Data sniffing over Air Gap
- 6. 6
Military computer systems and networks
Government computer systems and networks
Financial computer systems and networks
Industrial control systems
Life-critical systems
Major Applications
- 10. 10
1. Oldest form
2. USB Flash drives
3. Most common and well known example is Stuxnet
EXFILTRATION THROUGH PHYSICAL MEDIA
- 11. • ACOUSTIC: The term means hearing.
• Noise emitted by computers (Printers, cooling fans, capacitors at
keyboard, etc.)
ACOUSTIC COVERT CHANNEL
- 14. THERMAL COVERT CHANNEL
14
1. All electronic devices generate excess heat and require thermal management to improve reliability and
prevent premature failure.
2. Computers are no exception. This is usually done with fans and we’ve already seen how they can be
abused to provide an exfiltration channel.
3. Changes in temperature are shown to be an effective, albeit painfully slow, data channel.
- 27. 27
Mitigation Techniques
• Masking of signal
• Faradays cage like setup
• Shielding mechanisms
• Random delays in clock cycles
while performing cryptographic
operations
Editor's Notes
- It’s a cyber security measure for protecting a system i.e highly confidential.
Because computers may contain or interact with sensitive information, they are often airgapped and in this way kept isolated and disconnected from the Internet.
An Air gap system means a system i.e isolated from all types of network, like Bluetooth, LAN, wifi, and data can only pass to it via a USB flash drive, other removable media, or a fire wire connecting two computers directly.
- All electronic devices generate excess heat and require thermal management to improve reliability and prevent premature failure. Computers are no exception. This is usually done with fans and we’ve already seen how they can be abused to provide an exfiltration channel. Changes in temperature are shown to be an effective, albeit painfully slow, data channel.
- In 2004, Adi Shamir, Eran Tromer and Daniel Genkin demonstrated that its possible to conduct timing attacks against a CPU performing cryptographic operations by analysing from ultrasonic noise emanating from capacitors and inductors on computer motherboards and implemented a successful attack on RSA on laptop running GnuPG.
Fansmitter, a malware that can acoustically exfiltrate data from airgapped computers, even when audio hardware and speakers are not present. This method utilizes the noise emitted from the CPU and chassis fans which are present in virtually every computer today.
3. A computer (the emitter) makes or can be driven to make sounds in several different ways and the receiver is usually a normal microphone.
- At the Black Hat Europe conference in 2014, Adi Shamir, Yuval Elovici and Moti Guri showed how a malware infected computer on an air-gapped network could receive and send attack commands through a scanner that the computer is connected to. To transmit data, an attacker would need to shine light, visible or IR, into the room where the scanner is and while a scan is in progress. The slightly different shades of white in the scanned document represent the binary code for the issued command.
- these were the attack vectors
main task is to actually to be able to gather data using these attack vectors and how??
case study 1: sniff out data in an HDMI cable using leaked rf
what is rf?
Radio frequency (RF) is a measurement representing the oscillation
rate of electromagnetic radiation spectrum,
or electromagnetic radio waves.
an RF field can be used for various types of wireless broadcasting and communications.
what is hdmi?
HDMI is a proprietary audio/video interface for transmitting uncompressed video
data and compressed or uncompressed digital audio data from an HDMI-compliant source device,
such as a display controller, to a compatible computer monitor, video projector, digital television,
or digital audio device.
All electronics emit some sort of unintentional RF signals, and by capturing and
processing those signals some data can be recovered. For example the unintentional signals
from a computer screen could be captured
and converted back into a live image of what the screen is displaying
what actually happens?
we are supposed to be able to capture those leaking signals, remove noise, normalise the data gathered
to get meaningful information ou8t of it
- SDRsharp: To use the software you should ideally know the resolution and refresh rate of your target monitor.
But if you don't there are auto-correlation graphs which actually help to predict the detected
resolution and frame rate. Just click on the peaks. Also, you will need to know the frequency that
your monitor unintentionally emits at. If you don't know you can browse around in SDR#
looking for interference peaks that change depending on what the image of the screen is showing.
TempestSDR is an open source tool that allows you to use any SDR that has a supporting
ExtIO (such as RTL-SDR, Airspy, SDRplay, HackRF) to receive the unintentional signal radiation
from a screen, and turn that signal back into a live image. This can let you view what is on a
screen without any physical connections. If a high gain directional antenna is used
then it may be possible to receive images from several meters away as well.
- Break and intro to next case study