This is an outdated version published on 2022-11-28. Read the most recent version.

Information leakage by ultrasound: a crime against personal data

Authors

Héctor Fernando Vargas Montoya Instituto Tecnológico Metropolitano - ITM https://orcid.org/0000-0002-0861-2883
Clay Schneider Vallejo Pinilla Instituto Tecnológico Metropolitano - ITM https://orcid.org/0000-0002-3244-2167
Carlos Augusto Ruiz Patiño Instituto Tecnológico Metropolitano – ITM https://orcid.org/0000-0002-2421-4906

DOI:

https://doi.org/10.22335/rlct.v14i3.1618

Keywords:

Computer crime, computer system, data protection, right to privacy, security measure, ultrasound

Abstract

The use of mechanisms such as the transmission of data by ultrasonic waves can allow malicious personnel to obtain personal data from a computer system, which could constitute a computer crime. The objective of this article is to demonstrate how it is possible to filter information through ultrasound, using workstation peripheral systems, with which personal data could be obtained, which generates a confidentiality problem. For this, the method used was to perform a characterization of the computer components, a support software was built for sending and receiving ultrasound data (at a frequency greater than 18000 Hz), using the speakers of a computer equipment and the reception of data was from another laptop, the tests were performed in a controlled environment with low noise level. As a result, it was possible to transfer information through basic computational elements, although with some packet loss, but functional for the fulfillment of the proposed objective, with which it is concluded that it is possible that part of this leaked information could generate a computer crime through the light of Law 1273 in Colombia.

Downloads

Download data is not yet available.

Author Biographies

Héctor Fernando Vargas Montoya, Instituto Tecnológico Metropolitano - ITM

Ingeniero de Sistemas. Magíster en seguridad de las TIC.
Clay Schneider Vallejo Pinilla, Instituto Tecnológico Metropolitano - ITM

Ingeniería de Sistemas. Maestría Seguridad Informática.
Carlos Augusto Ruiz Patiño, Instituto Tecnológico Metropolitano – ITM

Ingeniero de sistemas. Magister Seguridad informática.

References

AlKilani, H., Nasereddin, M., Hadi, A., y Tedmori, S. (2019). Data Exfiltration Techniques and Data Loss Prevention System. 2019 International Arab Conference on Information Technology (ACIT), 124-127. https://doi.org/10.1109/ACIT47987.2019.8991131

Álvarez Castelló, R. (2018). Bases físicas de la luz, procedimientos Endoscópicos en Gastroenterología. https://nanopdf.com/download/bases-fisicas-de-la-luz_pdf

Carpentier, E., Thomasset C., y Briffaut, J. (17-20 noviembre de 2019). Bridging The Gap: Data Exfiltration In Highly Secured Environments Using Bluetooth IoTs. IEEE 37th International Conference on Computer Design (ICCD). https://doi.org/10.1109/ICCD46524.2019.00044

Chen, Q., Liu, F. W., Xiao, Z., Sharma, N., Cho, S. K., y Kim, K. (2019). Ultrasound Tracking of the Acoustically Actuated Microswimmer. in IEEE Transactions on Biomedical Engineering, 3231-3237. https://doi.org/10.1109/TBME.2019.2902523

Congreso de la República (2009). Ley 1273 de 2009. Por medio de la cual se modifica el Código Penal, se crea un nuevo bien jurídico tutelado - denominado “de la protección de la información y de los datos”- y se preservan integralmente los sistemas que utilicen las tecnologías de la información y las comunicaciones, entre otras disposiciones. 5 de enero de 2009. Diario Oficial No. 47223.

GNU Radio project. (2022). About GNU Radio. https://www.gnuradio.org/about/

iZotope Corp. (2021). The Complete Audio Repair Toolkit. https://www.izotope.com/en/products/rx.html

Leyden, J. (5 de diciembre de 2013). Hear that? It's the sound of BadBIOS wannabe chatting over air gaps, LANs-free prototype mimics notorious rootkit. https://www.theregister.com/2013/12/05/airgap_chatting_malware/

Liu, X., Zhang, P., Wang, F., y Wu, X. (2019). Design and Implementation of the Information Transmission System Based on Ultrasound. IEEE 8th Joint International Information Technology and Artificial Intelligence Conference (ITAIC), 1862-1865, https://doi.org/10.1109/ITAIC.2019.8785630

Murphy, K. (2017). Quietnet. https://github.com/Katee/quietnet/blob/master/Readme.md

NumPy Project. (2020). NumPy software. https://numpy.org/

Ortega, D., y Seguel, S. (2004). Historia del ultrasonido: el caso chileno. Revista Chilena de Radiología, 10(2), 89-92. https://dx.doi.org/10.4067/S0717-93082004000200008

Osorio-Sierra, A., Mateus-Hernández, M. J., y Vargas-Montoya, H. F. (2020). Proceso para la identificación, clasificación y control del comportamiento de familias Ransomware. Revista UIS Ingenierías, 19(3), 131-142. https://doi.org/10.18273/revuin.v19n3-2020013

Pérez, E. (2020). El zip de la muerte: un "inocente" archivo comprimido capaz de explotar hasta colapsar tu PC con billones de datos. https://www.xataka.com/aplicaciones/zip-muerte-inocente-archivo-comprimido-capaz-explotar-colapsar-pc-billones-datos.

Pérez, M.A. (2013). Cómo actúa BadBIOS, el malware capaz de propagarse por el sonido. https://blogthinkbig.com/badbios-malware-sonido-2

Peritos Informáticos (18 de agosto de 2021). Qué es un delito informático y qué tipos existen. https://peritos-informaticos.com/que-es-un-delito-informatico-y-que-tipos-existen

PyAudio Project. (2020). Python Bindings for PortAudio. https://pypi.org/project/PyAudio/

Qt Group. (2022). One framework. One codebase. Any platform. https://www.qt.io/

Quiroz Tascón, S., Zapata Jiménez, J., y Vargas Montoya, H. F. (2020). Predicting Cyber-Attacks in Industrial SCADA Systems Through The Kalman Filter Implementation. Revista TecnoLógicas, 23(48), 249-267. https://doi.org/10.22430/22565337.1586

Roldán Álvarez, M. A., y Vargas Montoya, H. F. (2020). Ciberseguridad en las redes móviles de telecomunicaciones y su gestión de riesgos. Revista Científica Ingeniería y Desarrollo, 38(2), 279-297. https://doi.org/10.14482/inde.38.2.006.31

Shahrad, M., Mosenia, A., Song, L., Chiang, M., Wentzlaff, D., Mittal, P. (2018). Acoustic Denial of Service Attacks on Hard Disk Drives. ASHES '18: Proceedings of the 2018 Workshop on Attacks and Solutions in Hardware Security, 34-39. https://doi.org/10.1145/3266444.3266448

Solairaj, A., Prabanand, S. C., Mathalairaj, J., Prathap, C., y Vignesh, L. S. (2016). Keyloggers software detection techniques. 10th International Conference on Intelligent Systems and Control (ISCO), 1-6. https://doi.org/10.1109/ISCO.2016.7726880 .

Spiros, A., y Braghin, B. (2019). 4Kdump: Exfiltrating files via hexdump and video capture. ICPS Proceedings, Proceedings of the Sixth Workshop on Cryptography and Security in Computing Systems. 1–6, https://doi.org/10.1145/3304080.3304081

Stepen, L. J. (2020). El archivo de la muerte 42.zip – Como crear una Zip Bomba. https://kodigo.info/el-archivo-de-la-muerte-42zip/

Downloads

Published

2022-10-10 — Updated on 2022-11-28

Versions

Issue

Vol. 14 No. 3 (2022): september-december 2022

Section

Case studies

License

This work is licensed under a Creative Commons Attribution 4.0 International License.

This journal provides free and immediate access to its content (https://creativecommons.org/licenses/by/4.0/legalcode#languages), under the principle that making research available to the public free of charge supports greater global knowledge exchange. This means that the authors transfer the Copyrights to the journal, so that the material can be copied and distributed by any means, as long as the authors’ recognition is maintained, and the articles are not commercially used or modified in any way.

How to Cite

Information leakage by ultrasound: a crime against personal data. (2022). Revista Logos Ciencia & Tecnología, 14(3), 102-116. https://doi.org/10.22335/rlct.v14i3.1618 (Original work published 2022)