You will also be interested
[EN VIDÉO] In 2050, we will work with transparent computers Today we are riveted to our screens, but tomorrow, augmented reality and the power of computers will free us from our workstations, thanks to transparent or virtual screens. This is what Planète + explains to us in its new episode of Rêver le futur, broadcast this Friday, February 3, 2017, and of which here is an exclusive extract.
The air gapin other words the fact of physically separating a computer of any network, is the best way to protect it against any attack. Companies use theair gap for machines that have a function or data too sensitive to take any risk. However, this is not always sufficient as a measure. Mordechai Guri, of the Ben Gurion University of the Negev in Israel, is a specialist in circumventing this process. He has just presented two new techniques for hack a computer without connection.
Transmit data by ultrasound
The first attack was dubbed Gairoscope. As usual, it still requires access physical to the machine in order toimplant malware that will collect information, such as Passwords or sensitive files. Then the program uses an original technique to transmit the data wirelessly to another nearby device. This time he uses ultrasound produced by the loudspeakers of the computer infected.
Demonstration of data exfiltration using ultrasound and the gyroscope of a smartphone. © Ben-Gurion University
So far, nothing very revolutionary. Where his technique is original is that he uses a smart phone to receive the transmitted data via ultrasound, for example that of an employee working nearby. In order not to arouse the suspicion of the owner of the smartphone, it does not use a microphone that requires special permission. Instead, it uses the gyroscope. To do this, he first produced ultrasound by scanning a range of frequencies, and noted the specific frequencies of resonance who produce vibes gyroscopes in a OnePlus 7, as well as Samsung Galaxy S9 and S10.
The gyroscope has the advantage thatandroid and iOS display no particular indication when it is in use, and it is even possible to access it using a page containing JavaScript in the Navigator. It is therefore theoretically not necessary to infect the smartphone with malware. The device must still be at most eight meters from the PC speakers. Thanks to this technique, it is possible to transmit data at a rate of eight bits per second.
Demonstration of data exfiltration using network card diodes. © Ben-Gurion University
Use network card diodes
The second attack is called EtherLED. She uses both LEDs of the network card which usually indicate binding and activity. Here too, it is necessary to infect the computer with malware. After collecting information on the machine, it will control the diodes to transmit the data, using different encodings, for example the code Walrus for simple text.
This time the data can be received through a compromised surveillance camera, a camera IPsor even a drone. It is enough that the computer is in the field of vision. They were able to reach a speed transmission between one and two bits per second with malware standard. By infecting the pilot or the firmware from the network card, they reached 100 bits per second. Thus, depending on the encoding protocol used as well as the type malwareit takes between 42 seconds and 60 minutes to transmit an encryption key RSA of 4,096 bits.
The researcher had already presented other similar techniques, using the LED of the Hard diskvarying the brightness of the screen, or even by creating a Wi-Fi signal with the bars of random access memory. To effectively protect a computer with air gapit would therefore have to be accompanied by a series of measures such as black adhesive tape on all the diodes, a Wi-Fi jammer, adding background noise in the ultrasounds, and many others…
—
LAST DAYS to take advantage of our summer offer.
Subscribe to our media for a period of 3 months and receive the Mag Futura as a gift!*
*Offer valid for any new 3-month subscription to the “I participate in the life of Futura” offer on Patreon.
—
Interested in what you just read?