• Corpus ID: 6557788

Bridging the Air Gap: Inaudible Data Exfiltration by Insiders

@inproceedings{OMalley2014BridgingTA,
  title={Bridging the Air Gap: Inaudible Data Exfiltration by Insiders},
  author={Samuel J. O'Malley and Kim-Kwang Raymond Choo},
  booktitle={AMCIS},
  year={2014}
}
As critical systems are increasingly dependent on software and are connected to the Internet, insider threats will be of ongoing concern. For example, corrupt insiders could deliberately introduce malicious software into the organisation’s system to surreptitiously gain control, and launch online attacks via and against compromised systems. In this paper, we present a method that an insider can use to facilitate data exfiltration from an air-gapped system without using any modified hardware… 
xLED: Covert Data Exfiltration from Air-Gapped Networks via Switch and Router LEDs
TLDR
It is shown how attackers can covertly leak sensitive data from air-gapped networks via the row of status LEDs on networking equipment such as LAN switches and routers through different modulation and encoding schemas, along with a transmission protocol.
xLED: Covert Data Exfiltration from Air-Gapped Networks via Router LEDs
TLDR
The experiment shows that sensitive data can be covertly leaked via the status LEDs of switches and routers at a bit rates of 10 bit/sec to more than 1Kbit/sec per LED.
DiskFiltration: Data Exfiltration from Speakerless Air-Gapped Computers via Covert Hard Drive Noise
TLDR
This paper presents 'DiskFiltration,' a covert channel which facilitates the leakage of data from an air-gapped compute via acoustic signals emitted from its hard disk drive (HDD).
Optical Covert Channel from Air-Gapped Networks via Remote Orchestration of Router/Switch LEDs
  • Mordechai Guri
  • Computer Science
    2018 European Intelligence and Security Informatics Conference (EISIC)
  • 2018
TLDR
This paper shows how attackers can covertly leak sensitive data from air-gapped networks via the row of status LEDs on non-compromised networking equipment such as LAN switches and routers, and introduces new types of attack called host-level attack, in which a malicious code run in a host connected to the network can indirectly control the LEDs.
On Acoustic Covert Channels Between Air-Gapped Systems
In this work, we study the ability for malware to leak sensitive information from an air-gapped high-security system to systems on a low-security network, using ultrasonic and audible audio covert
Air-Gap Covert Channels
TLDR
It is empirically demonstrated that using physically unmodified, commodity systems, covert-acoustic channels can be used to communicate at data rates of hundreds of bits per second, without being detected by humans in the environment, and data rates when nobody is around to hear the communication.
Xerox Day Vulnerability
TLDR
This paper shows that even a strong isolation technique, such as air-gapping the network, can be circumvented by using an organizational multifunction printer (MFP) to establish an infiltration covert channel in order to communicate with a malware installed on an isolated organization from the outside.
Exfiltration of Data from Air-gapped Networks via Unmodulated LED Status Indicators
TLDR
A novel approach is proposed to modulate this kind of LEDs using binary frequency shift keying (B-FSK) to replace on-off keying(OOK) in modulation and shows a great improvement in the imperceptibility of covert communication.
IREXF: Data Exfiltration from Air-gapped Networks by Infrared Remote Control Signals
TLDR
IREXF, a novel infrared optical covert channel from a well-protected air-gapped network via a malicious infrared module implanted previously into a keyboard is built, and a list of countermeasures to detect and eliminate this kind of covert channels is given.
Data Exfiltration From Internet of Things Devices: iOS Devices as Case Studies
TLDR
The potential for pairing mode in iOS devices (which allows the establishment of a trusted relationship between an iOS device and a personal computer) to be exploited for covert data exfiltration is highlighted.
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 22 REFERENCES
SIDD: A Framework for Detecting Sensitive Data Exfiltration by an Insider Attack
TLDR
This work proposes a multilevel framework called SIDD (Sensitive Information Dissemination Detection) system which is a high-speed transparent network bridge located at the edge of the protected network which aims to address methods to detect, deter and prevent deliberate and unintended distribution of sensitive content outside the organization using the organization's system and network resources by a trusted insider.
SIDD: A Framework for Detecting Sensitive Data Exfiltration by an Insider Attack
TLDR
A multilevel framework called SIDD (Sensitive Information Dissemination Detection) system which is a high-speed transparent network bridge located at the edge of the protected network and aims to address methods to detect, deter and prevent deliberate and unintended distribution of sensitive content outside the organization using the organization’s system and network resources by a trusted insider.
Data exfiltration and covert channels
TLDR
A taxonomy of data exfiltration is developed, which cannot ever be exhaustive, but at the very least can offer a framework for organizing methods and developing defenses.
Deconstructing Flame: the limitations of traditional defences
TLDR
Traditional anti-virus software is sadly ineffective against such sophisticated attacks and organisations need to move to a whitelisting model if they want to stand any chance of beating off the attacks of the future, argues Kate Munro of Bit9.
RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis
TLDR
A new acoustic cryptanalysis attack is described which can extract full 4096-bit RSA keys from the popular GnuPG software, within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts.
Future directions in technology-enabled crime: 2007-09
The aim of this report was to identify the crime risks which will arise between 2007-09 out of the environment in which Australians use information and communications technologies. The aim of this
Organised crime groups in cyberspace: a typology
Three categories of organised groups that exploit advances in information and communications technologies (ICT) to infringe legal and regulatory controls: (1) traditional organised criminal groups
Criminal Exploitation of Online Systems by Organised Crime Groups
This article considers how information and communications technologies (ICT) can be used by organised crime groups to infringe legal and regulatory controls. Three categories of groups are
Behavioral Hearing Thresholds Between 0.125 and 20 kHz Using Depth-Compensated Ear Simulator Calibration
TLDR
Hearing thresholds at the extended high frequencies are sensitive to aging and reveal subtle differences, which are not evident in the frequency range evaluated regularly (⩽8 kHz), according to a depth-compensated ear simulator-based calibration method and the modified Békésy technique.
Turbo Codes
The paper starts with a short overview of channel coding and the reader is reminded the concept of convolutional encoding. Bottlenecks of the traditional approach are described and the motivation
...
1
2
3
...