420 research outputs found
xLED: Covert Data Exfiltration from Air-Gapped Networks via Router LEDs
In this paper we show how attackers can covertly leak data (e.g., encryption
keys, passwords and files) from highly secure or air-gapped networks via the
row of status LEDs that exists in networking equipment such as LAN switches and
routers. Although it is known that some network equipment emanates optical
signals correlated with the information being processed by the device
('side-channel'), intentionally controlling the status LEDs to carry any type
of data ('covert-channel') has never studied before. A malicious code is
executed on the LAN switch or router, allowing full control of the status LEDs.
Sensitive data can be encoded and modulated over the blinking of the LEDs. The
generated signals can then be recorded by various types of remote cameras and
optical sensors. We provide the technical background on the internal
architecture of switches and routers (at both the hardware and software level)
which enables this type of attack. We also present amplitude and frequency
based modulation and encoding schemas, along with a simple transmission
protocol. We implement a prototype of an exfiltration malware and discuss its
design and implementation. We evaluate this method with a few routers and
different types of LEDs. In addition, we tested various receivers including
remote cameras, security cameras, smartphone cameras, and optical sensors, and
also discuss different detection and prevention countermeasures. Our experiment
shows that sensitive data can be covertly leaked via the status LEDs of
switches and routers at a bit rates of 10 bit/sec to more than 1Kbit/sec per
LED
POWER-SUPPLaY: Leaking Data from Air-Gapped Systems by Turning the Power-Supplies Into Speakers
It is known that attackers can exfiltrate data from air-gapped computers
through their speakers via sonic and ultrasonic waves. To eliminate the threat
of such acoustic covert channels in sensitive systems, audio hardware can be
disabled and the use of loudspeakers can be strictly forbidden. Such audio-less
systems are considered to be \textit{audio-gapped}, and hence immune to
acoustic covert channels.
In this paper, we introduce a technique that enable attackers leak data
acoustically from air-gapped and audio-gapped systems. Our developed malware
can exploit the computer power supply unit (PSU) to play sounds and use it as
an out-of-band, secondary speaker with limited capabilities. The malicious code
manipulates the internal \textit{switching frequency} of the power supply and
hence controls the sound waveforms generated from its capacitors and
transformers. Our technique enables producing audio tones in a frequency band
of 0-24khz and playing audio streams (e.g., WAV) from a computer power supply
without the need for audio hardware or speakers. Binary data (files,
keylogging, encryption keys, etc.) can be modulated over the acoustic signals
and sent to a nearby receiver (e.g., smartphone). We show that our technique
works with various types of systems: PC workstations and servers, as well as
embedded systems and IoT devices that have no audio hardware at all. We provide
technical background and discuss implementation details such as signal
generation and data modulation. We show that the POWER-SUPPLaY code can operate
from an ordinary user-mode process and doesn't need any hardware access or
special privileges. Our evaluation shows that using POWER-SUPPLaY, sensitive
data can be exfiltrated from air-gapped and audio-gapped systems from a
distance of five meters away at a maximal bit rates of 50 bit/sec
An Introduction to TEMEPEST (Classified), using ChatGPT
TEMPEST is a codename referring to spying on information systems through leaking electromagnetic emanations, either via cables or through electromagnetic fields. Nowadays it is considered as a part of cyber security. Most publications on TEMPEST are classified, and when a draft paper is being checked for classified information, many reviewers request that parts are being removed. Even if information can be retrieved from public channels like open publications or the internet, still reviewers have objections. ChatGPT is an artificial intelligence chatbot which is continuously being fine-tuned by gathering information from public resources, as well as human feedback. This article describes the information on TEMPEST provided by ChatGP
Compromising emanations: overview and system analysis
Рассмотрена задача побочных электромагнитных излучений опасных сигналов в ближней, промежуточной и дальней зонах. Проанализированы экспериментальные данные побочных электромагнитных излучений различных технических средств. Предложен системный анализ для нахождения и изучения побочных электромагнитных излучений. Целью данного подхода является создание корректной теоретической базы в области технической защиты информации. Рассмотрен метод векторных нестационарных потенциалов для нахождения компонент электромагнитного поля опасных сигналов в ближней, промежуточной и дальней зонах излучения. Применение нового метода позволяет исследовать побочные электромагнитные излучения технических средств во временной и в частотной области
SATAn: Air-Gap Exfiltration Attack via Radio Signals From SATA Cables
This paper introduces a new type of attack on isolated, air-gapped
workstations. Although air-gap computers have no wireless connectivity, we show
that attackers can use the SATA cable as a wireless antenna to transfer radio
signals at the 6 GHz frequency band. The Serial ATA (SATA) is a bus interface
widely used in modern computers and connects the host bus to mass storage
devices such as hard disk drives, optical drives, and solid-state drives. The
prevalence of the SATA interface makes this attack highly available to
attackers in a wide range of computer systems and IT environments. We discuss
related work on this topic and provide technical background. We show the design
of the transmitter and receiver and present the implementation of these
components. We also demonstrate the attack on different computers and provide
the evaluation. The results show that attackers can use the SATA cable to
transfer a brief amount of sensitive information from highly secured, air-gap
computers wirelessly to a nearby receiver. Furthermore, we show that the attack
can operate from user mode, is effective even from inside a Virtual Machine
(VM), and can successfully work with other running workloads in the background.
Finally, we discuss defense and mitigation techniques for this new air-gap
attack
- …