At the end of 2020, it seems that there were no printed expressions left – it’s over, and okay. But if you try, then it’s again supply chains and again machine learning, but in the context of deepfakes. A rather positive moment of the year was the discovery of well-hidden vulnerabilities in basic protocols: one can recall the vulnerability in the Android Bluetooth stack at the beginning of the year and the Wi-Fi bug in Apple mobile devices at the end. This is partly a sign of the development of new technologies for finding vulnerabilities (fuzzing), and partly – improving old technologies (port scanning) in combination with the savvy of researchers.
The various consequences of the pandemic have seriously affected our lives, but in the field of cyber defense, they have only exacerbated the existing problems: encryption and privacy of conference calls in Zoom and not only, attacks on RDP and in general on the infrastructure for remote work, vulnerabilities in medical technology. The outgoing year is also a year of high-profile hacking of companies for the purpose of blackmail, with dire consequences up to a complete breakdown of infrastructure. A case in point is the attack on Garmin. The information security environment is an alarming thing by definition, and at the end of a covid year, I want to give priority to those studies where there is a flight of thought, interesting decisions, but there are no serious consequences so far, or maybe not at all. We have selected three such works: about peeping passwords in video conferencing, about scanning laptop memory with flashing BIOS on the fly, and about secret conversations with a smart speaker using a laser.
Digest. Original source…
In 2020, an army of remote workers generated millions of hours of video, with boring work conversations, slide sharing, households and cats in the background, the inevitable “Can you hear me well?” and “this software does not work with bluetooth headphones.” You can treat this as a fleeting consequence of a pandemic, or you can treat it as a huge dataset with a lot of details. But then in words, and in November, researchers at the University of Texas actually proposed an attack using such data. The attack is best illustrated by this gif:
Researchers have shown that small shoulder movements can be associated with which buttons the wearer presses on the keyboard. Imagine: you are “on the call” and simultaneously enter the password in the browser. If you are typing with both hands, you can define the support keys for each of the keyboard halves and guess which shoulder movement corresponds to moving your fingers a row lower or higher, to the right or to the left. The authors of the work had to work with an extremely noisy dataset, and the use of machine learning with a dictionary showed the best efficiency. That is: the coherent text will be decrypted with a higher probability, and not the password with $ special1 characters. In more realistic scenarios, it was possible to guess the typed in one case out of five (or worse). But if you set a goal and get a long video for research, there is a chance of success. Even with such reservations, this is a rather impractical study, but let’s pay tribute to the audacity of scientists: they built a working mechanism and even deciphered something.
Flashing BIOS on the fly
Digest and original source…
One of two studies with the flavor of spy technology: Leaving your laptop unattended in sleep mode. The intruder or Agent 007 removes the cover, hooks an eight-pin “crocodile” to the BIOS chip, reflashes it, turns on the laptop and dumps the RAM dump onto the USB flash drive.
Researcher Trammell Hudson has implemented the classic Time-of-check / Time-of-Use attack: the authenticity of the boot firmware is verified when the laptop is turned on, but may not be verified when it wakes up from sleep. Changing the firmware is also not so easy, because you need to know what and how to change. Nevertheless, upon exiting sleep, the boot code is accessed: if you plant a malicious module there, you can access secrets in RAM, for example, a key for data encrypted on a hard disk.
Also noteworthy is the tool Trammell used to demonstrate the attack: a hardware flash memory emulator. spispy, which allows you to both track calls to the BIOS chip and replace the boot code on the fly, partially or in whole.
Conversation with Amazon Echo using a laser
Digest and original source…
Researchers from universities in the United States and Japan have discovered a fundamental vulnerability in high-sensitivity MEMS microphones installed in smart speakers, among other things. As it turned out, such microphones respond not only to sound, but also to laser radiation. By changing its power, you can give commands to the smart speaker remotely. Some devices were controlled from a distance of up to 100 meters and even through a window.
The researchers are exploring the possibility of bypassing various methods of protection against unauthorized voice commands, such as codewords. Since the attack takes place in complete silence, you can load the search for frequently used words in the voice generator – an analogue of a brute force attack on a password from mail. Finally, an attack on the voice assistants in the car is allowed, which looks a little more realistic.
All three studies, one way or another, look for weaknesses in the hardware, although it is much easier to attack software or network infrastructure. That is why these are scenarios for growth – if we see them, it will obviously not be in the near future and, most likely, not in the form in which the original experiment was carried out. Therefore, they are of interest: this is not a buffer overflow for you.
The world in which such attacks make sense will definitely be better than now – there are too many much more trivial holes in the modern infrastructure that do not require lasers and study of the victim’s movements. This world is also likely to be difficult: already now we are dependent on near-computer technology, locked in our homes. In n + 10 years, we may be applying cyber defense terminology to robotic body parts. Thinking about such a perspective is both interesting and scary, this is such a traditional choice between something new, but incomprehensible, and tested, but outdated. We hope that, despite the sometimes incomprehensible new, everything will be fine with us and you. Holiday greetings! Dear editors will be back on the air on January 11th.