Imagine the bright future of information technology has arrived. Developed and widely implemented secure code development technology. The most common software is extremely difficult to crack, and it makes no sense: the most interesting data is generally stored in a separate, completely isolated software and hardware "safe". Hacking someone's mail, picking up a simple password, using the tightly “wired” admin access to the router is no longer working: development practices and quality auditing reduce the likelihood of such “simple” vulnerabilities to almost zero.
Will this (unlikely) scenario put an end to cyber attacks? It is unlikely that they will simply become more expensive. Nontrivial hacking methods that are currently simply not needed (there are ways to get the necessary information much easier) will be in demand. The same Specter is after all a set of vulnerabilities that are extremely difficult to use for something really
useful and harmful. But if there is no choice, such methods will do. Today there are two recent examples of non-trivial attacks: acoustic DoS of hard drives and theft of Facebook images via CSS.
Sound and ultrasound attacks can disable hard drives and “hang” software.
News ResearchResearchers from Zhejiang University in China and the American University of Michigan showed how to disable computers using sound and ultrasound signals. This is due to the usual hard drives, badly tolerating not only shocks, but also all sorts of vibrations, including from acoustic signals. The picture from the study clearly explains everything:
Above — normal operation of the hard disk; in the center — we begin to “irradiate” with the sound of medium volume, the data transfer rate drops. Below: a major hard drive interruption. Everything would be fine, but the DoS-attack “reliably” (in the lower graph) is realized at a volume of 117 dB SPL, while a sinusoidal signal with a frequency of 5 kilohertz is transmitted. This is a
very loud attack. But this is fixable: similar results, but already on a 2.5-inch notebook hard drive, were achieved by transmitting an ultrasonic signal at a frequency of 31.5 kilohertz.
Study by the authors at the 39th IEEE on Security and Privacy SymposiumThe study provides an example of an attack on a laptop, and the source of the attack is the dynamics of the attacked device: 45 seconds of
howling of a specially shaped acoustic signal, and a blue screen is obtained. I'm not sure that this is a realistic scenario: the further, the harder it is to find devices with a traditional HDD instead of a solid-state drive. But the scenario of the attack on the video surveillance system is quite realistic: there will be a lot of hard drives for a long time. The researchers achieved a short break in the recording after 12 seconds of attack on a real surveillance system. An attack lasting 105 seconds disables the system completely, until the next reboot. So imagine and imagine the arsenal of cyber-savvy robbers of the future: suckers to move along the walls of expensive office buildings, some explosives and a column to yell at video cameras to their complete inoperability.
Identity theft through CSS implementation error
News ResearchResearcher Ruslan Habalov, a security specialist at Google, together with an independent expert Dario Weisser found an interesting bug in implementing CSS in Chrome browsers (repaired since version 63) and Firefox (patched in version 60). The attention of researchers was attracted by the mix-blend-mode method, which allows one to more organically “fit” one element over another - for example, the Facebook widget over the background on the website. The vulnerability lies in the fact that the time required to render a new element depends on the color of the source. In other words, a potential attacker has the opportunity to obtain data, access to which, in theory, should be denied. In the proof of concept, it is shown how, using such indirect data, one can “steal” the name and photo of a user who is simultaneously logged in on Facebook and visits the “prepared page”:
It works, let's say, very slowly (it must be taken into account that this is a PoC, and the author was not interested in optimizing the algorithm). To steal the username from the FB widget turned out in 20 seconds. Rendering a pretty soapy userpic took as much as 5 minutes. Well, okay, the very fact of using a non-trivial data channel through which information leakage occurs is interesting here. In the case of this vulnerability, everything seems to be all right: they found it, quickly shut it down, and it is unlikely anyone would think of using it in practice. The question is, how many more “holes” are there through which important information can be leaked and about which we still don’t know? This is not even about the fact that someday in the future it will come down to the practical application of such complex attacks - from despair. The point is that now they can be implemented in such a way as to completely bypass absolutely all means of protection - because no one expects a strike from the rear. That is why such nontrivial methods of attack
through one place , both on hardware and software, are of particular interest.
Disclaimer: The opinions expressed in this digest may not always coincide with the official position of Kaspersky Lab. Dear editors generally recommend to treat any opinions with healthy skepticism.