Updated: 2 days ago

One of our latest innovations for the rail industry OmniMachina, is an On Train Monitoring Recorder which allows train operators to see real-time data from legacy systems.

Read more about OmniMachina:

OmniMachina_product sheet
Download PDF • 1.09MB

Updated: 2 days ago

Modux recently developed Silverhawk, an operational technology gateway which allows businesses to remotely and securely manage thousands of devices through one portal.

In this article, we’ll explain the features of Silverhawk and how it is being used by a major UK rail company to modernise their business and improve the running of their trains.

Northern Rail’s problem of managing multiple devices

Northern Rail is one of the UK’s largest train companies with a fleet of 500 trains and nearly 500 stations. Its infrastructure, safety and media systems are powered by thousands of operational technology devices.

With over 2,500 services each day, carrying over 100 million passengers a year, it’s critical that any fault with these operational technology devices needs to be resolved as quickly as possible.

Prior to Silverhawk, each of these devices was provided and maintained by a different third-party vendor and each device had different access requirements and working practices. The process for fixing a fault with one of these devices was time-consuming, expensive and inefficient. A train would have to be pulled out of service, taken to a depot and seen by an engineer. This led to unnecessary delays and frustrated rail passengers.

Northern Rail needed a way to centrally manage their on-board train equipment that would speed up maintenance.

Silverhawk: a secure gateway for managing operational devices

Modux worked alongside Northern Rail to develop Silverhawk, a gateway which sits between the company’s system administrators and its operational technology.

Since being enrolled into Silverhawk, all of Northern Rail’s devices can now be accessed from this one central gateway. This provides rapid access into operational trains, removing the requirement for hundreds of physical visits.

The management of thousands of devices has become not only much more efficient, but also more secure as Silverhawk incorporates features such as multi-factor authentication, password vaults and brokered authentication. Users never have access to device credentials or the network because VPN tunnels and SSH tunnels are used to get into the device.

Rapid and secure access to devices

Let’s look at how Silverhawk is used in practice. Previously, a train engineer would have needed to travel to the train and plug in a laptop in order to fix a fault. Using Silverhawk, the process is much quicker. The train engineer can log in remotely, select the device that manages the train and fix the issue. Here are the steps an engineer goes through when using Silverhawk:

1.Search function. The engineer can see a list of the devices they have been granted access to and can filter and find any device they want to manage through the search function.

2. Assigned access. The train engineer will be granted access to a specific device or set of devices by a super-admin. This access can be time-restricted. In this case, the engineer might need access for 2 hours to fix a fault.

3. Authentication. The train engineer can click a device they want to connect to without passwords for each device. Silverhawk sets up the authentication, so the engineer never has access to the password of a device. Silverhawk logs into chosen device, then hands off that authenticated session to the engineer.

4. Remote access to devices. Once connected, the engineer can start an interactive session with the remote device using their mouse and keyboard, just like having a direct connection. The engineer is able to copy and paste between their own computer and the remote device.

Silverhawk's features

Silverhawk has a number of features which make it an invaluable management tool:

  • Security across all devices. Silverhawk enables modern security features across thousands of operational technology devices, including a company’s forgotten devices that are not backed by remote authentication like Active Directory or RADIUS. With Silverhawk, it’s possible to add in-depth logging, multi-factor authentication and attack detection to new equipment that would be otherwise unsecure out of the box.

  • Ultimate control over access to devices. Silverhawk provides granular access to single devices or groups of devices and removes the need for direct network access. Individual device connections are assigned to teams meaning that devices are only accessed by those with permission to find and access the device. Access to equipment through embedded HTTP web applications, SSH and RDP can be tightly controlled and restricted to specific users and groups. Access can be given and revoked on demand.

  • In-depth audit logging. Any changes that users make to a device is logged. Silverhawk can monitor every configuration change, every click and every command.

  • Agentless. The Silverhawk OT Gateway only requires network access in order to provide Privileged Access Management to equipment. Network routes through VPN and jump hosts can be spun up instantly when connecting to remote devices.

  • Automated backup and updates. Common functions such as device backup, firmware updates and password cycling can be automated across the estate, removing the need to update each device individually.

  • Faster loading times. Application files such as CSS, JS and images can be cached to speed load times of interfaces of devices in remote areas.

  • Platform agnostic. Silverhawk can run on any computer operating system and can support almost any device.

Improved security and control

As well as improving the security of remote management for Northern, Silverhawk has really shown its worth with the operational benefits, as it allows for rapid collaboration across technical teams during fault diagnosis and change management actions. As engineers no longer have to drive or fly to diagnose faults, the company has saved on thousands of hours of travel from vendors working remotely.

“Silverhawk allows us to quickly provide secure access for engineering teams. We’ve been able to keep trains in service and have saved hours of international travel.”

March Silverwood, Digital Trains, Northern.

Read more about rail technology offerings from Modux.

During our annual Hack Week, Modux employees take a break from their normal day-to-day work and instead spend the week working on an innovative idea that they are passionate about. Given the chance to experiment outside of his normal scope of work, one of our Senior Security Consultants, Ben, set himself the challenge of creating a sophisticated cheat that would help him gain the upper hand in first-person-shooter video games. Unlike existing video game cheats, which are often detected and banned by game developers, Ben wanted to make something that would be impossible for current anti-cheat software to detect.

A superior aim bot

There are a few different cheating tricks for video games that are commonly used. Trigger bots, for example, make the weapon automatically fire when the target is in the crosshairs, speed hacks make the player move faster or slower and camera hacks give the player a wider view of the game than the other players. Aim bots, meanwhile, ensure that the player has the perfect aim at any opponent, and this is what Ben planned to focus on. He saw the chance to innovate and improve on existing aim bots by making one that wouldn’t be identified by anti-cheat software:

“An aim bot is often one of the more desired and overpowered cheats but usually one of the easiest to detect from an anti-cheat perspective. I thought there was potential to make a more novel aim bot that would be less detectable by using out-of-band techniques.”

How to beat anti-cheating software

Unfortunately for cheat developers, modern anti-cheat solutions are very hard to beat. They are run as independent and often highly-privileged applications, separate to the game itself, and detect all software that is modifying or reading from the game.

While some cheats will try to interact directly with the game, others will try to read the screen in order to obtain information. But what they have in common is that nearly all video game cheats run software on the PC that is playing the game.

Ben’s solution to avoid his aim bot being detected by anti-cheat software was to perform all the cheating activity on a secondary computer.

An undetectable cheating set-up

Ben’s plan was to use a capture device to mirror the video stream from the game, and ship it to a secondary ‘processing’ PC. There, the system would use software which could recognise people on the screen. The second computer would recognise the person shape and aim at the target by controlling the cursor on the first computer. For this he needed the following hardware:

  • Two PCs: one to play the game on and another to do the processing

  • A video capture card to send the video stream from the ‘playing’ PC to the ‘processing’ PC

  • An Arduino microcontroller to act as a computer mouse

  • A 3D-printed game show style buzzer to trigger the software via click

  • A second Arduino inside the game show buzzer to send the mouse clicks

The following software stack was used:

  • Python

  • OpenCV, a cross-platform computer vision and machine learning library of algorithms which can be used to detect objects in videos

  • MobilenetSSD, a machine learning model designed for object recognition, trained to recognise 'people'

  • Nvidia CUDA, used to accelerate the OpenCV detection by offloading processing of computationally ‘expensive’ image processing tasks to a graphics card instead of solely using a CPU

Despite not having used object recognition frameworks before, Ben found development fairly straightforward. The application of various Arduinos and other hardware elements from previous projects also greatly sped up production of the final solution. With the extra time, Ben was able to assess other methods of detecting target enemies on screen such as the YOLO algorithm or HSV colour space differentials before finally settling on MobilenetSSD.

The cheating sequence

With PC1 playing the game and PC2 running the cheat software, let’s look at the sequence of steps involved in this cheat in more detail:

  1. The video feed from the game on PC1 streams via a video capture card to PC2.

  2. PC2 runs the object detection algorithm against the video feed to look for objects classified as 'people'. This step is only performed against the inner red square you see in the demo video to make aim movement seem less unnatural and speed up processing times.

  3. If enemies are found, the software computes the distance between the current mouse pointer location and the enemy’s head. This step is performed for each on-screen enemy detected. The software marks the closest enemy with a red bounding box and all the rest with blue bounding boxes. This is not visible on the PC1, only on PC2.

  4. If the trigger button is pressed, the software then uses the Arduino to move the mouse on PC1 on top of the closest enemy’s head (and optionally fires). Whilst the big buzzer was used in the video demo to visually demonstrate the 'trigger' process, a secondary much smaller device was used when Ben actually wanted to try the solution in a real game. This device was a tiny button attached to the mouse or keyboard of PC1.

Cheaters sometimes prosper

Ben tested his aim bot in Counter-Strike: Global Offensive. It was extremely effective and could hit enemies with pinpoint precision with any in-game weapon. The majority of testing was conducted offline so as not to not ruin real players’ fun, but limited online play demonstrated the effectiveness of the solution against real life players as well as its ability to not get Ben banned!

Although most of the time the bot does an excellent job of mimicking how a human would play the game, it has certain limitations. After attempting to play on a winter-themed map, Ben realised that he hadn’t fine-tuned the image learning recognition enough to differentiate between an enemy human and a similarly proportioned snowman

The snowman incident aside, Ben’s prototype has a lot of potential. Unlike most other computer game cheats, which target a single game via software modification or screen reading, Ben’s cheat currently works in any first-person game providing the enemy player model looks like a human. With additional training of the machine learning model, the bot could easily be updated to work with games where this is not the case.

Interested in joining us for the next hack week and becoming part of the Modux team? Email contact@modux.co.uk

#hackweek #videogamecheat #aimbot #counterstrike #python #opencvlibrary #arduino #mobilenetssd