Air-gap Limitations and Bypass Techniques: “Command and Control” using Smart Electromagnetic Interferences
Published 2016-01-29
Copyright (c) 2015 Chaouki Kasmi, José Lopes Esteves, Philippe Valembois (Author)
This work is licensed under a Creative Commons Attribution 4.0 International License.
How to Cite
Download Citation
Abstract
Air gaps are generally considered to be a very efficient information security protection. However, this technique also showed limitations, involving finding covert channels for bridging the air gap. Interestingly, recent publications have pointed out that a smart use of the intentional electromagnetic interferences introduced new threats for information security. In this paper, an innovative way for remotely communicating with a malware already installed on a computer by involving the induced perturbations is discussed leading to the design of a new air gap bridging covert channel.
References
- NIST, National Supply Chain Risk Management Practices for Federal Information Systems, 2014.
- CERT-UK, Cyber-security risks in the supply chain, 2015.
- H. Okhravi, S. Bak, S. T. King, “Design, Implementation and Evaluation of Covert Channel Attacks IEEE International Conference on Technologies for Homeland Security, 2010.
- B. W. Lampson, “A Note on the Confinement Problem Communications of the ACM, pp 613-615, 1973.
- USB Implementers Forum, USB Device Class Definition for Human Interface Devices (HID), 2001.
- Video Electronics Standards Association, VESA Enhanced Display Data Channel Standard, 2004.
- Video Electronics Standards Association, VESA Monitor Control Command Set Standard Version 3, 2006.
- A. Davis, “HDMI – Hacking Displays Made Interesting BlackHat USA 2012.
- A. Kaufmann, B. Smus, “Tone: An experimental Chrome extension for instant sharing over audio Google Research Blog, 2015, http://googleresearch.blogspot.fr/2015/05/tone-experimental-chrome-extension-for.html.
- S. J. O'Malley, K. K. R. Choo, “Bridging the Air Gap: Inaudible Data Exfiltration by Insiders 20th Americas Conference on Information Systems, 2014.
- P. M. Ricordel, P. Capillon, Rump Session, Symposium sur la Sécurité des Technologies de l’Information et des Communications, 2014.
- D. Goodin, “Meet "badBIOS", the mysterious Mac and PC malware that jumps airgaps Arstechnica, 2013, http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps.
- D. Genkin, A. Shamir, E. Tromer, “RSA Key Extraction via Low-Bandwith Acoustic Cryptanalysis Advances in Cryptology – CRYPTO 2014.
- Y. Michalevsky, G. Nakibly, D. Boneh, “Gyrophone: Recognizing Speech from Gyroscope Signals RSA Conference 2015, 2015.
- M. Guri, G. Kedma, A. Kachlon, Y. Elovici, “AirHopper: Bridging the Air-Gap between Isolated Networks and Mobile Phones using Radio Frequencies 9th IEEE International Conference on Malicious and Unwanted Software, 2014.
- A. Cui, M. Costello, “Hacking Cisco Phones CCC conference 29C3, Hamburg, Germany, 2012.
- M. Guri, M. Monitz, Y. Mirski, Y. Elovici: “BitWhisper: Covert Signaling Channel between Air-Gapped Computers using Thermal Manipulations online: http://dblp.uni-trier.de/rec/bib/journals/corr/GuriMME15, 2015.
- R. Hoad, N. J. Carter, D. Herke et al., “Trends in EM susceptibility of IT equipment Electromagnetic Compatibility, IEEE Transactions on, vol.46, no.3, pp.390-395, Aug. 2004.
- M. G. Bäckström, K. G. Lövstrand, “Susceptibility of electronic systems to high-power microwaves: Summary of test experience,” IEEE Trans. Electromagn. Compat., vol. 46, no. 3, 2004.
- L. Palisek, L. Suchy, “High Power Microwave effects on computer networks” Electromagnetic Compatibility (EMC EUROPE), 2011 International Symposium on, vol., no., pp.18-21, 26-30 Sept. 2011.
- J. S. Choi, J. Lee, J. Ryu, et al. “Evaluation of Effects of Electronic Equipments in Actual Environments In Proc. of AMEREM 2014, Albuquerque, USA, July, 2014.
- M. Seaborn, with contributions by T. Dullien, “Exploiting the DRAM rowhammer bug to gain kernel privileges online: http://googleprojectzero.blogspot.fr/2015/03/exploiting-dram-rowhammer-bug-to-gain.html, March 9, 2015.
- C. Kasmi, J. Lopes Esteves, “You don’t hear me but your phone voice interface does Hack In Paris 2015, Paris, France, 2015.
- C. Kasmi, J. Lopes Esteves, M. Renard, “Automation of the Immunity testing of COTS computers by the instrumentation of the internal sensors and involving the operating system logs – Technical report “, System Design and Assessment Note SDAN 044, November 2014.
- GNU Radio is a free & open-source software development toolkit, online: http://gnuradio.org/redmine/projects/gnuradio/wiki, 2015.
- V. Houchouas, C. Kasmi, J. Lopes Esteves, D. Coiffard, “Experimental comparison of mode-stirrer geometries for EMC In Proc. of ASIAEM 2015, Jeju, South Korea, 2015.
- N. Mora, F. Vega, G. Lugrin, F. Rachidi, “Study and classification of Potential IEMI sources System Design and Assessment Note SDAN 041, July 2014.
- R. H. Barker, "Group Synchronizing of Binary Digital Sequences". pp. 273–287, Communication Theory. London: Butterworth, 1953.
- Bluetooth SIG, Bluetooth Specification Version 4.0, 2010.
- Agence Nationale de la Sécurité des Systèmes d’Information, Instruction Interministérielle N°300 relative àla Protection contre les Signaux Compromettants, online : www.ssi.gouv.fr, 2014.
- C. Kasmi, J. Lopes Esteves, “Automated Analysis of the Effects induced by Radio-Frequency Pulses on Embedded Systems for EMC Functional Safety URSI AT-RASC Conference, Spain, May 2015.