POWER-SUPPLaY: Leaking Data from Air-Gapped Systems by Turning the Power-Supplies Into Speakers

It is known that attackers can exfiltrate data from air-gapped computers through their speakers via sonic and ultrasonic waves. To eliminate the threat of such acoustic covert channels in sensitive systems, audio hardware can be disabled and the use of loudspeakers can be strictly forbidden. Such audio-less systems are considered to be \textit{audio-gapped}, and hence immune to acoustic covert channels. In this paper, we introduce a technique that enable attackers leak data acoustically from air-gapped and audio-gapped systems. Our developed malware can exploit the computer power supply unit (PSU) to play sounds and use it as an out-of-band, secondary speaker with limited capabilities. The malicious code manipulates the internal \textit{switching frequency} of the power supply and hence controls the sound waveforms generated from its capacitors and transformers. Our technique enables producing audio tones in a frequency band of 0-24khz and playing audio streams (e.g., WAV) from a computer power supply without the need for audio hardware or speakers. Binary data (files, keylogging, encryption keys, etc.) can be modulated over the acoustic signals and sent to a nearby receiver (e.g., smartphone). We show that our technique works with various types of systems: PC workstations and servers, as well as embedded systems and IoT devices that have no audio hardware at all. We provide technical background and discuss implementation details such as signal generation and data modulation. We show that the POWER-SUPPLaY code can operate from an ordinary user-mode process and doesn't need any hardware access or special privileges. Our evaluation shows that using POWER-SUPPLaY, sensitive data can be exfiltrated from air-gapped and audio-gapped systems from a distance of five meters away at a maximal bit rates of 50 bit/sec

Delineating urban functional zones using mobile phone data: A case study of cross-boundary integration in Shenzhen-Dongguan-Huizhou area

As cities continuously expand and with the emergence of mega-city regions, the urban functional zones (UFZs) have spread beyond their original administrative boundaries. An accurate and updated delineation of the UFZs is crucial for assessing the functional integration between cities within a mega-city region. Mobility data provides a chance to depict the UFZs from actual human activities at a finer spatial scale. Existing studies mostly adopted network-based approaches relying on the topological relationship but ignoring spatial factors, causing the lack of sensitivity in detecting the cross-cities integration of the functional region. This research proposed a novel regionalisation algorithm that redraws non-overlap boundaries of urban functional zones based on the commuting origin-destination matrix, representing the spatial interactions within cities and cross-cities. In particular, functional zones are drawn by searching for the best partition with the best goodness of fitting in the hierarchical spatial interaction model. The algorithm was applied to a case study of a mega-city region, Shenzhen-Dongguan-Huizhou (SDH) area in China using mobile phone signalling data. By adopting two different settings, this model evaluated the current status and predict the future trend of urban integration respectively. The results show the current boundary of UFZs in the SDH area almost coincides with administrative boundaries. Meanwhile, the results of long-term predictions might be utilised by policymakers to give more attention to the areas near the Dongguan-Huizhou boundary to promote industry cooperation and avoid mismatches between the functional and administrative regions

Application of ERTS-1 data to integrated state planning in the state of Maryland

There are no author-identified significant results in this report

Supervised Land Use Inference from Mobility Patterns

This paper addresses the relationship between land use and mobility patterns. Since each particular zone directly feeds the global mobility once acting as origin of trips and others as destination, both roles are simultaneously used for predicting land uses. Specifically this investigation uses mobility data derived from mobile phones, a technology that emerges as a useful, quick data source on people's daily mobility, collected during two weeks over the urban area of Málaga (Spain). This allows exploring the relevance of integrating weekday-weekend trip information to better determine the category of land use. First, this work classifies patterns on trips originated and terminated in each zone into groups by means of a clustering approach. Based on identifiable relationships between activity and times when travel peaks appear, a preliminary categorization of uses is provided. Then, both grouping results are used as input variables in a K-nearest neighbors (KNN) classification model to determine the exact land use. The KNN method assumes that the category of an object must be similar to the category of the closest neighbors. After training the models, the findings reveal that this approach provides a precise land use categorization, yielding the best accuracy results for the major categories of land uses in the studied area. Moreover, as a result, the weekend data certainly contributes to finding more precise land uses as those obtained by just weekday data. In particular, the percentage of correctly predicted categories using both weekday and weekend is around 80%, while just weekday data reach 67%. The comparison with actual land uses also demonstrates that this approach is able to provide useful information, identifying zones with a specific clear dominant use (residential, industrial, and commercial), as well as multiactivity zones (mixed). This fact is especially useful in the context of urban environments where multiple activities coexist.Unión Europea Programa Operativo FEDER de Andalucía 2011–2015Ministerio de Economía y Competitividad PTQ-13-0642