airhopper bridging the air gap
play

AIRHOPPER : BRIDGING THE AIR-GAP 1 Motivation Awareness: Data - PowerPoint PPT Presentation

create your own exercise Alexander Gssow and Franois Blondel AIRHOPPER : BRIDGING THE AIR-GAP 1 Motivation Awareness: Data leaks from isolated systems Using non-conventional methods NSA uses it, other organizations might


  1. create your own exercise Alexander Güssow and François Blondel AIRHOPPER : BRIDGING THE AIR-GAP 1

  2. Motivation • Awareness: Data leaks from isolated systems – Using non-conventional methods – NSA uses it, other organizations might – Risks and possibilities: Learn how to detect and possibly protect 2

  3. Lecture Overview • Use radio frequencies and simple hardware – EM radio : FM/AM, Light, etc. – Sound waves – Passive listening • Using common software and hardware tools (gnuradio, microphone/speakers) 3

  4. Basics: Electro Magnetic (EM) • There is free space path loss („attenuation“) • Will go through walls, follow conductors for reasonably „low“ frequencies (up to 300 GHz) • Higher frequencies: light • Described by Maxwell’s equations • No medium needed (vacuum is fine) 4

  5. The electromagnetic spectrum 5

  6. EM: attenuation 6

  7. Basics: Sound • Medium required (Air, Water, …) • Pressure Wave, Velocity depends on the Medium (Air: about 343 m/s) • Different scales: dB(SPL), dB(A) • Will decrease with distance 7

  8. Going Ultrasonic • Standard equipment will allow Ultrasonic transmission and reception (to some degree) at least at moderate Frequencies (<22kHz) • Reasonably old people will not hear it • At 25kHz, no one should be able to hear it (but your dog of course, he‘ll run away barking) 8

  9. First experiment: Data leak over ultrasound • Use of computer speakers and microphones of the lab to build a one-way data connection • Use of minimodem • No reliability: no retransmit, errors may occur • Enough for realtime keylogging 9

  10. GnuRadio Source: anfractuosity.com 10

  11. Second experiment : Broadcast music using a VGA cable • “Tricking” the video adapter into doing AM to broadcast music via VGA • Reception using GnuRadio and an SDR stick • Special hardware required 11

  12. Practical Part PC 1 VGA Screen PC 2 SDR Stick Speakers Microphone PC 4 PC 3 12

  13. What will YOU learn? Source: Y. K. Roland Tai, Video eavesdropping - RF, UCambridge The Following Learning Goals are Covered in the Lecture PreLab Lab Some physics: different physical channels and their ranges X X Learn the actual state of the art: what is already possible X X Leaking data in a nonconventional way: audio transmission X X Leaking data in a nonconventional way: EM (mis)using VGA X X Protection: How to detect and prevent this ? X X X 13

  14. create your own exercise Janosch Maier & Christoph Schmidt EVIL TWINS WIFI SSID SPOOFING & MORE 1

  15. Motivation Attacking a WLAN is really easy! • What could happen, e.g. at Starbucks? 2

  16. Lecture Summary • WLAN Basics – Spoofing SSIDs – Creating an Evil Twin • Think of Countermeasures 3

  17. Different APs, same SSID? • Some WLAN basics (whiteboard) – BSS, BSSID, (E)SSID, ESS • We will use special wifi drivers – Boot a special kernel (see lab instructions) – Unlocks channels and signal strength • Please adhere to German laws 4

  18. Countermeasures? Ideas? 5

  19. Evil Twin at work Unsuspicious Attacker (PC 3) User (PC 6) Evil Twin Image Normal Image Wifi AP (PC 1) Evil Twin (PC 4) Evil Twin Image Evil Twin Image 6 6

  20. Summary/ Learning Goals The Following Learning Goals are Covered in the Lecture PreLab Lab Get to know SSID spoofing X X Understand how evil twins work X X Spoof specific SSIDs X X Create an evil twin X X Reroute web traffic (iptables) X X Develop counter measures X 7

Recommend


More recommend