Security Weekly 19: Security Cameras are Transmitted Over the IR, The Neural Network Quickly Selects Passwords, Hackers Conduct Reconnaissance Through MS Word
No matter how effective the method of protection “to cut off the cable on the Internet”, they are used extremely rarely – even those who would be worth it. But researchers do not stop trying to come up with the most curious way to overcome the “air gap”. By using a sound, then light, then heat. And yet three dodgers from the University of Ben-Gurion recently realized something new – to use security cameras.
- The idea is that a physically isolated (air-gapped) network is infected with a malicious program. How – it was invented long ago, and even implemented (Stuxnet, for example). Fleshechku can throw, a disk with an infected software, but you never know what. But to enter does not mean to get out. However, there are few objects with an isolated network without a physical security system with surveillance cameras. And to see something, when the light is turned off in the room, a backlight is needed, and most cameras are equipped with an array of IR LEDs. Some of these cameras can be seen from the outside, through the window.
Accordingly, cameras with a special Trojan are converted into a two-way data channel. And invisible to the naked eye. Outside, the data is transmitted by IR diodes, and the attacker with ordinary smartphone accepts them. To enter data, the hacker uses the same array of IR diodes, and the camera receives their signal.
- The channel parameters stated in the study are impressive, in comparison with other ways of overcoming the air rupture – the speed of 15 bps for each LED (which gives 120 bps with the usual eight cameras for the cameras), the distance is hundreds of meters to the outside, and kilometers by the transmission inside . Ben-Gurionian inventors even thought of how to do without direct visibility (although the maximum distance is reduced to tens of meters).
Well, in order for us to see the real use of this technique, we need to coincide with three circumstances: (1) someone decided to isolate the network by an air gap, (2) hackers became interested in his information and (3) this someone turned on security camera in its super-secure isolated network. It sounds silly, but still, the idea is beautiful.
Has been developed AI for quickly guessing passwords
Scientists from the Stevens Institute of Technology and the New York Institute of Technology published early results of their work on the use of the generative adversarial network (GAN) for accelerated guessing of passwords. Well, that is faster than brute-force rules, like in Hashcat or John the Ripper.
- The idea looks quite logical to itself – if anyone can determine by what principles people come up with passwords, then only neural networks. Generally, adversarial networks have recently been used for amusements such as improving spoiled photos or automatically building realistic looking pictures of little animals (they only look realistic for the deep learning experts themselves, but in fact, they are terrible, see Proof).
- The essence of GAN is the use of two neural networks, one of which (generative) generates something that more or less resembles training patterns, and the second (discriminatory) distinguishes the generated samples from the training ones. Playing against each other on a sufficiently large sample, both networks reach an equilibrium state in which very reliable samples are able to generate.
Eggheaded hackers, armed with TensorFlow 1.2.1, trained the network with passwords merged over the past 18 months from LinkedIn and RockYou. She eventually generated her own, improved rules for selecting passwords. By themselves, they were not to say that it is better than HashCat, but if they are combined with the rules of HashCat, then the number of guessed passwords from the test sample was increased by 18-24%. The figures are not very impressive, but we must understand that in practice the sample can be taken and much more. That is, soon enough the assessment of the complexity of the selection of passwords will have to be reviewed – progress cannot be stopped.
Undocumented MS Office feature allows you to merge profile data
No matter how much you tinker around in Microsoft Office, or in its files, you will always find some kind of surprise. Our guys, investigating the target attack Freakishly, came across a phishing email with OLE2 files. At first glance, there was nothing malicious inside, no macros, no exploits, no flush. And then found links to PHP-scripts on the external hosting. You open the file in Word, it climbs on the links – and outside is data on the installed software.
Presumably, these data are necessary for attackers for reconnaissance. In general, for the success of a targeted attack, it is very important to have accurate data about what software is installed by the victim, and what versions. But why does Word go over these links at all?
The researchers found that hackers exploit the incompletely documented feature of MS Office – the INCLUDEPICTURE field in the document. The value in this field only informs Word that a certain image is bound to certain symbols in the text, the link to its location should be in ASCII. But someone invented to put the cleverly designed Unicode, and eventually, the field refers to a certain offset in the document, where the form lies, in additional data, there is a URL – where Word and climbs. In addition to Word for Windows, this feature works in Microsoft Office for iOS and Android.