Do you trust your hard drive indication light?

Researchers in the past have exfiltrated information through air gaps by blinking all sorts of lights from LEDs in keyboards to the main display itself. However, all of these methods all have one problem in common: they are extremely noticeable. If you worked in a high-security lab and your computer screen started to blink at a rapid pace, you might be a little concerned. But fret not, a group of researchers has found a new light to blink (PDF warning). Conveniently, this light blinks “randomly” even without the help of a virus: it’s the hard drive activity indication light.

All jokes aside, this is a massive improvement over previous methods in more ways than one. Since the hard drive light can be activated without kernel access, this exploit can be enacted without root access. Moreover, the group’s experiments show that “sensitive data can be successfully leaked from air-gapped computers via the HDD LED at a maximum bit rate of 4000 bit/s (bits per second), depending on the type of receiver and its distance from the transmitter.” Notably, this speed is “10 times faster than the existing optical covert channels for air-gapped computers.”

We weren’t born last night, and this is not the first time we’ve seen information transmission over air gaps. From cooling fans to practical uses, we’ve seen air gaps overcome. However, there are also plenty of “air gaps” that contain more copper than air, and require correspondingly less effort.

Continue reading “Do you trust your hard drive indication light?”

Bridging the Air Gap; Data Transfer via Fan Noise

When you want to protect a computer connected to the Internet against attackers, you usually put it behind a firewall. The firewall controls access to the protected computer. However, you can defeat any lock and there are ways a dedicated attacker can compromise a firewall. Really critical data is often placed on a computer that is “air gapped.” That is, the computer isn’t connected at all to an insecure network.

An air gap turns a network security problem into a physical security problem. Even if you can infect the target system and collect data, you don’t have an easy way to get the data out of the secure facility unless you are physically present and doing something obvious (like reading from the screen into a phone). Right? Maybe not.

Researchers in Isreal have been devising various ways to transmit data from air walled computers. Their latest approach? Transmit data via changing the speed of cooling fans in the target computer. Software running on a cellphone (or other computer, obviously) can decode the data and exfiltrate it. You can see a video on the process below.

Continue reading “Bridging the Air Gap; Data Transfer via Fan Noise”

Bypassing Broken SIP ALG Implementations

The SIP protocol is commonly used for IP telephone communications. Unfortunately it’s notorious for having issues with NAT traversal. Even some major vendors can’t seem to get it right. [Stephen] had this problem with his Cisco WRVS4400N router. After a bit of troubleshooting, he was able to come up with a workaround that others may find useful.

The router had built in SIP ALG functionality, but it just didn’t work. [Stephen] was trying to route SIP traffic from a phone to an Asterisk PBX system behind the router. The router just couldn’t properly handle these packets regardless of whether SIP ALG was enabled or disabled.

[Stephen] first tried to change the SIP port on the external VOIP phone from the default of 5060 to something else. Then he setup port forwarding on the router to the Asterisk box to forward the traffic to the Asterisk system on the original port. This sort of worked. The calls would go through but they would eventually drop after about 20 seconds.

The only thing that [Stephen] could get to work completely was to change the SIP port in Asterisk’s sip.conf file using the “bindport” directive. He changed it to some random unused high port number. Then he setup port forwarding on the router to forward incoming UDP packets on that port to the Asterisk system. This worked fine, but now all of the original phones behind the router stopped working because they were configured to use the default port of 5060.

Rather than re-configure all of the phones in the organization, [Stephen] made one change on the Asterisk system. He setup an iptables rule to forward all incoming traffic on UDP port 5060 to the new SIP port. Now all of the phones are working with minimal changes across the organization. It’s a lot of hassle to go through just because the router couldn’t handle SIP correctly, but it gets the job done.

Finally, a firewall for all the porn on the Internet


The current UK government is proposing an Internet porn firewall. Unlike other countries with Internet firewalls, such as North Korea, China, Iran, Saudi Arabia, and Syria, the citizens of the UK are so especially helpful some of them decided to help code the new porn filter. The idea behind the Great Firewall of Porn is simple: if a user wants to visit a NSFW website, let them. If, the user wants to visit the other 19% of the Internet, block it, and forward them to a page with hand drawn cockswains a baubles as the background.

The way the firewall works is actually pretty clever – it checks each request against the OpenDNS FamilyShield filter. If the request is denied, load the page, and if the OpenDNS request is allowed, block the page.

The genius behind this filter, [sicksad], provided all the tools required to get your own porn filter up and running over on his git. There’s also a great setup tutorial video available below, with a little social commentary thrown in for free.

Continue reading “Finally, a firewall for all the porn on the Internet”

Adding mobile control to your gardening

[The Cheap Vegetable Gardener] wanted to check in on his garden from the road so he wrote a control app for his WinPhone. The hardware work is already done; having been built and tested for quite some time.

The implementation comes in two parts, both shown in the chart above. The grow box is behind a firewall as you don’t want random folks turning on the water and grow lights on a whim. The first part of the interface takes care of this separation by providing a set of functions on the host machine. The second portion is the phone app itself which calls those functions and displays all the pertinent information from the status of the lights, heater, exhaust, and water pump, to the current temperature and humidity. He’s even used Google Charts to graph data over time. The app itself took about two hours to code with no prior experience, a testament to the level of approachability these tools are gaining.

Investigating the Leopard firewall

Our friend [Rich Mogull] has been flipping the switches on Leopard’s new firewall and scanning it to see what’s actually going on. There is some good and some bad. The new application signing is a mixed bag. It breaks Skype and a commenter pointed out that automatically trusting Apple installed apps like NetCat isn’t a good idea either. You can roll your own firewall using user friendly tools like WaterRoof since ipfw is still included.