SPYPI - A SOLUTION FOR EFFECTIVE SECURITY AWARENESS RAISING AMONG TEENAGERS AND YOUNG ADULTS
Is it necessary for everyone to know what password hashing is, how security is implemented in practice or how an SQL injection is acheived? No, not really.
But should every member of society have the essential knowledge needed to...
Cyber security awareness is crucial and should be available to people of various demographics and backgrounds. However, recent studies and surveys suggest, that especially younger generations seem to show concerning behaviours when it comes to information and cyber security as well as digital privacy. Does this mean digital natives are just careless, lazy and ignorant? No! There probably is no simple answer to why this is and it is assumable that multiple factors contribute to this phenomenon. Young people should not be slandered for this, but instead given opportunities to acquire skills and knowledge needed to fulfil the objectives above, that meet their needs and way of thinking. Why? Because digital natives have different expectations than older generations when it comes to security awareness raising. You have to be able to relate to them and understand their expectations and how they approach things in order to educate them effectively. We can’t just educate them by giving them a leaflet or telling them where dangers lure. Instead, you want to engage them in a way that is attractive for them, suits their strengths and allows them to think for themselves.
Sarah Mühlemann, the inventor of SpyPi, is herself a digital native and has used her knowledge about her peers to build a cyber security awareness raising tool that suits the expectations and thinking of young people. Her goal is to strengthen the youths knowledge about cyber security & digital privacy so that they are able to assess risks, ensure security in their private and (future) professional life and participate in our democracy.
SpyPi's approach is a concept called role-reversal learning which is known to enable critical thinking from multiple perspectives, help people to improve their understanding of an issue and train their ability to self-reflect. Tools on SpyPi allow users to test out tools and practices of black hat hackers, social engineers or data collectors on their own. The goal is to help them realize what the bad guys can do, where dangers hide and how they can protect themselves. Similar to the ELM model in marketing we focus on emotional stimuli instead of cognitive stimuli to engange people with a low involvement towards this topic as well as to avoid boring technical jargon. When not being in the position of the victim but acting as the "bad guys" themselves, people become less anxious of making mistakes – since they are not expected to have any prior knowledge. As a result, people find themselves in a relaxed, positive learning atmosphere.
No. We do not primarily focus on how the attacks can be done nor do we encourage people to engage in criminal activity. We inform the participants which legal consequences such activities entail. Our main goal is and remains to raise cyber security awareness. The reason why we let people test out these tools is because we believe that words are not powerful and interesting enough to efficiently convey the seriousness of the issue to a person that is not already interested in the topic. We really want people to grasp why it is necessary to be cautious and showing them a simulation would not have the same effect.
Yes, the attacks on SpyPi are real but only work to attack certain devices that we provide. We don't want to show simulation because then people tend to think in reality it's not nearly as bad but we of course make sure that the device does not cause harm to outsiders.
SpyPi should of course not become a threat to you. We make sure the device can't cause harm, meets your needs and considers your concerns.
Currently we are undergoing change to make it more scalable. We'll keep you updated!
We do not want limit our audience. Anyone looking for a fun low-level security awareness raising platform is welcome to use it. However, the concept mainly focuses on education facilities hence young people.
We aim at making it open source, the source code for the current SpyPi version, however, is not yet available.
KEY FEATURES OF SPYPI
Students test out tools & practices of black-hat hackers, social engineers as well as data collectors to better understand risks and the need to protect yourself.
The device has an interactive text-based user interface. Students actively take part and are able to interact with SpyPi indiviually and in smaller groups. SpyPi meets the user at eye-level.
A text-based user interface allows students to actively participate. The user interface is easy to use and matches the "hackerish" design of SpyPi.
A DESIGN WITH PURPOSE
We've tried to make SpyPi look as you'd imagine a hacking station to look like. Actual hackers do not use such fancy looking devices and we're giving a rather misleading image of hacking itself, however, SpyPi's design serves a pedagogical purpose: It motivates students to participate. Most of us dreamed of becoming one of those hackers we see in movies. The "hackerish" look fulfills these childhood dreams and gains the interest and attention of students. A fitting design is a crucial to the success of this learning approach.
PLEASE BE PATIENT
PRESS & RADIO
TALKS & WORKSHOPS
WHO WE ARE
PHONE: coming soon
FEEL FREE TO CONTACT US!