736 research outputs found
POWER-SUPPLaY: Leaking Data from Air-Gapped Systems by Turning the Power-Supplies Into Speakers
It is known that attackers can exfiltrate data from air-gapped computers
through their speakers via sonic and ultrasonic waves. To eliminate the threat
of such acoustic covert channels in sensitive systems, audio hardware can be
disabled and the use of loudspeakers can be strictly forbidden. Such audio-less
systems are considered to be \textit{audio-gapped}, and hence immune to
acoustic covert channels.
In this paper, we introduce a technique that enable attackers leak data
acoustically from air-gapped and audio-gapped systems. Our developed malware
can exploit the computer power supply unit (PSU) to play sounds and use it as
an out-of-band, secondary speaker with limited capabilities. The malicious code
manipulates the internal \textit{switching frequency} of the power supply and
hence controls the sound waveforms generated from its capacitors and
transformers. Our technique enables producing audio tones in a frequency band
of 0-24khz and playing audio streams (e.g., WAV) from a computer power supply
without the need for audio hardware or speakers. Binary data (files,
keylogging, encryption keys, etc.) can be modulated over the acoustic signals
and sent to a nearby receiver (e.g., smartphone). We show that our technique
works with various types of systems: PC workstations and servers, as well as
embedded systems and IoT devices that have no audio hardware at all. We provide
technical background and discuss implementation details such as signal
generation and data modulation. We show that the POWER-SUPPLaY code can operate
from an ordinary user-mode process and doesn't need any hardware access or
special privileges. Our evaluation shows that using POWER-SUPPLaY, sensitive
data can be exfiltrated from air-gapped and audio-gapped systems from a
distance of five meters away at a maximal bit rates of 50 bit/sec
xLED: Covert Data Exfiltration from Air-Gapped Networks via Router LEDs
In this paper we show how attackers can covertly leak data (e.g., encryption
keys, passwords and files) from highly secure or air-gapped networks via the
row of status LEDs that exists in networking equipment such as LAN switches and
routers. Although it is known that some network equipment emanates optical
signals correlated with the information being processed by the device
('side-channel'), intentionally controlling the status LEDs to carry any type
of data ('covert-channel') has never studied before. A malicious code is
executed on the LAN switch or router, allowing full control of the status LEDs.
Sensitive data can be encoded and modulated over the blinking of the LEDs. The
generated signals can then be recorded by various types of remote cameras and
optical sensors. We provide the technical background on the internal
architecture of switches and routers (at both the hardware and software level)
which enables this type of attack. We also present amplitude and frequency
based modulation and encoding schemas, along with a simple transmission
protocol. We implement a prototype of an exfiltration malware and discuss its
design and implementation. We evaluate this method with a few routers and
different types of LEDs. In addition, we tested various receivers including
remote cameras, security cameras, smartphone cameras, and optical sensors, and
also discuss different detection and prevention countermeasures. Our experiment
shows that sensitive data can be covertly leaked via the status LEDs of
switches and routers at a bit rates of 10 bit/sec to more than 1Kbit/sec per
LED
SoniControl - A Mobile Ultrasonic Firewall
The exchange of data between mobile devices in the near-ultrasonic frequency
band is a new promising technology for near field communication (NFC) but also
raises a number of privacy concerns. We present the first ultrasonic firewall
that reliably detects ultrasonic communication and provides the user with
effective means to prevent hidden data exchange. This demonstration showcases a
new media-based communication technology ("data over audio") together with its
related privacy concerns. It enables users to (i) interactively test out and
experience ultrasonic information exchange and (ii) shows how to protect
oneself against unwanted tracking.Comment: To appear in proceedings of 2018 ACM Multimedia Conference October
22--26, 2018, Seoul, Republic of Kore
DolphinAtack: Inaudible Voice Commands
Speech recognition (SR) systems such as Siri or Google Now have become an
increasingly popular human-computer interaction method, and have turned various
systems into voice controllable systems(VCS). Prior work on attacking VCS shows
that the hidden voice commands that are incomprehensible to people can control
the systems. Hidden voice commands, though hidden, are nonetheless audible. In
this work, we design a completely inaudible attack, DolphinAttack, that
modulates voice commands on ultrasonic carriers (e.g., f > 20 kHz) to achieve
inaudibility. By leveraging the nonlinearity of the microphone circuits, the
modulated low frequency audio commands can be successfully demodulated,
recovered, and more importantly interpreted by the speech recognition systems.
We validate DolphinAttack on popular speech recognition systems, including
Siri, Google Now, Samsung S Voice, Huawei HiVoice, Cortana and Alexa. By
injecting a sequence of inaudible voice commands, we show a few
proof-of-concept attacks, which include activating Siri to initiate a FaceTime
call on iPhone, activating Google Now to switch the phone to the airplane mode,
and even manipulating the navigation system in an Audi automobile. We propose
hardware and software defense solutions. We validate that it is feasible to
detect DolphinAttack by classifying the audios using supported vector machine
(SVM), and suggest to re-design voice controllable systems to be resilient to
inaudible voice command attacks.Comment: 15 pages, 17 figure
Security and Privacy for Ubiquitous Mobile Devices
We live in a world where mobile devices are already ubiquitous. It is estimated that in the United States approximately two thirds of adults own a smartphone, and that for many, these devices are their primary method of accessing the Internet. World wide, it is estimated that in May of 2014 there were 6.9 billion mobile cellular subscriptions, almost as much as the world population. of these 6.9 billion, approximately 1 billion are smart devices, which are concentrated in the developed world. In the developing world, users are moving from feature phones to smart devices as a result of lower prices and marketing efforts. Because smart mobile devices are ubiquitous, security and privacy are primary concerns. Threats such as mobile malware are already substantial, with over 2500 different types identified in 2010 alone. It is likely that, as the smart device market continues to grow, so to will concerns about privacy, security, and malicious software. This is especially true, because these mobile devices are relatively new. Our research focuses on increasing the security and privacy of user data on smart mobile devices. We propose three applications in this domain: (1) a service that provides private, mobile location sharing; (2) a secure, intuitive proximity networking solution; and (3) a potential attack vector in mobile devices, which utilizes novel covert channels. We also propose a first step defense mechanism against these covert channels. Our first project is the design and implementation of a service, which provides users with private and secure location sharing. This is useful for a variety of applications such as online dating, taxi cab services, and social networking. Our service allows users to share their location with one another with trust and location based access controls. We allow users to identify if they are within a certain distance of one another, without either party revealing their location to one another, or any third party. We design this service to be practical and efficient, requiring no changes to the cellular infrastructure and no explicit encryption key management for the users. For our second application, we build a modem, which enables users to share relatively small pieces of information with those that are near by, also known as proximity based networking. Currently there are several mediums which can be used to achieve proximity networking such as NFC, bluetooth, and WiFi direct. Unfortunately, these currently available schemes suffer from a variety of drawbacks including slow adoption by mobile device hardware manufactures, relatively poor usability, and wide range, omni-directional propagation. We propose a new scheme, which utilizes ultrasonic (high frequency) audio on typical smart mobile devices, as a method of communication between proximal devices. Because mobile devices already carry the necessary hardware for ultrasound, adoption is much easier. Additionally, ultrasound has a limited and highly intuitive propagation pattern because it is highly directional, and can be easily controlled using the volume controls on the devices. Our ultrasound modem is fast, achieving several thousand bits per second throughput, non-intrusive because it is inaudible, and secure, requiring attackers with normal hardware to be less than or equal to the distance between the sender and receiver (a few centimeters in our tests). Our third work exposes a novel attack vector utilizing physical media covert channels on smart devices, in conjunction with privilege escalation and confused deputy attacks. This ultimately results in information leakage attacks, which allow the attacker to gain access to sensitive information stored on a user\u27s smart mobile device such as their location, passwords, emails, SMS messages and more. Our attack uses our novel physical media covert channels to launder sensitive information, thereby circumventing state of the art, taint-tracking analysis based defenses and, at the same time, the current, widely deployed permission systems employed by mobile operating systems. We propose and implement a variety of physical media covert channels, which demonstrate different strengths such as high speed, low error rate, and stealth. By proposing several different channels, we make defense of such an attack much more difficult. Despite the challenging situation, in this work we also propose a novel defense technique as a first step towards research on more robust approaches. as a contribution to the field, we present these three systems, which together enrich the smart mobile experience, while providing mobile security and keeping privacy in mind. Our third approach specifically, presents a unique attack, which has not been seen in the wild , in an effort to keep ahead of malicious efforts
A Completely Covert Audio Channel in Android
Exfilteration of private data is a potential security threat against mobile devices. Previous research concerning such threats has generally focused on techniques that are only valid over short distances (NFC, Bluetooth, electromagnetic emanations, and so on). In this research, we develop and analyze an exfilteration attack that has no distance limitation. Specifically, we take advantage of vulnerabilities in Android that enable us to covertly record and exfilterate a voice call. This paper presents a successful implementation of our attack, which records a call (both uplink and downlink voice streams), and inaudibly transmits the recorded voice over a subsequent inaudible call, without any visual or audio indication given to the victim. We provide a detailed analysis of our attack, and we suggest possible counter measures to thwart similar attacks
- …