, researchers learned that every attack leaves behind a unique signature and impacts the drone‘s system differently. So, the team trained AI machine learning models to spot abnormalities in the data, use the data to classify the attack and roll out the prescribed recovery protocol. In the lab, all of this happened in less than a second. Average detection time was 0.21 seconds, and recovery 0.36 seconds.

Next, Rahman’s research group will scale up testing, preparing SHIELD for real-world deployment.

With drones poised to reshape commerce, infrastructure monitoring, disaster response and more, FIU researchers say securing them is no longer optional.

“Reliable and secure drones are the key to unlocking future advancements,” Rahman said. “It’s our hope this work can play a role in moving the industry forward.”