Abstract: In this paper we present a method which allows attackers to covertly leak data from isolated, air-gapped computers. Our method utilizes the hard disk drive (HDD) activity LED which exists in most of today’s desktop PCs, laptops and servers. We show that a malware can indirectly control the HDD LED, turning it on and off rapidly (up to 5800 blinks per second) — a rate that exceeds the visual perception capabilities of humans. Sensitive information can be encoded and leaked over the LED signals, which can then be received remotely by different kinds of cameras and light sensors. Compared to other LED methods, our method is unique, because it is also covert — the HDD activity LED routinely flickers frequently, and therefore the user may not be suspicious to changes in its activity. We discuss attack scenarios and present the necessary technical background regarding the HDD LED and its hardware control. We also present various data modulation methods and describe the implementation of a user-level malware, that doesn’t require a kernel component. During the evaluation, we examine the physical characteristics of different colored HDD LEDs (red, blue, and white) and tested different types of receivers: remote cameras, extreme cameras, security cameras, smartphone cameras, drone cameras, and optical sensors. Finally, we discuss hardware and software countermeasures for such a threat. Our experiment shows that sensitive data can be successfully leaked from air-gapped computers via the HDD LED at a maximum bit rate of 4000 bits per second, depending on the type of receiver and its distance from the transmitter. Notably, this speed is 10 times faster than the existing optical covert channels for air-gapped computers. These rates allow fast exfiltration of encryption keys, keystroke logging, and text and binary files.
Category: internet
At Quora, I occasionally play, “Ask the expert”. Several hundred of my Quora answers are linked here. Today, I was asked “How much of Bitcoin’s value is driven by speculation”. This is my answer…
This is a great question! While the value of any commodity is determined by supply and demand, speculation is one component of demand. Another is the unique utility value inherent in a product or process. This is sometimes called ‘intrinsic value’.
It’s ironic that when a high fraction of value is driven by speculation, short-term value becomes volatile and long-term value becomes less certain—and less likely to produce returns for those same speculators.
Editor’s Note: In the past few weeks, a significant spike in Bitcoin’s value and trading volume relates to a pending regulatory decision expected at the end of next week. This activity is certainly driven by speculation. But for this article, I am considering periods in which the demands of individual events are less clear.
The value of Bitcoin is influenced by:
- Day traders who buy and churn
- Long-term speculators who buy and hold. This includes me.
- Criminals who hope that cryptocurrency transactions can be more easily hidden than government backed currencies
- Early adopters who use Bitcoin as a payment instrument or to send money
- Vendors who accept the coin in exchange for products and services
- Vendors who retain a fraction of revenue in Bitcoin (rather than exchanging to Fiat). To avoid a round trip exchange, they seek to purchase materials or pay staff with the Bitcoin they earned.
Here’s the rub: Bitcoin will not become a store of value unto itself (i.e. a currency), and it will not gain a significant fraction of the payment instrument market until the transaction volume of the first to user categories in the above list are overtaken by the the ones further down. Likewise, Bitcoin will not enter its biggest growth spurt until the last two items swamps the others as the largest motive for acceptance and use.
Put another way: Long term value must ultimately be driven by organic adoption from actual users (people who are buying and spending Bitcoin on other things.
In another article, I expand on the sequence of events that must take place before Bitcoin grows into its potential. But make no mistake. These things will happen. In tribute to the brilliance of Satoshi, the dominoes are already falling.
In response to the question, I estimate that at the beginning of 2017, 85% of Bitcoin value is still driven by speculators. I have not analyzed wallet holding periods compared against the addresses of known vendors. Furthermore, it would be difficult to understand the relationship between the number of speculative transactions and the overall effect on value. Therefore, my figure is more of a WAG than an calculated estimate. But it’s an educated WAG.
The fraction of speculative transactions will drop significantly in the coming months—even as late speculators jump on board. That’s because uptake from consumers and businesses is already taking off. The series of reactions that lead toward ubiquitous, utilitarian applications has begun. Bitcoin’s value will ultimately be driven by use as a payment instrument and in commerce.
Because it is a pure supply-demand instrument, Bitcoin will eventually be recognized as currency itself. That is, it needn’t be backed by precious metal, pegged convertibility or a redemption promise. When that happens, you will no longer ask about Bitcoin’s value. That would be a circular question, since its value will be intrinsic. Instead, you will wonder about the value of the US dollar, the Euro and the Yen.
As a growing fraction of groceries, gasoline and computers that you buy are quoted in BTC, you will begin to think of it as a rock, rather than a moving target. One day in the future, there will be a sudden spike or drop in the exchange rate with your national currency. At that time, you won’t ask “What happened to Bitcoin today? Why did it rise in value by 5% this morning?” Instead, you will wonder “What happened to the US dollar today? Why did it drop in value by 5%?”
Philip Raymond co-chairs Crypsa & Bitcoin Event, columnist & board member at Lifeboat, editor
at WildDuck and will deliver the keynote address at Digital Currency Summit in Johannesburg.
The encryption codes that safeguard internet data today won’t be secure forever.
Future quantum computers may have the processing power and algorithms to crack them.
Nathan Hamlin, instructor and director of the WSU Math Learning Center, is helping to prepare for this eventuality.
In Brief
- Canada is spending millions to ensure all citizens have access to home internet with download speeds of at least 50Mbps and upload speeds of 10Mbps in the next 10 to 15 years.
- At a time when so many things we used to do in person or via a physical medium are done digitally, living without the internet inherently puts a person at a disadvantage.
Canada is making some major moves to ensure that every citizen in the country has access to fast broadband speeds. The Canadian Radio-Television and Telecommunications Commission (CRTC) announced this week that it was setting up a fund of $750 million available over the next five years to expand internet access.
The CRTC is implementing a standard of universal availability of home internet with download speeds of at least 50Mbps and upload speeds of 10Mbps with the option of unlimited data. In doing so, the Canadian government is declaring that broadband internet is a basic telecommunications service, akin to phone service.
I currently have a lot of exciting information security writing and research that I’m engaged in. I’m eager to publish my ongoing work for my loyal readership! Meanwhile, if you really enjoy my writing for Tripwire, Alienvault, and Medium, consider supporting my Patreon. Like most people who write for the Internet for a living, I make very little money. Helping me buy groceries and public transit fare goes a long way, and every little bit counts. Thank you!
A new world is coming — been waiting for a while. Glad we’re finally seeing the promotion.
As Internet-of-Things keep expanding the need for interoperability and sharing of resources become a necessity. IOTA enables companies to explore new business-2-business models by making every technological resource a potential service to be traded on an open market in real time, with no fees.
MIT has never stood stand still in the presence of change and opportunity. Their Media Lab Currency Initiative is at the forefront of Blockchain and Bitcoin research. With the fracture of the founding core team, MIT stands to become the universal hub for research and development.
The initiative now has a team of 22 people and at least
seven ongoing research projects, and it nurtures three startups that use cryptocurrencies and the underlying technology in a variety of ways. Blockchain research now sits alongside transparent robots that eat real-world fish, solar nebula research, and other imaginative, futuristic projects in progress at the university.
The initiative has already funded the work of bitcoin protocol developers and has supported research, going far beyond bitcoin—even partnering with Ripple Labs and developing enterprise data projects.
Now, the MIT Media Lab Digital Currency Initiative is working on 3 big Blockchain ideas:
- Shattering online ‘echo chambers’
- Improving blockchain privacy
- Building central bank currencies
The DCI is led by former White House advisor and research director Neha Narula. Read about the three BIG blockchain projects at CoinDesk.
Philip Raymond co-chairs Crypsa & Bitcoin Event, columnist & board member at Lifeboat, editor
at WildDuck and will deliver the keynote address at Digital Currency Summit in Johannesburg.
A new method developed by Disney Research for wirelessly transmitting power throughout a room enables users to charge electronic devices as seamlessly as they now connect to WiFi hotspots, eliminating the need for electrical cords or charging cradles.
The researchers demonstrated their method, called quasistatic cavity resonance (QSCR), inside a specially built 16-by-16-foot room at their lab. They safely generated near-field standing magnetic waves that filled the interior of the room, making it possible to power several cellphones, fans and lights simultaneously.
“This new innovative method will make it possible for electrical power to become as ubiquitous as WiFi,” said Alanson Sample, associate lab director & principal research scientist at Disney Research. “This in turn could enable new applications for robots and other small mobile devices by eliminating the need to replace batteries and wires for charging.”