Cerebrum: Mobile Passwords Lifted Acoustically with NASB

 

There are innumerable password hacking methods but recent advances in acoustic and accelerometer sensing have opened up the door to side-channel attacks, where passwords or other sensitive data can be extracted from the acoustic properties of the electronics and human interface to the device. A recent and dramatic example includes the hacking of RSA encryption  simply by listening to the frequencies of sound a processor puts out when crunching the numbers.

Now there is a new long-distance hack on the scene. The Cerebrum system represents a recent innovation in side-channel password attacks leveraging acoustic signatures of mobile and other electronic devices to extract password data at stand-off distances.

Research scientists at cFREG provide a compelling demonstration of the Cerebrum prototype. It uses Password Frequency Sensing (PFS), where the acoustic signature of a password being entered into an electronic device is acquired, sent up to the cloud, passed through a proprietary deep learning algorithm, and decoded. Demonstrations and technical details are shown in the video below.

Many of these methods have been shown previously, as explained by MIT researcher T. M. Gil in his iconic paper,

“In recent years, much research has been devoted to the exploration of von Neumann machines; however, few have deployed the study of simulated annealing. In fact, few security experts would disagree with the investigation of online algorithms [25]. STEEVE, our new system for game-theoretic modalities, is the solution to all of these challenges.”

To counter this argument, the researchers at cFREG have taken it to a much higher and far more accurate level.

Measurements

The Cerebrum team began their work by prototyping systems to increase the range of their device. The first step was to characterize the acoustic analog front end and transducers with particular attention paid to the unorthodox acoustic focusing element:

The improvements are based on the ratio of Net Air-Sugar Boundaries (NASB) using off-the-shelf marshmallows. Temperature probing is integral for calibrating this performance, and with this success they moved on to field testing the long-range system.

Extending the Range

The prototype was tested by interfacing a magnetic loop antenna directly onto the Cerebrum through a coax-to-marshmallow transition. By walking the street with a low-profile loop antenna, numerous passwords were successfully detected and decoded.

War Driving with PFS

To maximize range, additional antenna aperture were added and mounted onto a mobile platform including a log periodic, an X-band parabolic dish, and a magnetic loop antenna to capture any and all low frequency data. In this configuration it was possible to collect vast quantities of passwords out to upwards of ½ of a mile from the vehicle resulting in a treasure trove of passwords.

 

Without much effort the maximum range and overall performance of the Cerebrum PFS was dramatically increased opening up a vast array of additional applications. This is an existing and troubling vulnerability. But the researchers have a recommended fix which implements meaningless calculations into mobile devices when processing user input. The erroneous sound created will be enough to fool the machine learning algorithms… for now.

37 thoughts on “Cerebrum: Mobile Passwords Lifted Acoustically with NASB

    1. Uhmm
      https://en.wikipedia.org/wiki/Matthew_Weigman
      Matthew Weigman is a blind American man who has used his heightened hearing ability to help him deceive telephone operators and fake various in-band phone signals. Before his arrest at the age of 18, Weigman had used this ability to become a well known phone phreaker, memorizing phone numbers by tone and performing uncanny imitations of various phone line operators to perform pranks such as swatting on his rivals.

      1. I’ve never seen an engineering department in any place of education or business use Mac’s. Apple hardware I would strongly associate more with creative endeavours. A Mac is a Personal Computer ?

          1. Actually, I don’t. I use Android, and a Mac Laptop – because the hardware is simply better and lasts longer. But you dodged the question about what year you went to college!?

  1. Oh my god I knew you were listening to my marshmallows. That’s not right. I’m gonna put aluminium foil on them now. Sometimes at night I see them glowing. I thought it was the LSD.

    1. Good idea but the chocolate imposes an as of yet unexplained modulation of the signal to noise ratio and interferes with signal quality, with lower cocoa content having less of an effect. Plus, the graham crackers tend to be fairly brittle. Vegan marshmallows seem to give comparable results, with the exception that they are more expensive so they are not as commonly used.

  2. I recently (in the last 6 months) had a drag out argument with someone about hacking voting machines. I tried to explain to them that you didn’t need to touch the machine to hack it, nor did you need to break a wireless signal for example. That examining the RF environment or just simple peripherals can yield a boatload of data if you knew what you were looking at, and the signal injection can be done in many different ways, or completely bypassed if you can replace yourself inline as the machine, obviously in this one – having the password. For example – if you have the schematics or stole a voting machine that was used in 1/10 of the country – that presumably you would have the ability to look at many different types of attacks on the device. I used the example of the old terminals that they used in banks in the 70’s where you could construct a receiver that could reconstruct the scan lines from it from the parking lot (this was prior to them understanding RF shielding like we do now) – which was completely lost on him. This person claimed to be up on all the latest encryption methods and security protocols – and that it could NEVER happen. I explained that just being able the re-boot a system (depending on the hardware) at the wrong spot in code execution could yield results that were not caught in integration testing – knowing the hardware is the key. Never could get this person to understand, he believes that my 30+ years in systems work/communications protocols AND my electronic background wasn’t a good enough pedigree to make such a statement. I wish I had had his handle still – I would love to jam this up his mailbox. Just goes to prove a theorem from way back – they more complicated you make it – the easier it becomes to break.

  3. Two out of the box thinking articles on the front page of hackaday that not immediately gives themselves away as hoaxes. Well done editors. But be warned, Hackaday readers are a clever bunch and might take you up on this.

  4. I don’t know why everyone in here thinks this is an April Fools’ video. This is real. The marshmallows have been proven to increase transducer resonance in plenty of engineering work published in highly regarded peer reviewed journals alongside rubber and macaroons. Much food chemistry research is being conducted in Europe currently in order to synthetically create long lasting material with similar NASB properties to the traditional marshmallow but efforts have failed.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s