Saturday, November 4, 2017

AND NSA's FANSMITTER : DiskFiltration: Data Exfiltration from Speakerless Air-Gapped Computers via Covert Hard Drive Noise

Information leakage through covert channels is a growing and persistent threat, even for physical perimeters considered as highly secure. We study a new approach for data exfiltration using a malicious storage device which subtly transmits data through blinking infrared LEDs

Information leakage through covert channels is a growing and persistent threat, even for physical perimeters considered as highly secure. We study a new approach for data exfiltration using a malicious storage device which subtly transmits data through blinking infrared LEDs. This approach could be used by an attacker trying to leak sensitive data stored in the device, such as credentials, cryptographic keys or a small classified document. An ideal application for this approach is when an attacker is capable of sneaking a malicious device inside a protected perimeter and has remote control over a camera inside such perimeter. The device can then collect information and transmit directly to the attacker, without the need of recovering the device to obtain the captured information, erase evidence or prevent a forensic investigation. We discuss techniques for improving communication efficiency up to 15 bits per second per LED, and possible countermeasures for mitigation.
Platform-agnostic Low-intrusion Optical Data Exfiltration (PDF Download Available). Available from: https://www.researchgate.net/publication/313887410_Platform-agnostic_Low-intrusion_Optical_Data_Exfiltration [accessed Nov 04 2017].


https://www.researchgate.net/publication/313887410_Platform-agnostic_Low-intrusion_Optical_Data_Exfiltration

so...what's the big deal? the big deal...is that they are not worried with all this...at all! Do you know why ? because air gapped hacking is for stupid victims; those who are not stupid protect the optical communications, and do not aloud exfilitration of data trought light. So, if you don't want to be hacked, you open the board, you implant this microcontroller...and then...bye bye NSA

The Lumentum switch protection module offers quick protection and restoration to prevent data loss due to cable failure, port failure, or catastrophic failures. An optical signal is split into diversely routed fibers. When a failure occurs, a 1x2 switch in the module selects the optical signal from the backup fiber.
This physical layer solution is able to isolate failures with a faster recovery time and simpler implementation compared to other protection solutions. It can be directly mounted on printed circuit boards

DROP A LAN TURTLE. GET A SHELL. The LAN Turtle is a covert Systems Administration and Penetration Testing tool providing stealth remote access, network intelligence gathering, and man-in-the-middle surveillance capabilities through a simple graphic shell. Housed within a generic "USB Ethernet Adapter" case, the LAN Turtle’s covert appearance allows it to blend into many IT environments.

System architecture (top); and prototype (bottom). Data encoding A typical smartphone magnetometer with a magnetic sensor can measure magnetic flux on 3 distinct axes simultaneously [20]. Therefore, it is possible to transmit data over these axes in parallel. To maintain a short distance between the device and the magnetic field generator ( i.e. , solenoid) (...)



Figure 1. System architecture (top); and prototype (bottom). Data encoding A typical smartphone magnetometer with a magnetic sensor can measure magnetic flux on 3 distinct axes simultaneously [20]. Therefore, it is possible to transmit data over these axes in parallel. To maintain a short distance between the device and the magnetic field generator ( i.e. , solenoid), we use only the z and x axes and ignore the y-axis. To improve the data transmission speed, we use a 4-level amplitude-shift keying (4-ASK) scheme to encode the data. Before transmission, the magnetic signal is briefly calibrated (between 1.6 and 3.2 seconds) to ignore any background magnetic noise. To calibrate, the encoder transmits a series of sequences between 0000 and 1111. The data uses ASCII encoding. Our coding scheme uses a constant period length (t 0 = 80 ms), which is long enough to account for the smartphone’s magnetometer limitations. During a period, each of the two channels can transmit 2 bits (given our 4-level ASK coding), and therefore the system can transmit in total 4 bits per period. As a convention, the X channel deals with higher bits, while the Z channel deals with lower bits. Finally, we define data packets to consist of 8 periods (4 bytes) each. For example, let us assume that we want to transmit the character ‘H’ whose ASCII representation is 0100 1000. In period 1 we transmit the first 4 bits (0100): the X channel (Figure 2, in blue) transmits 01 while the Z channel (Figure 2, in red) transmits 00 in parallel. This process continues until all bits are transmitted. Figure 2 shows a magnetic signal transmitting the message “Hello world!\n”. Since this message requires multiple packets, we use [x] to indicate an empty period (t 0 ) between two consecutive packets. We acknowledge that our prototype’s network protocol does not introduce packet types, sequence numbers, or CRC to minimize the amount of bits transferred. 

https://www.researchgate.net/figure/263090343_fig1_Figure-1-System-architecture-top-and-prototype-bottom-Data-encoding-A-typical

USBee Software...COTTONMOUTH in the leaked NSA ANT catalog

Air-Gap Covert-Channel via Electromagnetic Emission from USB

In recent years researchers have demonstrated how attackers could use USB connectors implanted with RF transmitters to exfiltrate data from secure, and even air-gapped, computers (e.g., COTTONMOUTH in the leaked NSA ANT catalog). Such methods require a hardware modification of the USB plug or device, in which a dedicated RF transmitter is embedded. In this paper we present USBee, a software that can utilize an unmodified USB device connected to a computer as a RF transmitter. We demonstrate how a software can intentionally generate controlled electromagnetic emissions from the data bus of a USB connector. We also show that the emitted RF signals can be controlled and modulated with arbitrary binary data. We implement a prototype of USBee, and discuss its design and implementation details including signal generation and modulation. We evaluate the transmitter by building a receiver and demodulator using GNU Radio. Our evaluation shows that USBee can be used for transmitting binary data to a nearby receiver at a bandwidth of 20 to 80 BPS (bytes per second).

https://arxiv.org/abs/1608.08397

Cielo e terra (duet with Dante Thomas)