|//No Comment - Trojan of Things, Disk LEDs Leak Data & So Do Phone Magnetometers|
|Written by Andrew Johnson|
|Thursday, 02 March 2017|
• Trojan of Things: Embedding Malicious NFC Tags into Common Objects
• LED-it-GO: Leaking (a lot of) Data from Air-Gapped Computers via the (small) Hard Drive LED
• Mobile Phone Identification through the Built-in Magnetometers
Sometimes the news is reported well enough elsewhere and we have little to add other than to bring it to your attention.
No Comment is a format where we present original source information, lightly edited, so that you can decide if you want to follow it up.
There seem to be more ways of attacking the things that make up the Internet of Things than there are way of protecting them. Being out there in the real world is an unavoidable risk. Now we have some very clever attacks using Near Field Communication and the humble RFid tags:
We present a novel proof-of-concept attack named Trojan of Things (ToT), which aims to attack NFC- enabled mobile devices such as smartphones. The key idea of ToT attacks is to covertly embed maliciously programmed NFC tags into common objects routinely encountered in daily life such as banknotes, clothing, or furniture, which are not considered as NFC touchpoints.
To fully explore the threat of ToT, we develop two striking techniques named ToT device and Phantom touch generator. These techniques enable an attacker to carry out various severe and sophisticated attacks unbeknownst to the device owner who unintentionally puts the device close to a ToT. We discuss the feasibility of the attack as well as the possible countermeasures against the threats of ToT attacks.
The idea that the LEDs that are supposed to indicate a devices status often leak data is a well known. The LED may look steady to you but to a sensor it will be blinking zeros and ones as the data passes though it. In this case the LED in question is the disk status light and rather than reading its natural data the researchers use it to send encoded data to a waiting reciever.
In this paper we present a method which allows attackers to covertly leak data from isolated, air-gapped computers. Our method utilizes the hard disk drive (HDD) activity LED which exists in most of today's desktop PCs, laptops and servers.
We show that a malware can indirectly control the HDD LED, turning it on and off rapidly (up to 5800 blinks per second) - a rate that exceeds the visual perception capabilities of humans.
Sensitive information can be encoded and leaked over the LED signals, which can then be received remotely by different kinds of cameras and light sensors. Compared to other LED methods, our method is unique, because it is also covert - the HDD activity LED routinely flickers frequently, and therefore the user may not be suspicious to changes in its activity.
We discuss attack scenarios and present the necessary technical background regarding the HDD LED and its hardware control. We also present various data modulation methods and describe the implementation of a user-level malware, that doesn't require a kernel component. During the evaluation, we examine the physical characteristics of different colored HDD LEDs (red, blue, and white) and tested different types of receivers: remote cameras, extreme cameras, security cameras, smartphone cameras, drone cameras, and optical sensors.
Finally, we discuss hardware and software countermeasures for such a threat. Our experiment shows that sensitive data can be successfully leaked from air-gapped computers via the HDD LED at a maximum bit rate of 4000 bits per second, depending on the type of receiver and its distance from the transmitter. Notably, this speed is 10 times faster than the existing optical covert channels for air-gapped computers. These rates allow fast exfiltration of encryption keys, keystroke logging, and text and binary files.
The researchers even put together a demo where a video camera on a drone picked up the data from outside of a window - see it in action in the video:
So if you want your "air-gapped" computer to be secure put tape not only over the cameras and the microphones but also over any Blinkenlights it might have.
In the real world it there are many ways of identifying a device because even mass produced hardware tends to come with its very own unique, or almost unique, fingerprint. So it is with the magnetometer that sits inside almost every mobile phone.
Mobile phones identification through their built in components has been demonstrated in literature for various types of sensors including the camera, microphones and accelerometers. The identification is performed by the exploitation of the small but significant differences in the electronic circuits generated during the production process. Thus, these differences become an intrinsic property of the electronic components, which can be detected and become an unique fingerprint of the component and of the mobile phone.
In this paper, we investigate the identification of mobile phones through their builtin magnetometers, which has not been reported in literature yet. Magnetometers are stimulated with different waveforms using a solenoid connected to a computer's audio board. The identification is performed analyzing the digital output of the magnetometer through the use of statistical features and the Support Vector Machine (SVM) machine learning algorithm.
We prove that this technique can distinguish different models and brands with very high accuracy but it can only distinguish phones of the same model with limited accuracy.
The average user probably doesn't even know that there is a magnetometer or digital compass inside their phone so the chances are they are not going to be concerned about an app that asks to use it. Getting them to stand inside a probing magnetic field is going to be a little harder.
or email your comment to: firstname.lastname@example.org
|Last Updated ( Friday, 03 March 2017 )|