Image

"Covert Channel [Wikipedia]: a covert channel is a type of computer security attack that creates a capability to transfer information objects between processes that are not supposed to be allowed to communicate by the computer security policy."Today, in a world where the hacking techniques are getting more and more sophisticated and security measures are growing up to fight against them in a form of firewalls, sensors, interceptors and DPI, the hackers have to be more creative in order to develop new methods to exfiltrate data from secured facilities. Data exfiltration defines the act of extracting and transferring information from computer systems without authorization of the owners. During the last years, data exfiltration has grown by the use of covert channels techniques, like using known protocols, such as DNS and ICMP, implementing video steganography, or employing power consumption monitoring, glitch analysis, RF emission, etc. All of these methods exfiltrate information or help command and control devices remotely. For an upcoming presentation at BSides Munich, I will be discussing another method for bypassing well-known protocols, such as 802.11 (Wi-Fi), and modifying its packet structure to fool drivers and protocol handlers in a way where they will ignore or discard this kind of malformed packets, thereby avoiding security detection or analysis of these communications. To demonstrate these abilities, I developed a chat application (using Python Programming language in combination with Scapy packet handling library) that creates a kind of covert channel using 802.11 packets. The usage of this chat is very simple: just connect a monitor mode Wi-Fi card that supports traffic injection capabilities, and then enter your alias and a secret IRC room name. Based just on this name, the Wi-Fi card sets on a specific channel, a destination MAC address, and initializes an AES symmetric key for the encryption of this virtual room. Every user that knows this secret room name will be in the same room, being notified about the actual users in the IRC room. All the users will work also as Wi-Fi repeaters to increase the signal between nodes. It's also possible to send files or pictures to anyone. It's possible to create so many rooms as needed, so you can create a small infrastructure inside a building. Internally, I am using malformed 802.11 packets that are usually silently discarded by standard Wi-Fi cards (this improves also security). For an in-depth look at how my chat application works, please join me at BSides Munich for my presentation entitled "Data exfiltration: Secret chat application using Wi-Fi covert channel." It will take place at 14:50 local time on Monday, 3 April 2017.
Image
