Fuga de información por ultrasonido: un delito sobre datos personales

Héctor Fernando Vargas Montoya; Clay Schneider Vallejo Pinilla; Carlos Augusto Ruiz Patiño

doi:10.22335/rlct.v14i3.1618

Authors

Héctor Fernando Vargas Montoya Instituto Tecnológico Metropolitano - ITM https://orcid.org/0000-0002-0861-2883
Clay Schneider Vallejo Pinilla Instituto Tecnológico Metropolitano - ITM https://orcid.org/0000-0002-3244-2167
Carlos Augusto Ruiz Patiño Instituto Tecnológico Metropolitano – ITM https://orcid.org/0000-0002-2421-4906

DOI:

https://doi.org/10.22335/rlct.v14i3.1618

Keywords:

Computer crime, computer system, data protection, right to privacy, security measure, ultrasound

Abstract

The use of mechanisms such as the transmission of data by ultrasonic waves can allow malicious personnel to obtain personal data from a computer system, which could constitute a computer crime. The objective of this article is to demonstrate how it is possible to filter information through ultrasound, using workstation peripheral systems, with which personal data could be obtained, which generates a confidentiality problem. For this, the method used was to perform a characterization of the computer components, a support software was built for sending and receiving ultrasound data (at a frequency greater than 18000 Hz), using the speakers of a computer equipment and the reception of data was from another laptop, the tests were performed in a controlled environment with low noise level. As a result, it was possible to transfer information through basic computational elements, although with some packet loss, but functional for the fulfillment of the proposed objective, with which it is concluded that it is possible that part of this leaked information could generate a computer crime through the light of Law 1273 in Colombia.

Downloads

Download data is not yet available.

Author Biographies

Héctor Fernando Vargas Montoya, Instituto Tecnológico Metropolitano - ITM

Ingeniero de Sistemas. Magíster en seguridad de las TIC.
Clay Schneider Vallejo Pinilla, Instituto Tecnológico Metropolitano - ITM

Ingeniería de Sistemas. Maestría Seguridad Informática.
Carlos Augusto Ruiz Patiño, Instituto Tecnológico Metropolitano – ITM

Ingeniero de sistemas. Magister Seguridad informática.

References

AlKilani, H., Nasereddin, M., Hadi, A., y Tedmori, S. (2019). Data Exfiltration Techniques and Data Loss Prevention System. 2019 International Arab Conference on Information Technology (ACIT), 124-127. https://doi.org/10.1109/ACIT47987.2019.8991131

Álvarez Castelló, R. (2018). Bases físicas de la luz, procedimientos Endoscópicos en Gastroenterología. https://nanopdf.com/download/bases-fisicas-de-la-luz_pdf

Carpentier, E., Thomasset C., y Briffaut, J. (17-20 noviembre de 2019). Bridging The Gap: Data Exfiltration In Highly Secured Environments Using Bluetooth IoTs. IEEE 37th International Conference on Computer Design (ICCD). https://doi.org/10.1109/ICCD46524.2019.00044

Chen, Q., Liu, F. W., Xiao, Z., Sharma, N., Cho, S. K., y Kim, K. (2019). Ultrasound Tracking of the Acoustically Actuated Microswimmer. in IEEE Transactions on Biomedical Engineering, 3231-3237. https://doi.org/10.1109/TBME.2019.2902523

Congreso de la República (2009). Ley 1273 de 2009. Por medio de la cual se modifica el Código Penal, se crea un nuevo bien jurídico tutelado - denominado “de la protección de la información y de los datos”- y se preservan integralmente los sistemas que utilicen las tecnologías de la información y las comunicaciones, entre otras disposiciones. 5 de enero de 2009. Diario Oficial No. 47223.

GNU Radio project. (2022). About GNU Radio. https://www.gnuradio.org/about/

iZotope Corp. (2021). The Complete Audio Repair Toolkit. https://www.izotope.com/en/products/rx.html

Leyden, J. (5 de diciembre de 2013). Hear that? It's the sound of BadBIOS wannabe chatting over air gaps, LANs-free prototype mimics notorious rootkit. https://www.theregister.com/2013/12/05/airgap_chatting_malware/

Liu, X., Zhang, P., Wang, F., y Wu, X. (2019). Design and Implementation of the Information Transmission System Based on Ultrasound. IEEE 8th Joint International Information Technology and Artificial Intelligence Conference (ITAIC), 1862-1865, https://doi.org/10.1109/ITAIC.2019.8785630

Murphy, K. (2017). Quietnet. https://github.com/Katee/quietnet/blob/master/Readme.md

NumPy Project. (2020). NumPy software. https://numpy.org/

Ortega, D., y Seguel, S. (2004). Historia del ultrasonido: el caso chileno. Revista Chilena de Radiología, 10(2), 89-92. https://dx.doi.org/10.4067/S0717-93082004000200008

Osorio-Sierra, A., Mateus-Hernández, M. J., y Vargas-Montoya, H. F. (2020). Proceso para la identificación, clasificación y control del comportamiento de familias Ransomware. Revista UIS Ingenierías, 19(3), 131-142. https://doi.org/10.18273/revuin.v19n3-2020013

Pérez, E. (2020). El zip de la muerte: un "inocente" archivo comprimido capaz de explotar hasta colapsar tu PC con billones de datos. https://www.xataka.com/aplicaciones/zip-muerte-inocente-archivo-comprimido-capaz-explotar-colapsar-pc-billones-datos.

Pérez, M.A. (2013). Cómo actúa BadBIOS, el malware capaz de propagarse por el sonido. https://blogthinkbig.com/badbios-malware-sonido-2

Peritos Informáticos (18 de agosto de 2021). Qué es un delito informático y qué tipos existen. https://peritos-informaticos.com/que-es-un-delito-informatico-y-que-tipos-existen

PyAudio Project. (2020). Python Bindings for PortAudio. https://pypi.org/project/PyAudio/

Qt Group. (2022). One framework. One codebase. Any platform. https://www.qt.io/

Quiroz Tascón, S., Zapata Jiménez, J., y Vargas Montoya, H. F. (2020). Predicting Cyber-Attacks in Industrial SCADA Systems Through The Kalman Filter Implementation. Revista TecnoLógicas, 23(48), 249-267. https://doi.org/10.22430/22565337.1586

Roldán Álvarez, M. A., y Vargas Montoya, H. F. (2020). Ciberseguridad en las redes móviles de telecomunicaciones y su gestión de riesgos. Revista Científica Ingeniería y Desarrollo, 38(2), 279-297. https://doi.org/10.14482/inde.38.2.006.31

Shahrad, M., Mosenia, A., Song, L., Chiang, M., Wentzlaff, D., Mittal, P. (2018). Acoustic Denial of Service Attacks on Hard Disk Drives. ASHES '18: Proceedings of the 2018 Workshop on Attacks and Solutions in Hardware Security, 34-39. https://doi.org/10.1145/3266444.3266448

Solairaj, A., Prabanand, S. C., Mathalairaj, J., Prathap, C., y Vignesh, L. S. (2016). Keyloggers software detection techniques. 10th International Conference on Intelligent Systems and Control (ISCO), 1-6. https://doi.org/10.1109/ISCO.2016.7726880 .

Spiros, A., y Braghin, B. (2019). 4Kdump: Exfiltrating files via hexdump and video capture. ICPS Proceedings, Proceedings of the Sixth Workshop on Cryptography and Security in Computing Systems. 1–6, https://doi.org/10.1145/3304080.3304081

Stepen, L. J. (2020). El archivo de la muerte 42.zip – Como crear una Zip Bomba. https://kodigo.info/el-archivo-de-la-muerte-42zip/