Vol. 1 No. 1 (2015): Proceedings of Botconf 2015
Conference proceedings

Air-gap Limitations and Bypass Techniques: “Command and Control” using Smart Electromagnetic Interferences

Chaouki Kasmi
Wireless Security Lab French Network and Information Security Agency (ANSSI)
José Lopes Esteves
Wireless Security Lab French Network and Information Security Agency (ANSSI)
Philippe Valembois
Wireless Security Lab French Network and Information Security Agency (ANSSI)

Published 2016-01-29

How to Cite

Kasmi, C., Lopes Esteves, J., & Valembois, P. (2016). Air-gap Limitations and Bypass Techniques: “Command and Control” using Smart Electromagnetic Interferences. The Journal on Cybercrime and Digital Investigations, 1(1), 13-19. https://doi.org/10.18464/cybin.v1i1.4

Download Citation

Abstract

Air gaps are generally considered to be a very efficient information security protection. However, this technique also showed limitations, involving finding covert channels for bridging the air gap. Interestingly, recent publications have pointed out that a smart use of the intentional electromagnetic interferences introduced new threats for information security. In this paper, an innovative way for remotely communicating with a malware already installed on a computer by involving the induced perturbations is discussed leading to the design of a new air gap bridging covert channel.

References

  1. NIST, National Supply Chain Risk Management Practices for Federal Information Systems, 2014.
  2. CERT-UK, Cyber-security risks in the supply chain, 2015.
  3. H. Okhravi, S. Bak, S. T. King, “Design, Implementation and Evaluation of Covert Channel Attacks‬ IEEE International Conference on Technologies for Homeland Security, 2010.
  4. B. W. Lampson, “A Note on the Confinement Problem‬ Communications of the ACM, pp 613-615, 1973.
  5. USB Implementers Forum, USB Device Class Definition for Human Interface Devices (HID), 2001.
  6. Video Electronics Standards Association, VESA Enhanced Display Data Channel Standard, 2004.
  7. Video Electronics Standards Association, VESA Monitor Control Command Set Standard Version 3, 2006.
  8. A. Davis, “HDMI – Hacking Displays Made Interesting‬ BlackHat USA 2012.
  9. A. Kaufmann, B. Smus, “Tone: An experimental Chrome extension for instant sharing over audio‬ Google Research Blog, 2015, http://googleresearch.blogspot.fr/2015/05/tone-experimental-chrome-extension-for.html.
  10. S. J. O'Malley, K. K. R. Choo, “Bridging the Air Gap: Inaudible Data Exfiltration by Insiders‬ 20th Americas Conference on Information Systems, 2014.
  11. P. M. Ricordel, P. Capillon, Rump Session, Symposium sur la Sécurité des Technologies de l’Information et des Communications, 2014.
  12. D. Goodin, “Meet "badBIOS", the mysterious Mac and PC malware that jumps airgaps‬ Arstechnica, 2013, http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps.
  13. D. Genkin, A. Shamir, E. Tromer, “RSA Key Extraction via Low-Bandwith Acoustic Cryptanalysis‬ Advances in Cryptology – CRYPTO 2014.
  14. Y. Michalevsky, G. Nakibly, D. Boneh, “Gyrophone: Recognizing Speech from Gyroscope Signals‬ RSA Conference 2015, 2015.
  15. M. Guri, G. Kedma, A. Kachlon, Y. Elovici, “AirHopper: Bridging the Air-Gap between Isolated Networks and Mobile Phones using Radio Frequencies‬ 9th IEEE International Conference on Malicious and Unwanted Software, 2014.
  16. A. Cui, M. Costello, “Hacking Cisco Phones‬ CCC conference 29C3, Hamburg, Germany, 2012.
  17. M. Guri, M. Monitz, Y. Mirski, Y. Elovici: “BitWhisper: Covert Signaling Channel between Air-Gapped Computers using Thermal Manipulations‬ online: http://dblp.uni-trier.de/rec/bib/journals/corr/GuriMME15, 2015.
  18. R. Hoad, N. J. Carter, D. Herke et al., “Trends in EM susceptibility of IT equipment‬ Electromagnetic Compatibility, IEEE Transactions on, vol.46, no.3, pp.390-395, Aug. 2004.
  19. M. G. Bäckström, K. G. Lövstrand, “Susceptibility of electronic systems to high-power microwaves: Summary of test experience,” IEEE Trans. Electromagn. Compat., vol. 46, no. 3, 2004.
  20. L. Palisek, L. Suchy, “High Power Microwave effects on computer networks” Electromagnetic Compatibility (EMC EUROPE), 2011 International Symposium on, vol., no., pp.18-21, 26-30 Sept. 2011.
  21. J. S. Choi, J. Lee, J. Ryu, et al. “Evaluation of Effects of Electronic Equipments in Actual Environments‮ In Proc. of AMEREM 2014, Albuquerque, USA, July, 2014.
  22. M. Seaborn, with contributions by T. Dullien, “Exploiting the DRAM rowhammer bug to gain kernel privileges‬ online: http://googleprojectzero.blogspot.fr/2015/03/exploiting-dram-rowhammer-bug-to-gain.html, March 9, 2015.
  23. C. Kasmi, J. Lopes Esteves, “You don’t hear me but your phone voice interface does‬ Hack In Paris 2015, Paris, France, 2015.
  24. C. Kasmi, J. Lopes Esteves, M. Renard, “Automation of the Immunity testing of COTS computers by the instrumentation of the internal sensors and involving the operating system logs – Technical report “, System Design and Assessment Note SDAN 044, November 2014.
  25. GNU Radio is a free & open-source software development toolkit, online: http://gnuradio.org/redmine/projects/gnuradio/wiki, 2015.
  26. V. Houchouas, C. Kasmi, J. Lopes Esteves, D. Coiffard, “Experimental comparison of mode-stirrer geometries for EMC‬ In Proc. of ASIAEM 2015, Jeju, South Korea, 2015.
  27. N. Mora, F. Vega, G. Lugrin, F. Rachidi, “Study and classification of Potential IEMI sources‬ System Design and Assessment Note SDAN 041, July 2014.
  28. R. H. Barker, "Group Synchronizing of Binary Digital Sequences". pp. 273–287, Communication Theory. London: Butterworth, 1953.
  29. Bluetooth SIG, Bluetooth Specification Version 4.0, 2010.
  30. Agence Nationale de la Sécurité des Systèmes d’Information, Instruction Interministérielle N°300 relative àla Protection contre les Signaux Compromettants, online : www.ssi.gouv.fr, 2014.
  31. C. Kasmi, J. Lopes Esteves, “Automated Analysis of the Effects induced by Radio-Frequency Pulses on Embedded Systems for EMC Functional Safety‬ URSI AT-RASC Conference, Spain, May 2015.