SlideShare a Scribd company logo

Data sniffing over Air Gap

Download as PPTX, PDF
OWASP Delhi
OWASP Delhi

Session presented in the Combined [nullDelhi + OWASPDelhi] webinar on 24th May. Watch the webinar here - https://www.youtube.com/watch?v=jmzfdw-UYC0 An air gapped environment is described as “computer or network that has no network interfaces, either wired or wireless, connected to outside network.” In this case, side channels and proximity are leveraged to eavesdrop air gapped systems. A case study showing practical use case of sniffing is also discussed. Link to the Webinar - https://youtu.be/jmzfdw-UYC0

Related slideshows

Gs250 brochure
Gs250 brochureGs250 brochure
Gs250 brochure
 
Qsx picotx datasheet
Qsx picotx datasheetQsx picotx datasheet
Qsx picotx datasheet
 
Satrack ppt
Satrack pptSatrack ppt
Satrack ppt
 
1 of 29
Data Sniffing Over Airgaps AVNI SINGH
AGENDA 2 What is Airgap? Need for Airgap Attack Vectors Case Studies Mitigation
Data sniffing over Air Gap
What is Airgap? 4
5 Remember this scene of the movie:- Mission Impossible
6  Military computer systems and networks  Government computer systems and networks  Financial computer systems and networks  Industrial control systems  Life-critical systems Major Applications
7 Covert channels??
8
9 Airgap Attack Vectors Physical Media Acoustic Electromagnetic Light Thermal Magnetic
10 1. Oldest form 2. USB Flash drives 3. Most common and well known example is Stuxnet EXFILTRATION THROUGH PHYSICAL MEDIA
• ACOUSTIC: The term means hearing. • Noise emitted by computers (Printers, cooling fans, capacitors at keyboard, etc.) ACOUSTIC COVERT CHANNEL
12 ELECTROMAGNETIC COVERT CHANNEL Airhopper : uses FM signals to bridge the air gap Voltage study, in poweremitter by Bo Zhao et al, shows that data exfiltration is possible through switching power supply.
LIGHT COVERT CHANNEL
THERMAL COVERT CHANNEL 14 1. All electronic devices generate excess heat and require thermal management to improve reliability and prevent premature failure. 2. Computers are no exception. This is usually done with fans and we���ve already seen how they can be abused to provide an exfiltration channel. 3. Changes in temperature are shown to be an effective, albeit painfully slow, data channel.
15 CASE STUDY 1 Sniffing data of an HDMI cable through RF leaks
16 Hardware • Antenna: HackRF One/Yard Stick One/ RTL SDR Tools required Software • SDR# • TempestSDR
17 Setting up HackRF one by installing relevant drivers
18 Setting up the config file of SDR# to make it work with HackRF One
19 Hit Play and collect noises from surroundings
20 Waterfall of noises gathered
21 Setup TempestSDR to work with HackRF
22Calibrate TempestSDR to work with HackRF
23Image starts forming
24 CASE STUDY 2 Sniffing energy levels to guess cryptographic algorithms
25 Which cryptographic algorithm is it?
26 Which cryptographic algorithm is it?
27 Mitigation Techniques • Masking of signal • Faradays cage like setup • Shielding mechanisms • Random delays in clock cycles while performing cryptographic operations
28 THANKS! Any questions? You can ping me at @avnisingh_s or my Linkedin profile
References and Credits https://www.thesslstore.com/blog/air-gapped-computer/ https://hackaday.com/2017/02/02/hacking-the-aether/ https://i.blackhat.com/us-18/Wed-August-8/us-18-Guri-AirGap.pdf Anush Swaminathan Stephan Picek : Case study 2 https://images.app.goo.gl/Hok2887McsZSew1a8 https://images.app.goo.gl/85uHypj1ne6zaAxy6 29

More Related Content

Data sniffing over Air Gap

Editor's Notes

  1. It’s a cyber security measure for protecting a system i.e highly confidential. Because computers may contain or interact with sensitive information, they are often airgapped and in this way kept isolated and disconnected from the Internet. An Air gap system means a system i.e isolated from all types of network, like Bluetooth, LAN, wifi, and data can only pass to it via a USB flash drive, other removable media, or a fire wire connecting two computers directly.
  2. All electronic devices generate excess heat and require thermal management to improve reliability and prevent premature failure. Computers are no exception. This is usually done with fans and we’ve already seen how they can be abused to provide an exfiltration channel. Changes in temperature are shown to be an effective, albeit painfully slow, data channel.
  3. In 2004, Adi Shamir, Eran Tromer and Daniel Genkin demonstrated that its possible to conduct timing attacks against a CPU performing cryptographic operations by analysing from ultrasonic noise emanating from capacitors and inductors on computer motherboards and implemented a successful attack on RSA on laptop running GnuPG. Fansmitter, a malware that can acoustically exfiltrate data from airgapped computers, even when audio hardware and speakers are not present. This method utilizes the noise emitted from the CPU and chassis fans which are present in virtually every computer today. 3. A computer (the emitter) makes or can be driven to make sounds in several different ways and the receiver is usually a normal microphone.
  4. At the Black Hat Europe conference in 2014, Adi Shamir, Yuval Elovici and Moti Guri showed how a malware infected computer on an air-gapped network could receive and send attack commands through a scanner that the computer is connected to. To transmit data, an attacker would need to shine light, visible or IR, into the room where the scanner is and while a scan is in progress. The slightly different shades of white in the scanned document represent the binary code for the issued command.
  5. these were the attack vectors main task is to actually to be able to gather data using these attack vectors and how?? case study 1: sniff out data in an HDMI cable using leaked rf what is rf? Radio frequency (RF) is a measurement representing the oscillation rate of electromagnetic radiation spectrum, or electromagnetic radio waves. an RF field can be used for various types of wireless broadcasting and communications. what is hdmi? HDMI is a proprietary audio/video interface for transmitting uncompressed video data and compressed or uncompressed digital audio data from an HDMI-compliant source device, such as a display controller, to a compatible computer monitor, video projector, digital television, or digital audio device. All electronics emit some sort of unintentional RF signals, and by capturing and processing those signals some data can be recovered. For example the unintentional signals from a computer screen could be captured and converted back into a live image of what the screen is displaying what actually happens? we are supposed to be able to capture those leaking signals, remove noise, normalise the data gathered to get meaningful information ou8t of it
  6. SDRsharp: To use the software you should ideally know the resolution and refresh rate of your target monitor. But if you don't there are auto-correlation graphs which actually help to predict the detected resolution and frame rate. Just click on the peaks. Also, you will need to know the frequency that your monitor unintentionally emits at. If you don't know you can browse around in SDR# looking for interference peaks that change depending on what the image of the screen is showing. TempestSDR is an open source tool that allows you to use any SDR that has a supporting ExtIO (such as RTL-SDR, Airspy, SDRplay, HackRF) to receive the unintentional signal radiation from a screen, and turn that signal back into a live image. This can let you view what is on a screen without any physical connections. If a high gain directional antenna is used then it may be possible to receive images from several meters away as well.
  7. Break and intro to next case study