Air-gap malware: Difference between revisions

Content deleted Content added

Inline

Revision as of 13:20, 30 September 2014

Air-gap malware is malware that is designed to defeat air-gap isolation of secure computer systems. The technique was successfully demonstrated by scientists at the Fraunhofer Society in November 2013.^[1]

Operation

Because most modern computers, especially laptops, have built-in microphones and speakers, air-gap malware is designed to communicate secure information acoustically, at frequencies near or beyond the limit of human hearing. The technique is limited to computers in close physical proximity (about 65 feet (20 m)^[2]), and is also limited by the requirement that both the transmitting and receiving machines be infected with the proper malware to form the communication link. The physical proximity limit can be overcome by creating an acoustically linked mesh network, but is only effective if the mesh network ultimately has a traditional ethernet connection to the outside world by which the secure information can be removed from the secure facility.

References

^ Hanspach, Michael; Goetz, Michael (November 2013). "On Covert Acoustical Mesh Networks in Air". Journal of Communications. doi:10.12720/jcm.8.11.758-767.
^ Goodin, Dan (2 December 2013). "Scientist-developed malware prototype covertly jumps air gaps using inaudible sound". Ars Technica.

[paper-1] Hanspach, Michael; Goetz, Michael (November 2013). "On Covert Acoustical Mesh Networks in Air". Journal of Communications. doi:10.12720/jcm.8.11.758-767.

[AT-2] Goodin, Dan (2 December 2013). "Scientist-developed malware prototype covertly jumps air gaps using inaudible sound". Ars Technica.

[1]

[2]

@@ Line 1: / Line 1: @@
-[[File:Air-gap-malware12.jpeg|thumbnail|Air gap malware]]
 '''Air-gap malware''' is [[malware]] that is designed to defeat [[Air gap (networking)|air-gap isolation]] of secure computer systems. The technique was successfully demonstrated by scientists at the [[Fraunhofer Society]] in November 2013.<ref name=paper/>
 ==Operation==
 Because most modern computers, especially [[laptop computer|laptops]], have built-in microphones and speakers, air-gap malware is designed to communicate secure information acoustically, at frequencies near or beyond the limit of human hearing. The technique is limited to computers in close physical proximity (about {{convert|65|ft|m}}<ref name=AT/>), and is also limited by the requirement that both the transmitting and receiving machines be infected with the proper malware to form the communication link. The physical proximity limit can be overcome by creating an acoustically linked [[mesh network]], but is only effective if the mesh network ultimately has a traditional ethernet connection to the outside world by which the secure information can be removed from the secure facility.
-== Scenario ==
-<gallery>
-File:AIR-GAPmalware.jpg|scenario of air gap malware
-</gallery>
-<ref name=vtu/>
-Two computers are neither connected to IEEE 802.3 [[Ethernet]] nor IEEE 802.11[[Wireless LAN|WLAN]]. They are prohibited to communicate with each other through a network interface. Nevertheless they are able to communicate with each other by using their audio input and audio output devices like microphones and speakers.
-We assume a high-assurance setup where an operating system that consist of a small trusted computing base and individual service components . [[KERNAL]] always governs the reference monitor of an component-based operating system, which is an access control monitor that has always to be invoked in inter-process communication(IPC) decisions
-Acoustical communication between p1 and pK is possible as long as audio input and audio output are under the hardware H accessible to both p1 and pk. Now the malicious code is generated and the code is converted into a high frequency sound waves.
-<gallery>
-File:Acoustical-mesh-network.jpeg|topology to connect mesh network with smtp server
-</gallery>
-<ref name=vtu/>
-The converted malicious code is passed through ultrasonic waves from one device to other devices using Speakers and Microphones. Speaker in the system emits the converted malicious code and the microphone in the other device receives it and the virus is injected to that device.In a covert acoustical mesh network, more than twocomputing systems in a shared physical environment (i.e. within the physical communication range between two connected nodes) can be connected to the mesh network and computing systems are able to communicate indirectly by following routing paths over multiple hops
-== Process of air-gapping ==
-* Infected Drone
-* Infected Victim
-* Attacker
-==== Infected Drone ====
-  An infected computing system that offers covert services or serves as a router in the covert mesh network
-==== Infected Victim ====
-  An infected computing system that is targeted byte attacker to secretly leak information to other participants of the covert mesh network
-==== Attacker ====
-  The computing system controlling the covert mesh network, and the receiver of leaked information
 ==References==
+{{reflist|refs=
-<ref name=paper>
-{{cite journal
-  |title=On Covert Acoustical Mesh Networks in Air
-  |first1=Michael|last1=Hanspach
-  |first2=Michael|last2=Goetz
-  |date=November 2013
-  |journal=Journal of Communications
-  |doi=10.12720/jcm.8.11.758-767
-}}
-</ref>
 <ref name=AT>
 {{cite web
@@ Line 59: / Line 15: @@
 }}
 </ref>
-<ref name=vtu>
+<ref name=paper>
 {{cite journal
-  |title=On Air-gap malware
+  |title=On Covert Acoustical Mesh Networks in Air
+  |first1=Michael|last1=Hanspach
-  |url=http://www.veltechuniv.edu.in/
+  |first2=Michael|last2=Goetz
-  |first1=Chakaravathi|last1=Sibi
+  |date=November 2013
-  |first2=Harish|last2=A
+  |journal=Journal of Communications
-  |first3=Kanmani|last3=S
+  |doi=10.12720/jcm.8.11.758-767
-  |date=September 2014
 }}
 </ref>
+}}
 [[Category:Malware]]