In the talk, we demonstrated how a combination of modulation and VoIP can be used to bypass enterprise security controllers. Here are the links to the poc #1, and poc #2.
This year, I won't be able to make it to Las Vegas for any of the conferences. Dwelling on the past, I have decided to revisit the 'Sounds Like Botnets' talk and add some content to it.
Data loss prevention (DLP) solutions are designed to detect and prevent potential data breach incidents. There are many types of DLP systems, the one that I'll address is the Endpoint DLP software.
Endpoint DLP software runs on an end-user workstations and monitors and controls access to physical devices (e.g. mobile devices) among other things. But does it monitor the sound card?
It is possible to modulate data into sound, and than to play it out from the workstation (using the sound card) to a 3rd party such as a voice recorder or any mobile with external microphone input.
Modulation vs. DLP #1:
Keep in mind that this is a proof of concept, so it's not going to work 100% of the time. If it's not working, try: (a) a smaller document/payload or (b) a different recording device.
To modulate:
- Download data2sound.py
- Pick a file
- Modulate the file
$ ./data2sound.py -i secret.txt -o foobar.wav
- Download sound2data.py
Then, if possible, copy the file "AS IT IS" from the recording device to the computer, and demodulate it:
$ ./sound2data.py -i foobar.wav -o secret.txtIf not, try the following steps:
- Connect the recording device to the workstation sound card (Microphone input)
- Start recording on the workstation
- Play the file on the recording device
- Stop the recording on the workstation
- Demodulate the file
Modulation vs. DLP #2:
By bridging between the computer soundcard and a smart phone broadband modem, it is possible to upgrade the previous method to be an on-line, or real time one. In other words, Build Your Own Modem.
The setup:
- Connect the computer headphone output into the smart phone external microphone input. This way, the computer can output signal to the smart phone.
- Connect the smart phone headphone output into the computer external microphone input. This way, the smart phone can output signal to the computer.
On the smart phone:
- Call to the remote site
- (The caller signal should be sent to the computer via headphone output, if not, try playing with the settings)
- (The calle signal should be received from the computer via microphone input, if not, try playing with the settings)
On the computer:
- Modulate the file you wish to trasnfer
- Play the generated WAV file
Before wrapping up this post, I'd like to give a big shout out to Mickey Shaktov and Iftach (Ian) Amit, each of them will be presenting this year at Blackhat USA. Go see their talks, you won't be disappointed!