"You have no idea of my hidden infection channels....."
Security researchers have discovered that specific music, lighting, vibrations or magnetic fields could all be used as infection channels to trigger the activation of mobile malware on a massive scale. The paper, titled Sensing-Enabled Channels for Hard-to-Detect Command and Control of Mobile Devices, was presented in the …
Yep, the silly thing is, the malware already has to be on the device. You can't "infect" the device with music, it is just another trigger, like date and time, user input, geo data, camera, tilt sensor, C&C server etc.
Malware has been able to access cameras and microphones on devices for years and they have used events to trigger themselves, combining the two is a logical next step.
It doesn't even need "rigged" sound, going to a Bieber concert could provoke the device into play a Lady Gaga video etc.
And it doesn't need to be malware, you could use it for a concert app etc.
It's called steganography. Nothing to see here, move along now.
I haven't read the paper, but I don't think it's stego. According to the article, such inputs are used to trigger an existing infection rather than being used as a carrier for code or new information beyond the "trigger me now" signal. In this case, it's probably just another example of the use of "oblivious agents": an "agent" continuously monitors whatever sensor data it has available, produces a hash of some kind and if the hash matches a trigger condition, it activates. The "oblivious" part is that the agent doesn't "know" in advance (and examining the code won't reveal) what specific combination of inputs are needed for it to activate which function.
It's called steganography
This is about covert channels, not steganography. Steganography is an application of covert channels; specifically, it's creating a covert channel within an unprotected channel in an attempt to provide confidentiality. These covert channels already exist, and they can be used for non-confidential purposes. Indeed, the traditional use of a covert channel is to bypass security mechanisms, not to conceal information. Concealment is just a side effect and doesn't always apply.
I haven't read the paper,1 but it doesn't look like there's any new theory here - just proof-of-concept work and a list of some of the channels. In that sense it's not significantly different from the research that was done at least as far back as the 1960s in looking at using covert channels like system statistics to leak information or control agents.
1Famous last words. I should get that phrase printed on a t-shirt.
"Security researchers have discovered that specific music, lighting, vibrations or magnetic fields could all be used as infection channels to trigger the activation of mobile malware on a massive scale."
So the device has already been infected, how then is a command to that malware characterized as an "infection channel"? Is this what they teach journalists in their fancy journo schools?
Great, my remote control aircraft doesn't really need servos or even a radio; I can just 'infect' it via the electromagnetic spectrum to do my bidding. Cool!
Sigh. Covert channels, with specific requirements for remediation at various certification levels, are covered in the Orange Book, which was published in 1983. That's 30 years ago, for those of you playing at home.
Where an information system has an input channel, that channel is available to the system for input. The existence of covert channels is a tautology; what's interesting in the research on them are the practical implications, such as their availability at various privilege levels, their bandwidth, accidental information exposure (as in Kocher's timing attacks against modular multiplication), and so on.
Distribution UK List B[iv] only
... so called because its outline, when processed for non-hazardous viewing, is generally considered to resemble that of the bird. A processed (anamorphically elongated) partial image appears in Appendix 3 of this report, page A3-ii. THE STATED PAGE MUST NOT BE VIEWED THROUGH ANY FORM OF CYLINDRICAL LENS. PROLONGED VIEWING IS STRONGLY DISRECOMMENDED. PLEASE READ PAGE A3-i BEFORE PROCEEDING.
2-6. This first example of the Berryman Logical Image Technique (hence the usual acronym BLIT) evolved from AI work at the Cambridge IV supercomputer facility, now discontinued. V.Berryman and C.M.Turner  hypothesized that pattern-recognition programs of sufficient complexity might be vulnerable to "Gödelian shock input" in the form of data incompatible with internal representation. Berryman went further and suggested that the existence of such a potential input was a logical necessity ...
2-18. Details of the Berryman/Turner BLIT construction algorithms are not available at this classification level. Details of the eventual security breach at Cambridge IV are neither available nor fully known. Details of Cambridge IV casualty figures are, for the time being, reserved (sub judice).
This sort of thing has arguably already been implemented in some digital watermarking schemes. A signal which (supposedly) cannot be detected by the human ear is encoded in an audio recording, pre-installed software runs on the device which checks to see if it is a legitimate copy. If it is not,
your head explodes the device refuses to play the audio.
Big media, first in malware deployment methods.
“When you go to an arena or Starbucks, you don’t expect the music to have a hidden message”
In Starbucks, yes I do,
Last time I went in I’m sure not only did they play a number of songs with drinking and ‘chillin’ being the main subjects, but also when it was more busy they changed to instrumental versions of ‘Fight the Power’ ‘The Revolution will not be Televised’ and ‘I Predict a Riot’ In fact I would not be surprised if they play edited music with subliminal messages in, such as background vocals of “buy a bigger coffee”, “You really want a pastry”, “Hey, you are not hip enough for this coffee shop, why not buy a Mac?” or “overthrow the government, Starbucks is the one true master.”
Imagine a scenario where the Chinese insert a bit of code in a commonly used mobile chip at the point of manufacture that lies dorment until a specific audio trigger is heard (tv advert or song on radio etc). Upon hearing the trigger, unpleasentness happens to said devices, crippling a communications channel. Not beyond the realms of imposibillity and pretty damaging to a countrys mobile infrastructure if the chips are embeded far and wide. Come to think of it, a specific rf pulse would also be a good trigger.
/tinfoil hat removed
> Imagine a scenario where the Chinese insert a bit of code in a commonly used mobile chip at the point of manufacture that lies dorment until a specific audio trigger is heard (tv advert or song on radio etc). Upon hearing the trigger, unpleasentness happens to said devices...
Fart-triggered exploding toilet seats ?
May I predict some 'experimental' musician introducing the words "OK Glass, take a picture" into the lyrics of their tracks? Or "OK Glass, signup for [bandname] newsletter" Perhaps "OK Glass, Install [malware/adware/spyware app]"
Or my favourite: "OK Glass, send all my information to [insert goverment agency] then delete my account"
Biting the hand that feeds IT © 1998–2019