nach oben

Erschienen in:

2017 | OriginalPaper | Buchkapitel

Acoustic Data Exfiltration from Speakerless Air-Gapped Computers via Covert Hard-Drive Noise (‘DiskFiltration’)

verfasst von : Mordechai Guri, Yosef Solewicz, Andrey Daidakulov, Yuval Elovici

Erschienen in: Computer Security – ESORICS 2017

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

In the past, it has been shown that malware can exfiltrate data from air-gapped (isolated) networks by transmitting ultrasonic signals via the computer’s speakers. However, such a communication relies on the availability of speakers on a computer. In this paper, we present ‘DiskFiltration’, a method to leak data from speakerless computers via covert acoustic signals emitted from its hard disk drive (HDD) (Video: https://www.youtube.com/watch?v=H7lQXmSLiP8 or http://cyber.bgu.ac.il/advanced-cyber/airgap). Although it is known that HDDs generate acoustical noise, it has never been studied in the context of a malicious covert-channel. Notably, the magnetic HDDs dominate the storage wars, and most PCs, servers, and laptops todays are installed with HDD drive(s). A malware installed on a compromised machine can generate acoustic emissions at specific audio frequencies by controlling the movements of the HDD’s actuator arm. Binary Information can be modulated over the acoustic signals and then be picked up by a nearby receiver (e.g., microphone, smartphone, laptop, etc.). We examine the HDD anatomy and analyze its acoustical characteristics. We also present signal generation and detection, and data modulation and demodulation algorithms. Based on our proposed method, we developed a transmitter and a receiver for PCs and smartphones, and provide the design and implementation details. We examine the channel capacity and evaluate it on various types of internal and external HDDs in different computer chassis and at various distances. With DiskFiltration we were able to covertly transmit data (e.g., passwords, encryption keys, and keylogging data) between air-gapped computers to a nearby receiver at an effective bit rate of 180 bits/min (10,800 bits/h).

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel PerfWeb: How to Violate Web Privacy with Hardware Performance Events

Nächstes Kapitel DOMPurify: Client-Side Protection Against XSS and Markup Injection

McAfee: Defending Critical Infrastructure Without Air Gaps And Stopgap Security, August 2015. https://blogs.mcafee.com/executive-perspectives/defending-critical-infrastructure-without-air-gaps-stopgap-security/. Accessed 01 July 2016

SECURELIST: Agent.btz: A Source of Inspiration? (2014). https://securelist.com/blog/virus-watch/58551/agent-btz-a-source-of-inspiration/. Accessed 01 July 2016

Goodin, D.: How “omnipotent” hackers tied to NSA hid for 14 years—and were found at last, arstechnica (2015). http://arstechnica.com/security/2015/02/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last/. Accessed 01 July 2016

Kuhn, M.G., Anderson, R.J.: Soft tempest: hidden data transmission using electromagnetic emanations. In: Aucsmith, D. (ed.) IH 1998. LNCS, vol. 1525, pp. 124–142. Springer, Heidelberg (1998). doi:10.1007/3-540-49380-8_10CrossRef

Guri, M., Kachlon, A., Hasson, O., Kedma, G., Mirsky, Y., Elovici, Y.: GSMem: data exfiltration from air-gapped computers over GSM frequencies. In: 24th USENIX Security Symposium (USENIX Security 15), Washington, D.C. (2015)

Guri, M., Zadov, B., Atias, E., Elovici, Y.: LED-it-GO: leaking (a lot of) data from air-gapped computers via the (small) Hard Drive LED. In: 14th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Bonn (2017)

Mordechai, G., Matan, M., Yiroel, M., Yuval, E.: BitWhisper: covert signaling channel between air-gapped computers using thermal manipulations. In: Computer Security Foundations Symposium (CSF). IEEE (2015)

Hanspach, M., Goetz, M.: On covert acoustical mesh networks in air. J. Commun. 8, 758–767 (2013)CrossRef

Guri, M., Solewicz, Y., Daidakulov, A., Elovici, Y.: Fansmitter: Acoustic Data Exfiltration from (Speakerless) Air-Gapped Computers. arXiv:1606.05915 [cs.CR] (2016)

10.

a. Blog: Air Gap Computer Network Security, 30 December 2014. http://abclegaldocs.com/blog-Colorado-Notary/air-gap-computer-network-security/. Accessed 01 July 2016

11.

R.I. GUIDANCE: NSTISSAM TEMPEST/2-95, 12 December 1995. https://cryptome.org/tempest-2-95.htm. Accessed 01 July 2016

12.

J.-P. Power: Mind the gap: are air-gapped systems safe from breaches? Symantec, 05 Dec 2015. http://www.symantec.com/connect/blogs/mind-gap-are-air-gapped-systems-safe-breaches. Accessed 01 July 2016

13.

HDD still dominate the storage wars, June 2013. http://datastorageasean.com/daily-news/hdd-still-dominate-storage-wars. Accessed 01 July 2016

14.

S. Institute: An Introduction to TEMPEST. https://www.sans.org/reading-room/whitepapers/privacy/introduction-tempest-981

15.

Thiele, E.: Tempest for Eliza (2001). http://www.erikyyy.de/tempest/. Accessed 4 Oct 2013

16.

Guri, M., Gabi, K., Assaf, K., Yuval, E.: AirHopper: bridging the air-gap between isolated networks and mobile phones using radio frequencies. In: 2014 9th International Conference on Malicious and Unwanted Software: the Americas (MALWARE), pp. 58–67. IEEE (2014)

17.

Guri, M., Monitz, M., Elovici, Y.: Bridging the air gap between isolated networks and mobile phones in a practical cyber-attack. ACM Trans. Intell. Syst. Technol. (TIST) 8(4) (2017)

18.

Guri, M., Monitz, M., Elovici, Y.: USBee: air-gap covert-channel via electromagnetic emission from USB. In: 14th Annual Conference on Privacy, Security and Trust (PST), 2016, Auckland, New Zealand (2016)

19.

Loughry, J., Umphress, A.D.: Information leakage from optical emanations. ACM Trans. Inf. Syst. Secur. (TISSEC) 5(3), 262–289 (2002)CrossRef

20.

Guri, M., Hasson, O., Kedma, G., Elovici, Y.: An optical covert-channel to leak data through an air-gap. In: 14th Annual Conference on Privacy, Security and Trust (PST) (2016)

21.

Guri, M., Zadov, B., Daidakulov, A., Elovici, Y.: xLED: Covert Data Exfiltration from Air-Gapped Networks via Router LEDs. arXiv:1706.01140 [cs.CR]

22.

Bartolini, D.B., Miedl, P., Thiele, L.: On the capacity of thermal covert channels in multicores. In: Proceedings of the Eleventh European Conference on Computer Systems (EuroSys 2016) (2016)

23.

Madhavapeddy, A., Sharp, R., Scott, D., Tse, A.: Audio networking: the forgotten wireless technology. IEEE Pervasive Comput. 4(3), 55–60 (2005)CrossRef

24.

M. a. G. M. Hanspach: On Covert Acoustical Mesh Networks in Air. arXiv preprint arXiv:1406.1213 (2014)

25.

Deshotels, L.: Inaudible sound as a covert channel in mobile devices. In: USENIX Workshop for Offensive Technologies (2014)

26.

Goodin, D.: arstechnica (2013). http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/

27.

Larimer, J.: An inside look at Stuxnet. IBM X-Force (2010)

28.

Gostev, A.: Agent.btz: a Source of Inspiration? SecureList, 12 March 2014. http://securelist.com/blog/virus-watch/58551/agent-btz-a-source-of-inspiration/

29.

GReAT team: A Fanny Equation: “I am your father, Stuxnet”, Kaspersky Labs’ Global Research & Analysis Team, 17 February 2015. https://securelist.com/blog/research/68787/a-fanny-equation-i-am-your-father-stuxnet/. Accessed 01 July 2016

30.

Symantec: INTERNET SECURITY THREAT REPORT, Apr 2015. https://www4.symantec.com/mktginfo/whitepaper/ISTR/21347932_GA-internet-security-threat-report-volume-20-2015-social_v2.pdf. Accessed 07 Feb 2016

31.

Mamun‏, A.A., Guo, G., Bi, C.: Hard Disk Drive: Mechatronics and Control

32.

Inside a Working Hard Drive (Part 1). https://www.youtube.com/watch?v=oIwaNmNMfPU. Accessed 01 July 2016

33.

Ying, Y., Feng, G., Fah, Y.F.: Vibro-acoustic Experimental Analysis in Hard Disk Drives. http://www.sea-acustica.es/fileadmin/publicaciones/Sevilla02_sta01001.pdf

34.

Wikipedia: Automatic_acoustic_management. https://en.wikipedia.org/wiki/Automatic_acoustic_management. Accessed 01 July 2016

35.

Western Digitial, “intelliseek,” Western Digitial. http://www.wdc.com/en/flash/index.asp?family=intelliseek

36.

https://sourceforge.net/projects/hdparm/

37.

http://man7.org/linux/man-pages/man3/fopen.3.html

38.

P.P. Manual. http://man7.org/linux/man-pages/man3/fopen.3p.html

39.

https://en.wikipedia.org/wiki/Dd_(Unix)

40.

Goertzel, G.: An algorithm for the evaluation of finite trigonometric series. Am. Math. Mon. 65(1), 34–35 (1958). doi:10.2307/2310304MathSciNetCrossRef

41.

Marple, S.L.: Digital Spectral Analysis with Applications. Prentice Hall, Englewood Cliff (1987)

42.

Spatula: Modulating and Demodulating Signals in Java. http://spatula.net/mt/blog/2011/02/modulating-and-demodulating-signals-in-java.html. Modulating and Demodulating Signals in Java

43.

a. Developer: AudioRecord. https://developer.android.com/reference/android/media/AudioRecord.html

44.

Silentpcreview: Recommended Hard Drives. http://www.silentpcreview.com/Recommended_Hard_Drives

45.

https://en.wikipedia.org/wiki/Disk_enclosure

46.

Pulsar Instruments: Pulsar Instruments for noise meters, sound level meters and noise monitoring equipment. http://pulsarinstruments.com/products/

47.

Blunden, B.: The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System. Jones & Bartlett, Burlington (2012)

Titel: Acoustic Data Exfiltration from Speakerless Air-Gapped Computers via Covert Hard-Drive Noise (‘DiskFiltration’)
verfasst von: Mordechai Guri
Yosef Solewicz
Andrey Daidakulov
Yuval Elovici
Verlag: Springer International Publishing
Buch: Computer Security – ESORICS 2017
Print ISBN: 978-3-319-66398-2

Electronic ISBN: 978-3-319-66399-9

Copyright-Jahr: 2017
DOI: https://doi.org/10.1007/978-3-319-66399-9_6

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner