Tietoturva-aiheisia poimintoja Semantic Scholarista. Esim. "An Indirect Eavesdropping Attack of Keystrokes on Touch Screen through Acoustic Sensing", "Capturing the Human Figure Through a Wall" ja "Covert Signaling Channel between Air-Gapped Computers Using Thermal Manipulations".

EAVESDROPPING, SIDE-CHANNELS

A Survey on How Side-channels Lead to Compromised Information

Special emphasis has been placed on the electromagnetic side-channel since, although not new, it is the focus of a recent increase in activity through the democratization of software-defined radio, enabling highperformance solutions at low cost. Due to their long range, higher bandwidth, cross-wall ability and concealment capabilities, radio frequency waves are a particular threat when compared to other mediums. Semantic Scholar

An Indirect Eavesdropping Attack of Keystrokes on Touch Screen through Acoustic Sensing

Different finger movement directions induce unique Doppler profile of acoustic signals received by microphones. Semantic Scholar

Compromising Reflections-or-How to Read LCD Monitors around the Corner

The experimental results presented in this paper are only a first case study. The most obvious improvement is to use more expensive hardware: a larger telescope with larger diameter and a more sensitive camera to improve the exposure time. Also methodical and algorithmic improvements are possible. So far, we have photographed the pictures and applied simple standard algorithms to improve readability. However, advanced deconvolution algorithms or the analysis of whole sequences of pictures might lead to much better picture quality. Semantic Scholar

Inference Attacks by Malicious Batteries on Mobile Devices

To circumvent the browser security limits on the battery level sampling rate, we build a circuit to directly manipulate the battery charging state from inside the battery, by exploiting the phone's wireless charger circuitry. This allows sending up to 1 bit every two seconds, 15x the bandwidth achievable via the battery charge level JavaScript Battery Status API. The covert channel is bidirectional; thus, the exfiltration mechanism can be triggered when a visit to a malicious website is detected by the battery. Semantic Scholar

Physical key extraction attacks on PCs

Demonstrating how an untethered probe may be constructed from readily available electronics, we also built the Portable Instrument for Trace Acquisition (PITA), which is compact enough to be concealed, as in pita bread. Semantic Scholar

Sound Sensing via mmWave Signals

To convert the extremely weak sound vibration in the radio signals into sound signals, RadioMic introduces radio acoustics, and presents training-free approaches for robust sound detection and high-fidelity sound recovery. It then exploits a neural network to further enhance the recovered sound by expanding the recoverable frequencies and reducing the noises. RadioMic translates massive online audios to synthesized data to train the network, and thus minimizes the need of RF data. Semantic Scholar

Through-wall Word Detection of Human Speech via Commercial mmWave Devices

We assume the attacker can acquire the victim’s mmWave data when he/she speaks to train the model in advance. This can be achieved by transmitting mmWave to the victim remotely when he/she speaks in some scenarios that do not have protections, such as a public coffee bar. Once the model is trained, it can be used for the following attack. We assume that there is a soundproof and opaque wall between the victim and the attacker. Thus, acoustic-based and visual-based eavesdropping methods will fail. Semantic Scholar

When Replacement Smartphone Components Attack

The concept of attacking secure devices via malicious replacement units may allow an interesting trade-off between the two methods of software-oriented attacks and active fault attacks. This is because it provides an attacker with a low-risk method of getting "up close and personal" to the main CPU’s hardware interfaces, while at the same time requiring very little of the attacker in terms of attack cost or time spent. Semantic Scholar

GESTURES, THROUGH-WALL

A Survey of Handy See-Through Wall Technology

Through-wall systems or systems with certain through-wall detection ability can be divided into four categories: WiFi-based system, radio tomographic imaging (RTI) system, traditional through-wall radar, and software-defined radio (SDR) system. To achieve through-wall localization with higher precision and more fine-grained through-wall motion classification, system designers need to formulate more sophisticated models to fit the complicated environment caused by minor movements of the human body and fine-grained motions. Therefore, researchers resort to machine learning, which is a powerful technology to find the hidden relationship in a complicated environment. Semantic Scholar

Capturing the Human Figure Through a Wall

Our solution to the above problem exploits user motion to capture his figure. Specifically, while the antenna array receives reflections only from very few points on the user's surface, these points vary as the person moves, and trace the person's body. As the person walks, the relation between the incident signal and the normal to the surface for his various body parts naturally changes, providing opportunities for capturing the signals reflected from various body parts. Semantic Scholar

Commodity WiFi Sensing in 10 Years

The accuracy of the WiFi sensing systems has been improving over the last decade, but there are still many complex scenes where current systems can not perform well or have trouble dealing with. Firstly, most existing systems have a very limited sensing range and only consider smaller spaces (e.g., a single room in the office or home). Such systems can not work well when apply to larger spaces with heavy pathloss and more complicated environments. For example, existing systems mainly focus on small indoor environments with one or two persons (e.g., living room, bedroom) and cannot work well when applied to a larger and more complicated public areas (e.g., large classroom, train station, bus station, and airport). Semantic Scholar

Through-the-wall human recognition

Because human body acts as an interference in the indoor environment and different body tissues have distinct reflectivities, permittivities and conductivities, WiFi signals will be affected differently when propagating to different individuals. The humanaffected wireless signal with attenuation and alteration, which contains the unique identity information, is defined as human radio biometrics. Semantic Scholar

Through-Wall Human Pose Estimation Using Radio Signals

One challenge of estimating human pose from RF signals is the the lack of labelled data. Annotating human pose by looking at RF signals is almost impossible. We address this challenge by leveraging the presence of well established vision models that are trained to predict human pose in images. We design a cross-modal teacher-student network that transfers the visual knowledge of human pose using synchronized images and RF signals as a bridge. Semantic Scholar

AIR-GAPPED

Acoustic Data Exfiltration from Air-Gapped Computers via Fans Noise

We show that the acoustic signal emitted from a computer's cooling fans can be controlled by software. A malicious code on a contaminated computer can regulate the speed of a computer's cooling fans to control the emitted waveform. Binary data can be modulated and transmitted out via the acoustic signals. The signals can then be intercepted by a nearby receiver (e.g., mobile phone), decoded back to data, and sent to the attacker. Semantic Scholar

Acoustic Emanation of Haptics as a Side-Channel for Gesture-Typing Attacks

The most obvious cause for concern is that user input could be identified, regardless of the security (such as end-to-end encryption) of the application in use. Furthermore, the literature demonstrates the ability to identify individual authors in similar attacks. Semantic Scholar

Air-Gap Exfiltration Attack via Radio Signals From SATA Cables

We show that attackers can exploit the SATA cable as an antenna to transfer radio signals in the 6 GHz frequency band by using non-privileged read() and write() operations. Notably, the SATA interface is highly available to attackers in many computers, devices, and networking environments. Semantic Scholar

Covert Data Exfiltration from Air-Gapped Networks via Router LEDs

We introduce two types of attacks: firmware level attacks in which malware is installed within the firmware of a network switch or router, and software level attacks in which the malware controls the LEDs from a compromised computer within the network. Semantic Scholar

Covert Signaling Channel between Air-Gapped Computers Using Thermal Manipulations

Our covert channel exploits the thermal radiation emitted by one computer, operating within permissible heat boundaries, to deliver information to a neighboring computer, equipped with standard heat sensors. Our method does not require dedicated or modified hardware, and is based solely on software. Semantic Scholar

Data exfiltration from air-gapped computer through switching power supply

In this paper we present Powermitter, a novel approach that can exfiltrate data through an air-gapped computer via its power adapter. Our method utilizes the switched-mode power supply, which exists in all of the laptops, desktop computers and servers nowadays. We demonstrate that a malware can indirectly control the electromagnetic emission frequency of the power supply by leveraging the CPU utilization. Semantic Scholar

Disks that Eavesdrop with a Synthesized Microphone

Despite the fact that hard drives were not designed to function as microphones, the mechanics of their internal components allow them to sense acoustic waves to some degree. Semantic Scholar

Escaping Sensitive Data From Faraday-Caged, Air-Gapped Computers via Magnetic Fields

The higher transmission rates of 10 bit/sec and 40 bit/sec are feasible only when the sensor was in close proximity (5-20 cm away) to the transmitting computer. Semantic Scholar

Exfiltrating Data From Air-Gapped Computers Through Power Lines

We show that a malware running on a computer can regulate the power consumption of the system by controlling the workload of the CPU. Binary data can be modulated on the changes of the current flow, propagated through the power lines, and intercepted by an attacker. Semantic Scholar

Exfiltrating Data from Air-Gapped Networks via Ethernet Cables Emission

Different techniques can be used for shielding Ethernet cables. The most common is to place a shield around each twisted pair to reduce the general electromagnetic emission and the internal crosstalk between wires. It is possible to increase the protection by placing metal shielding around all the wires in the cable. Semantic Scholar

Generating Covert Wi-Fi Signals from Air-Gapped Computers

In this paper, we demonstrated how attackers can exfiltrate data from air-gapped computers to a nearby Wi-Fi receiver via Wi-Fi signals. Our AIR-FI malware generates signals in the 2.4 GHz Wi-Fi frequency bands. The signals are generated through DDR SDRAM buses and do not require any special Wi-Fi hardware. Binary data can be modulated and encoded on top of the signals. We showed that a compromised nearby Wi-Fi device (e.g., smartphones, laptops, and IoT devices) can intercept these signals and decode the data. Semantic Scholar

Injecting Data from Air-Gapped Computers to Nearby Gyroscopes

Our malware uses ultrasonic sound waves to transmit data but does not require access to a microphone in the receiving smartphone device. We show that malware can use the smartphone's gyroscope to receive the data covertly. Our method is based on the vulnerability of MEMS gyroscopes to specific ultrasonic frequencies, known as resonance frequencies. Semantic Scholar

Leaking Sensitive Data from Air-Gapped Workstations via Screen Brightness

This covert channel is invisible and it works even while the user is working on the computer. Malware on a compromised computer can obtain sensitive data (e.g., files, images, encryption keys and passwords), and modulate it within the screen brightness, invisible to users. The small changes in the brightness are invisible to humans but can be recovered from video streams taken by cameras such as a local security camera, smartphone camera or a webcam. Semantic Scholar

Learning-based Practical Smartphone Eavesdropping with Built-in Accelerometer

The adversary is a spy app whose objective is to extract the private information contained in the speech signal. The spy app continuously collects accelerometer measurements in the background and tries to extract speech information when the smartphone speaker plays an audio signal (e.g., during a phone call or voice message). Semantic Scholar