Abstract
In this work, we study the ability for malware to leak sensitive information from an air-gapped high-security system to systems on a low-security network, using ultrasonic and audible audio covert channels in two different environments: an open-concept office and a closed-door office. Our results show that malware installed on unmodified commodity hardware can leak data from an air-gapped system using the ultrasonic frequency range from 20 kHz to 20.5 kHz at a rate of 140 bps and at a rate of 6.7 kbps using the audible spectrum from 500 Hz to 18 kHz. Additionally, we show that data can be communicated using ultrasonic communication at distances up to 11 m with bit rates over 230 bps and a bit error rate of 2 %. Given our results, our attacks are able to leak captured keystrokes in real-time using ultrasonic signals and, using audible signals when nobody is present in the environment - the overnight attack, both keystrokes and recorded audio.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
File sizes and types (2014). http://help.netdocuments.com/file-sizes/
Baken, R.J., Orlikoff, R.F.: Clinical Measurement of Speech and Voice. Cengage Learning, Clifton Park (2000)
Domingues, N., Lacerda, J., Aguiar, P.M., Lopes, C.V.: Aerial communications using piano, clarinet, and bells. In: 2002 IEEE Workshop on Multimedia Signal Processing, pp. 460–463. IEEE (2002)
Ellison, R.J., Goodenough, J.B., Weinstock, C.B., Woody, C.: Evaluating and mitigating software supply chain security risks. Technical report, DTIC Document (2010)
Gerasimov, V., Bender, W.: Things that talk: using sound for device-to-device and device-to-human communication. IBM Syst. J. 39(3.4), 530–546 (2000)
Goldman, A., Apuzzo, M.: How bin Laden emailed without being detected (2011). http://www.nbcnews.com/id/43011358/
Hanspach, M., Goetz, M.: On covert acoustical mesh networks in air. J. Commun. 8(11), 758–767 (2013)
Hanspach, M., Goetz, M.: Recent developments in covert acoustical communications. In: Sicherheit, pp. 243–254 (2014)
Kinsler, L.E., Frey, A.R., Coppens, A.B., Sanders, J.V.: Fundamentals of Acoustics, 4th edn., p. 560. Wiley-VCH, December 1999. ISBN: 0-471-84789-5
Landström, U.: Noise and fatigue in working environments. Environ. Int. 16(4), 471–476 (1990)
Lee, K.S., Cox, R.V.: A very low bit rate speech coder based on a recognition/synthesis paradigm. IEEE Trans. Speech Audio Process. 9(5), 482–491 (2001)
Lindqvist, U., Jonsson, E.: A map of security risks associated with using COTS. Computer 31(6), 60–66 (1998)
Lopes, C.V., Aguiar, P.M.: Aerial acoustic communications. In: 2001 IEEE Workshop on the Applications of Signal Processing to Audio and Acoustics, pp. 219–222. IEEE (2001)
Lopes, C.V., Aguiar, P.M.: Acoustic modems for ubiquitous computing. IEEE Pervasive Comput. 2(3), 62–71 (2003)
Lopes, C.V., Aguiar, P.M.: Alternatives to speech in low bit rate communication systems. arXiv preprint. arXiv:1010.3951 (2010)
Madhavapeddy, A., Scott, D., Sharp, R.: Context-aware computing with sound. In: Dey, A.K., Schmidt, A., McCarthy, J.F. (eds.) UbiComp 2003. LNCS, vol. 2864, pp. 315–332. Springer, Heidelberg (2003)
Madhavapeddy, A., Sharp, R., Scott, D., Tse, A.: Audio networking: the forgotten wireless technology. IEEE Pervasive Comput. 4(3), 55–60 (2005)
Nandakumar, R., Chintalapudi, K.K., Padmanabhan, V., Venkatesan, R.: Dhwani: secure peer-to-peer acoustic NFC. In: Proceedings of the ACM SIGCOMM 2013 Conference on SIGCOMM, pp. 63–74. ACM (2013)
O’Malley, S.J., Choo, K.K.R.: Bridging the air gap: inaudible data exfiltration by insiders. In: 20th Americas Conference on Information Systems (AMCIS 2014), pp. 7–10 (2014)
Proakis, J.G.: Digital Communications. McGraw-Hill, New York (2008)
Reed, I.S., Solomon, G.: Polynomial codes over certain finite fields. J. Soc. Ind. Appl. Math. 8(2), 300–304 (1960)
Sanger, D.E.: Obama order sped up wave of cyberattacks against Iran. The New York Times 1, 2012 (2012)
Schneier, B.: Air Gaps (2013). http://aiweb.techfak.uni-bielefeld.de/content/bworld-robot-control-software://www.schneier.com/blog/archives/2013/10/air_gaps.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+feedburner%2FbDnSB+(Schneier+on+Security)
Stallings, W.: Network Security Essentials: Applications and Standards. Pearson Education, India (2007)
Szor, P.: The Art of Computer Virus Research and Defense. Pearson Education, Indianapolis (2005)
Tempest, W.: The Noise Handbook. Academic Press, New York (1985)
Zetter, K.: FAA: Boeings new 787 may be vulnerable to hacker attack (2008). http://www.wired.com/politics/security/news/2008/01/dreamlinersecurity
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Carrara, B., Adams, C. (2015). On Acoustic Covert Channels Between Air-Gapped Systems. In: Cuppens, F., Garcia-Alfaro, J., Zincir Heywood, N., Fong, P. (eds) Foundations and Practice of Security. FPS 2014. Lecture Notes in Computer Science(), vol 8930. Springer, Cham. https://doi.org/10.1007/978-3-319-17040-4_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-17040-4_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-17039-8
Online ISBN: 978-3-319-17040-4
eBook Packages: Computer ScienceComputer Science (R0)