Demilitarized Tone | TechSNAP 166

Demilitarized Tone | TechSNAP 166

Researchers develop an ultrasonic mesh network to extract data from computer networks, Feedly and Evernote get attacked, and something is amiss with Windows 7.

Then its a great batch of your feedback, our answers, and much much more!

Thanks to:




Direct Download:

HD Video | Mobile Video | MP3 Audio | Ogg Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feeds | Torrent Feed

— Show Notes: —

Exfiltrating data using an ultrasonic mesh network

  • Researchers at the Fraunhofer institute in Germany have developed a protocol based on an underwater communications protocol, to pass messages between laptops using their speakers
  • Fraunhofer Institute is famous for having invented the MP3 audio codec and being a significant contributor to the H.264/MPEG-4 AVC video codec.
  • The paper describes a ‘Covert Channel’ that can be used to circumvent firewalls and intrusion detection systems
  • The system uses ultrasonic sound, emitted by laptop speakers and received by laptop microphones
  • The range is about 20 meters and the provides about 20 bits/second of bandwidth
  • The general principle is to create a mesh network of laptops in order to exfiltrate data from a protected network or location
  • The proof of concept was created by installing a keylogger on a laptop, which would then send the data back to the attacker by emitting the ultrasonic (inaudible to the human ear) sounds, which would then be picked up by another infected machine and repeated, extending the transmission range
  • Eventually the signal may be able to reach a machine outside of the protected area or network, and be received by the attack, or re-transmitted by regular means
  • As a countermeasure, they suggest possibly disabling the speakers/microphone entirely
  • As a more useful countermeasure, they suggest a low-pass filter that would either remove the ultrasonic frequencies from the output, or shift them down to audible range so they can be detected by humans
  • The paper also discusses a host-based intrusion detection system that analyzes audio input and output for suspect signals
  • Full PDF

Feedly And Evernote Go Down As Attackers Demand Ransom

  • After restoring its services after Wednesday’s attack, the Feedly team reported in a blog post Thursday morning that it had been hit by a second DoS attack. As of late Thursday morning, Feedly is down again.
  • On Thursday June 12th Feedly Posted to their Blog: “2:04am PST – Criminals are attacking feedly with a distributed denial of service attack (DDoS). The attacker is trying to extort us for money to make it stop. We refused to give in and are working with our network providers to mitigate the attack as best as we can.”
  • In Evernote’s case, the company noted yesterday evening that it was unavailable, and that it was working to neutralize a denial of service attack. A few hours later, a message on Evernote’s Twitter account said its service was restored – but it’s not out of the woods yet. “There may be a hiccup or two for the next 24 hours,” the tweet warned.
  • At least in Feedly’s case the attackers demanded a ransom to stop the attack.
  • It’s unknown as of now if the hackers are demanding ransom from Feedly on day two of the attack. The company has not responded to a request for comment.
  • Denial of service attack [Neutralized] – Feedly Blog
  • Feedly, Evernote And Others Become Latest Victims Of DDoS Attacks
  • BBC News – Feedly and Evernote struck by denial of service cyber-attacks
  • EuroBSDCon 2013 — Allan Jude — Mitigating DDoS Attacks at Layer 7

Microsoft patching flaws in Windows 8, but not Windows 7?

  • Researchers found the gaps after they scanned 900 Windows libraries and uncovered a variety of security functions that were updated in Windows 8 but not in 7. They said the shortcoming could lead to the discovery of zero day vulnerabilities.
  • The missing safe functions were part of Microsoft’s dedicated libraries intsafe.h and strsafe.h that help developers combat various attacks.
  • Researcher Moti Joseph and malware analyst Marion Marschalek (@pinkflawd) developed a capable diffing (comparison) tool dubbed DiffRay which would compare Windows 8 with 7, and log any safe functions absent in the older platform.
  • In a demonstration of DiffRay, the researchers found four missing safe functions in Windows 7 that were present in 8.
  • Including:
    • bcrypt.dll!ConvertRsaPrivateBlobToFullRsa
    • netlogon.dll!NlpAddResourceGroupsToSamInfo
    • twext.dll!EscapeField (possible unpatched interger overflow in Windows 7, fixed in 8)
  • Slides
  • Video – What happens in Windows 7, stays in Windows 7


Round Up:

Question? Comments? Contact us here!