Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • September 30, 2016, 11:56:46 AM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: SECURITY: Article on specifics of covert acoustic mesh networks published by JoC  (Read 2429 times)

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,763
    • View Profile
    • Donate to Member
No longer any need to speculate or wonder!  ;D Here's the paper by researchers Michael Hanspach and Michael Goetz on engineering a transmission vector that can bridge the air gap. It's been published by The Journal of Communications:

Quote
On Covert Acoustical Mesh Networks in Air

Michael Hanspach and Michael Goetz
Fraunhofer FKIE, Wachtberg, Germany


Abstract—Covert channels can be used to circumvent system and network policies by establishing communications that have not been considered in the design of the computing system. We construct a covert channel between different computing systems that utilizes audio modulation/demodulation to exchange data between the computing systems over the air medium. The underlying network stack is based on a communication system that was originally designed for robust underwater communication. We adapt the communication system to implement covert and stealthy communications by utilizing the near ultrasonic frequency range. We further demonstrate how the scenario of covert acoustical communication over the air medium can be extended to multi-hop communications and even to wireless mesh networks. A covert acoustical mesh network can be conceived as a botnet or malnet that is accessible via nearfield audio communications. Different applications of covert acoustical mesh networks are presented, including the use for remote keylogging over multiple hops. It is shown that the concept of a covert acoustical mesh network renders many conventional security concepts useless, as acoustical communications are usually not considered. Finally, countermeasures against covert acoustical mesh networks are discussed, including the use of lowpass filtering in computing systems and a host-based intrusion detection system for analyzing audio input and output in order to detect any irregularities.

Index Terms—malware, network covert channels, wireless mesh networks, ultrasonic communication

Cite: Michael Hanspach and Michael Goetz, "On Covert Acoustical Mesh Networks in Air," Journal of Communications, vol. 8, no. 11, pp. 758-767, 2013. doi: 10.12720/jcm.8.11.758-767

Links:

Journal of Communications abstract page here.

Article (PDF) direct link here.

Interestingly (but not surprisingly) Linux already has some very powerful resources to deal with this new type of threat. From the paper:

Quote
If audio input and output devices cannot be switched off, implementation of audio filtering options may be an alternative approach to counter maliciously triggered participation in covert networks. In Linux-based operating systems, a software-defined audio filter can be implemented with ALSA (Advanced Linux Sound Architecture) in conjunction with the LADSPA (Linux Audio Developer’s Simple Plugin API) ...

Add in the relative ease of developing solutions, plus the large community of contributors, and it looks like Linux may be in better shape than most to resist this cyber-siren's call. Especially since so many in the Linux community see things like this not only as an affront, but also as a challenge.

Tux and his team sez: Bring it on!

tux.jpg

 8)
« Last Edit: December 05, 2013, 07:47:30 AM by 40hz »

ewemoa

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 2,841
    • View Profile
    • Donate to Member
Quote
...adapt the communication system to implement covert and stealthy communications by utilizing the near ultrasonic frequency range.

Ah, so may be dogs can hear what's going on...yet another way they can help us!

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,763
    • View Profile
    • Donate to Member
Quote
...adapt the communication system to implement covert and stealthy communications by utilizing the near ultrasonic frequency range.

Ah, so may be dogs can hear what's going on...yet another way they can help us!

Funny you should say that. It's already been proposed that "covert acoustic network sniffing dogs" be added to the cadre of pooches that sniff for drugs, explosives, electronics, and trapped human bodies.

Figure if the DHS (along with that dolorous brotherhood of other tri-letter US security agencies) think they can use this as an excuse to pry yet another half-billion out of Congress for a "pilot program," it's a done deal already.

The dogs will (of course) be told to ignore any data originating form American citizens unless specifically directed to do so. Failure to comply will result in a very stern look and no cookie...IF they're caught.

dog2.jpg
    I found it Boss! Here's their main torrent feeder!!!
 ;D
« Last Edit: December 05, 2013, 08:06:29 AM by 40hz »

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,265
    • View Profile
    • www.StoicJoker.com
    • Donate to Member
Hm... Okay, here's a practical application for it in advertising. We all remember the be the 10th caller when the song of the day plays...right? Well... Replace the 10th caller part with a message that is played during the song that a phone app can pickup and read. Then the app handles the auto dialing to tell you if you won.

advertising is all about eyeballs...so if they have to have the stations app to play/win eyes and ears are both had.

Now how do I get somebody to send me a million dollars for the idea? :-\

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,763
    • View Profile
    • Donate to Member
Now how do I get somebody to send me a million dollars for the idea?

Easy.

  • First, stop referring to your idea as an 'idea.' (You can't patent 'ideas.')
  • Next, write your idea down on a sheet of paper.
  • Next, prefix the words "A method to (or for)..." and write that phrase in front of the idea you just wrote down.
  • Then take the completed sheet of paper to an IP attorney. (Bring a blank check along. You'll need one.)


Your IP attorney will then file for one of those bullshit vaguely (but broadly) worded "business method" patents the USPTO sooooo loves to grant

  • Once you receive confirmation (and a patent number) from Uncle Sam, assign your nice shiny new patent to a troll - the bigger the better
  • Let troll threaten to sue the living tar out of anybody who does anything remotely resembling online advertising
  • Sit back and wait for checks from troll to arrive in mailbox

Troll-face-problem.gif   ;) ;) :Thmbsup:
« Last Edit: December 05, 2013, 03:03:27 PM by 40hz »

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,265
    • View Profile
    • www.StoicJoker.com
    • Donate to Member
So... Did you really just Cut-N-Paste ^that out of the 'So you want to join the dark side' training manual? :D

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,763
    • View Profile
    • Donate to Member
So... Did you really just Cut-N-Paste ^that out of the 'So you want to join the dark side' training manual? :D

Nope. It's page 127 from The Necronomicon of 40hz - A Complete Rainy-Day Guide to Imanentizing the Eschaton in Your Spare Time Using Other People's Money. ;)

 ;D
« Last Edit: December 06, 2013, 06:53:03 AM by 40hz »