Fansmitter.pdf by Elsa Cristina David on Scribd
Saturday, November 4, 2017
Information leakage through covert channels is a growing and persistent threat, even for physical perimeters considered as highly secure. We study a new approach for data exfiltration using a malicious storage device which subtly transmits data through blinking infrared LEDs
Information leakage through covert channels is a growing and persistent threat, even for physical perimeters considered as highly secure. We study a new approach for data exfiltration using a malicious storage device which subtly transmits data through blinking infrared LEDs. This approach could be used by an attacker trying to leak sensitive data stored in the device, such as credentials, cryptographic keys or a small classified document. An ideal application for this approach is when an attacker is capable of sneaking a malicious device inside a protected perimeter and has remote control over a camera inside such perimeter. The device can then collect information and transmit directly to the attacker, without the need of recovering the device to obtain the captured information, erase evidence or prevent a forensic investigation. We discuss techniques for improving communication efficiency up to 15 bits per second per LED, and possible countermeasures for mitigation.
Platform-agnostic Low-intrusion Optical Data Exfiltration (PDF Download Available). Available from: https://www.researchgate.net/publication/313887410_Platform-agnostic_Low-intrusion_Optical_Data_Exfiltration [accessed Nov 04 2017].
https://www.researchgate.net/publication/313887410_Platform-agnostic_Low-intrusion_Optical_Data_Exfiltration
Platform-agnostic Low-intrusion Optical Data Exfiltration (PDF Download Available). Available from: https://www.researchgate.net/publication/313887410_Platform-agnostic_Low-intrusion_Optical_Data_Exfiltration [accessed Nov 04 2017].
https://www.researchgate.net/publication/313887410_Platform-agnostic_Low-intrusion_Optical_Data_Exfiltration
so...what's the big deal? the big deal...is that they are not worried with all this...at all! Do you know why ? because air gapped hacking is for stupid victims; those who are not stupid protect the optical communications, and do not aloud exfilitration of data trought light. So, if you don't want to be hacked, you open the board, you implant this microcontroller...and then...bye bye NSA
The Lumentum switch protection module offers quick protection and restoration to prevent data loss due to cable failure, port failure, or catastrophic failures. An optical signal is split into diversely routed fibers. When a failure occurs, a 1x2 switch in the module selects the optical signal from the backup fiber.
This physical layer solution is able to isolate failures with a faster recovery time and simpler implementation compared to other protection solutions. It can be directly mounted on printed circuit boards
DROP A LAN TURTLE. GET A SHELL. The LAN Turtle is a covert Systems Administration and Penetration Testing tool providing stealth remote access, network intelligence gathering, and man-in-the-middle surveillance capabilities through a simple graphic shell. Housed within a generic "USB Ethernet Adapter" case, the LAN Turtle’s covert appearance allows it to blend into many IT environments.
System architecture (top); and prototype (bottom). Data encoding A typical smartphone magnetometer with a magnetic sensor can measure magnetic flux on 3 distinct axes simultaneously [20]. Therefore, it is possible to transmit data over these axes in parallel. To maintain a short distance between the device and the magnetic field generator ( i.e. , solenoid) (...)
Figure 1. System architecture (top); and prototype (bottom). Data encoding A typical smartphone magnetometer with a magnetic sensor can measure magnetic flux on 3 distinct axes simultaneously [20]. Therefore, it is possible to transmit data over these axes in parallel. To maintain a short distance between the device and the magnetic field generator ( i.e. , solenoid), we use only the z and x axes and ignore the y-axis. To improve the data transmission speed, we use a 4-level amplitude-shift keying (4-ASK) scheme to encode the data. Before transmission, the magnetic signal is briefly calibrated (between 1.6 and 3.2 seconds) to ignore any background magnetic noise. To calibrate, the encoder transmits a series of sequences between 0000 and 1111. The data uses ASCII encoding. Our coding scheme uses a constant period length (t 0 = 80 ms), which is long enough to account for the smartphone’s magnetometer limitations. During a period, each of the two channels can transmit 2 bits (given our 4-level ASK coding), and therefore the system can transmit in total 4 bits per period. As a convention, the X channel deals with higher bits, while the Z channel deals with lower bits. Finally, we define data packets to consist of 8 periods (4 bytes) each. For example, let us assume that we want to transmit the character ‘H’ whose ASCII representation is 0100 1000. In period 1 we transmit the first 4 bits (0100): the X channel (Figure 2, in blue) transmits 01 while the Z channel (Figure 2, in red) transmits 00 in parallel. This process continues until all bits are transmitted. Figure 2 shows a magnetic signal transmitting the message “Hello world!\n”. Since this message requires multiple packets, we use [x] to indicate an empty period (t 0 ) between two consecutive packets. We acknowledge that our prototype’s network protocol does not introduce packet types, sequence numbers, or CRC to minimize the amount of bits transferred.
https://www.researchgate.net/figure/263090343_fig1_Figure-1-System-architecture-top-and-prototype-bottom-Data-encoding-A-typical
Air-Gap Covert-Channel via Electromagnetic Emission from USB
In recent years researchers have demonstrated how attackers could use USB connectors implanted with RF transmitters to exfiltrate data from secure, and even air-gapped, computers (e.g., COTTONMOUTH in the leaked NSA ANT catalog). Such methods require a hardware modification of the USB plug or device, in which a dedicated RF transmitter is embedded. In this paper we present USBee, a software that can utilize an unmodified USB device connected to a computer as a RF transmitter. We demonstrate how a software can intentionally generate controlled electromagnetic emissions from the data bus of a USB connector. We also show that the emitted RF signals can be controlled and modulated with arbitrary binary data. We implement a prototype of USBee, and discuss its design and implementation details including signal generation and modulation. We evaluate the transmitter by building a receiver and demodulator using GNU Radio. Our evaluation shows that USBee can be used for transmitting binary data to a nearby receiver at a bandwidth of 20 to 80 BPS (bytes per second).
https://arxiv.org/abs/1608.08397
https://arxiv.org/abs/1608.08397
Friday, November 3, 2017
EVP Laser Mic will allow you to extract EVP from reflective surfaces like glass, mirrors, and even water! Information for the Spiegel ;)
Description
EVP Receiver / Laser Mic
Our EVP Receiver will allow you to extract Electronic Voice Phenomenon (EVP) from reflective surfaces like glass, mirrors, and even water!
How is this possible? First a pen laser is pointed at a target object (such as a picture frame) and then the receiver is aligned with the reflected beam from the target object. As the laser beam strikes the target object, small vibrations from the surface of the target cause the laser beam to move slightly, this is known as “modulation”. This modulation in the laser beam is picked up by the laser mic receiver and converts it to audio.
History of the Laser Mic
Made popular in the 1960’s, the CIA used a similar method with an infrared light source to perform covert surveillance. However, using an invisible light source is difficult to align and since the goal here is not covert espionage we make use of a visible light source from a pen laser. By utilizing visible pen lasers, users may set up multiple targets at multiple angles with minimal effort. A typical pen laser will have little to no issue bouncing across two to three targets at a distance of 500 feet. With fine tuning users may be able to achieve more extreme distances of over 2000 ft.
EVP Laser Mic Receiver Overview
To use the EVP Laser Mic Receiver, you’ll need a green or red laser pointer. Aim the laser pointer at a reflective surface and align the receiver with the reflected beam.
The EVP Receiver has a direct audio output and includes an audio cable. The audio output can be used with an external recording device or a amplifier for real time EVP.
- Requires 3 AAA batteries, not included.
- Laser pointer not included.
- Audio line out jack and cable included.
For additional documentation and user guides on the laser mic please visit Digital Dowsing
You will need a green or red laser pointer (not included).
- Aim the pointer at a reflective surface.
- Align the EVP Receiver with the reflected beam.
- The audio will output to your attached audio device.
Further Details on the EVP Laser Mic
Extract Evp from Windows and other Experiments on Digital Dowsing
See Digital Dowsing for further information on the EVP Laser Mic.
and finally fiber optics tapping! "Electronic speckle pattern interferometry (ESPI),[1] also known as TV Holography, is a technique which uses laser light, together with video detection, recording and processing to visualise static and dynamic displacements of components with optically rough surfaces. The visualisation is in the form of fringes on the image where each fringe normally represents a displacement of half a wavelength of the light used (i.e. quarter of a micrometre or so)
Breaking a chaos-based secure communication scheme designed by an improved modulation method
Abstract
Recently Bu and Wang [Bu S, Wang B-H. Chaos, Solitons & Fractals 2004;19(4):919–24] proposed a simple modulation method aiming to improve the security of chaos-based secure communications against return-map-based attacks. Soon this modulation method was independently cryptanalyzed by Chee et al. [Chee CY, Xu D, Bishop SR. Chaos, Solitons & Fractals 2004;21(5):1129–34], Wu et al. [Wu X, Hu H, Zhang B. Chaos, Solitons & Fractals 2004;22(2):367–73], and Álvarez et al. [Álvarez G, Montoya F, Romera M, Pastor G. Chaos, Solitons & Fractals, in press, arXiv:nlin/0406065] via different attacks. As an enhancement to the Bu–Wang method, an improving scheme was suggested by Wu et al. by removing the relationship between the modulating function and the zero-points. The present paper points out that the improved scheme proposed by Wu et al. is still insecure against a new attack. Compared with the existing attacks, the proposed attack is more powerful and can also break the original Bu–Wang scheme. Furthermore, it is pointed out that the security of the modulation-based schemes proposed by Wu et al. is not so satisfactory from a pure cryptographical point of view. The synchronization performance of this class of modulation-based schemes is also discussed.
Subscribe to:
Posts (Atom)
