Near-ultrasonic covert channels using software-defined radio techniques

Traditional cybersecurity practices rely on computers only communicating through well-defined expected channels. If malware was developed to use covert channels, such as one created using ultrasonic sound, then this could bypass certain security measures found in computer networks. This paper aims to demonstrate the viability of acoustic covert channels by creating a low-bandwidth ultrasonic frequency channel utilising software-defined radio (SDR) techniques. Previous work was evaluated to identify the strengths and weaknesses of their implementations. Software-defined radio techniques were then applied to improve the performance and reliability of the acoustic covert channel. The proposed implementation was then evaluated over a range of hardware and compared to previous implantations based on the attributes of their throughput, range, and reliability. The outcome of this research was an ultrasonic covert channel implemented in GNU Radio. The proposed implementation was found to provide 47% higher throughput than previous work while using less signal bandwidth. Utilising software-defined radio techniques improves the performance of the acoustic covert channels over previous implementations. It is expected that this technique would be effective in an office environment, but less effective in high security or server environments due to the lack of audio equipment available in these spaces

Investigation into the security and privacy of iOS VPN applications

Due to the increasing number of recommendations for people to use Virtual Private Networks (VPNs) to protect their privacy, more application developers are creating VPN applications and publishing them on the Apple App Store and Google Play Store. In this ‘gold rush’, applications are being developed quickly and, in turn, not being developed with security in mind.This paper investigated a selection of VPN applications available on the Apple App Store (for iOS devices) and tested the applications for security and privacy issues. This includes testing for any traffic being transmitted over plain HTTP, DNS leakage and transmission of personally identifiable information (such as phone number, International Mobile Equipment Identity (IMEI), email address, MAC address) and evaluating the security of the tunneling protocol used by the VPN.The testing methodology involved installing VPN applications on a test device, simulating network traffic for a pre-defined period of time and capturing the traffic. This allows for all traffic to be analysed to check for anything being sent without encryption. Other issues that often cause de-anonymization with VPN applications such as DNS leakage were also considered.The research found several common security issues with VPN applications tested, with a large majority of applications still using HTTP and not HTTPS for transmitting certain data. A large majority of the VPN applications failed to route additional user data (such as DNS queries) through the VPN tunnel. Furthermore, just fifteen of the tested applications were found to have correctly implemented the best-recommended tunneling protocol for user security.Outside of the regular testing criteria, other security anomalies were observed with specific applications, which included outdated servers with known vulnerabilities, applications giving themselves the ability to perform HTTPS interception and questionable privacy policies. From the documented vulnerabilities, this research proposes a set of recommendations for developers to consider when developing VPN applications