332 research outputs found
POWER-SUPPLaY: Leaking Data from Air-Gapped Systems by Turning the Power-Supplies Into Speakers
It is known that attackers can exfiltrate data from air-gapped computers
through their speakers via sonic and ultrasonic waves. To eliminate the threat
of such acoustic covert channels in sensitive systems, audio hardware can be
disabled and the use of loudspeakers can be strictly forbidden. Such audio-less
systems are considered to be \textit{audio-gapped}, and hence immune to
acoustic covert channels.
In this paper, we introduce a technique that enable attackers leak data
acoustically from air-gapped and audio-gapped systems. Our developed malware
can exploit the computer power supply unit (PSU) to play sounds and use it as
an out-of-band, secondary speaker with limited capabilities. The malicious code
manipulates the internal \textit{switching frequency} of the power supply and
hence controls the sound waveforms generated from its capacitors and
transformers. Our technique enables producing audio tones in a frequency band
of 0-24khz and playing audio streams (e.g., WAV) from a computer power supply
without the need for audio hardware or speakers. Binary data (files,
keylogging, encryption keys, etc.) can be modulated over the acoustic signals
and sent to a nearby receiver (e.g., smartphone). We show that our technique
works with various types of systems: PC workstations and servers, as well as
embedded systems and IoT devices that have no audio hardware at all. We provide
technical background and discuss implementation details such as signal
generation and data modulation. We show that the POWER-SUPPLaY code can operate
from an ordinary user-mode process and doesn't need any hardware access or
special privileges. Our evaluation shows that using POWER-SUPPLaY, sensitive
data can be exfiltrated from air-gapped and audio-gapped systems from a
distance of five meters away at a maximal bit rates of 50 bit/sec
Sensor-Based Covert Channels on Mobile Devices
Smartphones have become ubiquitous in our daily activities, having billions of active users worldwide. The wide range of functionalities of modern mobile devices is enriched by many embedded sensors. These sensors, accessible by third-party mobile applications, pose novel security and privacy threats to the users of the devices. Numerous research works demonstrate that user keystrokes, location, or even speech can be inferred based on sensor measurements. Furthermore, the sensor itself can be susceptible to external physical interference, which can lead to attacks on systems that rely on sensor data.
In this dissertation, we investigate how reaction of sensors in mobile devices to malicious physical interference can be exploited to establish covert communication channels between otherwise isolated devices or processes. We present multiple covert channels that use sensorsâ reaction to electromagnetic and acoustic interference to transmit sensitive data from nearby devices with no dedicated equipment or hardware modifications. In addition, these covert channels can also transmit information between applications within a mobile device, breaking the logical isolation enforced by the operating system. Furthermore, we discuss how sensor-based covert channels can affect privacy of end users by tracking their activities on two different devices or across two different applications on the same device. Finally, we present a framework that automatically identifies covert channels that are based on physical interference between hardware components of mobile devices. As a result of the experimental evaluation, we can confirm previously known covert channels on smartphones, and discover novel sources of cross-component interference that can be used to establish covert channels.
Focusing on mobile platforms in this work, we aim to show that it is of crucial importance to consider physical covert channels when assessing the security of the systems that rely on sensors, and advocate for holistic approaches that can proactively identify and estimate corresponding security and privacy risks
A Review of Smart Materials in Tactile Actuators for Information Delivery
As the largest organ in the human body, the skin provides the important
sensory channel for humans to receive external stimulations based on touch. By
the information perceived through touch, people can feel and guess the
properties of objects, like weight, temperature, textures, and motion, etc. In
fact, those properties are nerve stimuli to our brain received by different
kinds of receptors in the skin. Mechanical, electrical, and thermal stimuli can
stimulate these receptors and cause different information to be conveyed
through the nerves. Technologies for actuators to provide mechanical,
electrical or thermal stimuli have been developed. These include static or
vibrational actuation, electrostatic stimulation, focused ultrasound, and more.
Smart materials, such as piezoelectric materials, carbon nanotubes, and shape
memory alloys, play important roles in providing actuation for tactile
sensation. This paper aims to review the background biological knowledge of
human tactile sensing, to give an understanding of how we sense and interact
with the world through the sense of touch, as well as the conventional and
state-of-the-art technologies of tactile actuators for tactile feedback
delivery
Survey and Systematization of Secure Device Pairing
Secure Device Pairing (SDP) schemes have been developed to facilitate secure
communications among smart devices, both personal mobile devices and Internet
of Things (IoT) devices. Comparison and assessment of SDP schemes is
troublesome, because each scheme makes different assumptions about out-of-band
channels and adversary models, and are driven by their particular use-cases. A
conceptual model that facilitates meaningful comparison among SDP schemes is
missing. We provide such a model. In this article, we survey and analyze a wide
range of SDP schemes that are described in the literature, including a number
that have been adopted as standards. A system model and consistent terminology
for SDP schemes are built on the foundation of this survey, which are then used
to classify existing SDP schemes into a taxonomy that, for the first time,
enables their meaningful comparison and analysis.The existing SDP schemes are
analyzed using this model, revealing common systemic security weaknesses among
the surveyed SDP schemes that should become priority areas for future SDP
research, such as improving the integration of privacy requirements into the
design of SDP schemes. Our results allow SDP scheme designers to create schemes
that are more easily comparable with one another, and to assist the prevention
of persisting the weaknesses common to the current generation of SDP schemes.Comment: 34 pages, 5 figures, 3 tables, accepted at IEEE Communications
Surveys & Tutorials 2017 (Volume: PP, Issue: 99
Injected and Delivered: Fabricating Implicit Control over Actuation Systems by Spoofing Inertial Sensors
Inertial sensors provide crucial feedback for control systems to determine
motional status and make timely, automated decisions. Prior efforts tried to
control the output of inertial sensors with acoustic signals. However, their
approaches did not consider sample rate drifts in analog-to-digital converters
as well as many other realistic factors. As a result, few attacks demonstrated
effective control over inertial sensors embedded in real systems.
This work studies the out-of-band signal injection methods to deliver
adversarial control to embedded MEMS inertial sensors and evaluates consequent
vulnerabilities exposed in control systems relying on them. Acoustic signals
injected into inertial sensors are out-of-band analog signals. Consequently,
slight sample rate drifts could be amplified and cause deviations in the
frequency of digital signals. Such deviations result in fluctuating sensor
output; nevertheless, we characterize two methods to control the output:
digital amplitude adjusting and phase pacing. Based on our analysis, we devise
non-invasive attacks to manipulate the sensor output as well as the derived
inertial information to deceive control systems. We test 25 devices equipped
with MEMS inertial sensors and find that 17 of them could be implicitly
controlled by our attacks. Furthermore, we investigate the generalizability of
our methods and show the possibility to manipulate the digital output through
signals with relatively low frequencies in the sensing channel.Comment: Original publication in the proceedings of the 27th USENIX Security
Symposium, 201
Audio Virology and Affect Contagion in the Times of Preemptive Power and Sonic Futurism: The Sonic Warfare of Fatima Al Qadiri
This project examines the Stateâs use of sound technologies in particular to conjure affects facilitative of the maintenance and control of human bodies and political activities. In tension with this current, it will also study the subversion of sonic war machinery by cultural workers and musicians in the production of transnational political solidarities against the state militarization/securitization of life and preemption/commodification of deathâa socio-economic paradigm fed by the (neo)colonial underbellies of capitalist modernity, from the Transatlantic Slave Trade to the colonization and military exploitation of the âMiddle Eastâ
Abusing Commodity DRAMs in IoT Devices to Remotely Spy on Temperature
The ubiquity and pervasiveness of modern Internet of Things (IoT) devices
opens up vast possibilities for novel applications, but simultaneously also
allows spying on, and collecting data from, unsuspecting users to a previously
unseen extent. This paper details a new attack form in this vein, in which the
decay properties of widespread, off-the-shelf DRAM modules are exploited to
accurately sense the temperature in the vicinity of the DRAM-carrying device.
Among others, this enables adversaries to remotely and purely digitally spy on
personal behavior in users' private homes, or to collect security-critical data
in server farms, cloud storage centers, or commercial production lines. We
demonstrate that our attack can be performed by merely compromising the
software of an IoT device and does not require hardware modifications or
physical access at attack time. It can achieve temperature resolutions of up to
0.5{\deg}C over a range of 0{\deg}C to 70{\deg}C in practice. Perhaps most
interestingly, it even works in devices that do not have a dedicated
temperature sensor on board. To complete our work, we discuss practical attack
scenarios as well as possible countermeasures against our temperature espionage
attacks.Comment: Submitted to IEEE TIFS and currently under revie
- âŠ