MAKKAH: In a world where technology is advancing at lightning speed, companies and organizations facing the constant threat of security breaches are finding help from the most unlikely people.
While working on his postdoctoral research paper, Marwan Al-Bahr, a member of the teaching staff at Umm Al-Qura University’s College of Computer and Information Systems, discovered security vulnerabilities that threaten the privacy of some of the world’s largest companies.
“The discovery was made through some information security research I had undertaken as I started my Ph.D. through Bluetooth and its protocols,” Al-Bahr told Arab News.
“During the postdoctoral phase, I worked on websites and mobile applications, where I focused on the user’s privacy and security levels. I was able to understand how developers work, how data is provided and transferred from one page to another,” he said.
“This made it easy for me to launch direct attacks to test the existing security levels, allowing me to violate the target’s privacy and change the information within their defined scope.”
Al-Bahr’s findings led him to discover 14 network vulnerabilities at Harvard University, eight in the Oracle database company, six in Google, three in the Avast antivirus company, one in Siemens and one in the Cloudera cloud services company.
Firms expressed their gratitude to Al-Bahr for shedding light on these vulnerabilities.
“Through cumulative research that resulted in the formation of a mental map of how websites work, I developed an understanding of the technologies used, their most prominent flaws and the web developers’ most common mistakes,” said Al-Bahr.
FASTFACTS
• Laws are now being adopted in the Kingdom to beef up cybersecurity.
• New bodies are being established such as the Saudi Federation for Cybersecurity, Programming and Drones, which has issued regulations to streamline procedures.
“Arabic websites suffer greatly from hacking due to the lack of awareness in terms of cybersecurity and user privacy. At least one Arabic website gets hacked every day. I have even sent these websites reports regarding vulnerabilities,” he added.
Al-Bahr said that a prominent telecommunications company, using an old Oracle program, was recently targeted by international hackers. He added that due to the outdated system, the cybercriminals were able to make their way around the security system.
“New legislation and laws are now being adopted, while new bodies are being established such as the Saudi Federation or Cybersecurity, Programming and Drones.
The federation has issued regulations committing companies to disclosure and governance. Despite the slow progress, some of these websites are showing promising signs, as we work to have them fully ready in the upcoming days,” he said.
Due to his line of work, Al-Bahr was able to discover these vulnerable security breaches.
He said that beginners in the same line of work have the same opportunity, while jobseekers could develop their skills and present data to support their findings to the targeted companies. This could lead to job hiring or consulting contracts, he added.
Though there are positive signs of a growing interest among college graduates, there is still a long way to go. Universities could provide the right teaching and proper environment to stimulate more “out of the box” thinking in order to allow students to develop their skills and secure jobs after graduation.
“Students graduate from universities with basic knowledge, as ‘straight A’ students mostly memorize the curricula, and lack understanding and practical application of what they have learned,” he said.
Arabic websites suffer greatly from hacking due to the lack of awareness in terms of cybersecurity and user privacy.
Marwan Al-Bahr
“Cybersecurity majors require practical work, as hackers benefit from the mental steps taken by individuals or institutions. It is important to rely on thinking, analyzing and self-developing through trial and error, and obtain professional applied certificates,” Al-Bahr said.
“There is a clear dysfunction in the student evaluation mechanism. It is an ineffective mechanism that includes editorial questions for applied subjects and questions with ‘right’ or ‘wrong’ as the answers for practical exams.
“The university’s environment is a simulation of the market environment, as it provides students with a better understanding of the market’s requirements and allows them to work in a more practical manner. Therefore, it is necessary to take into consideration the particularity of these specializations and better prepare the future generations,” he said.
