Visible to the public CD-LEAK: Leaking Secrets from Audioless Air-Gapped Computers Using Covert Acoustic Signals from CD/DVD Drives

TitleCD-LEAK: Leaking Secrets from Audioless Air-Gapped Computers Using Covert Acoustic Signals from CD/DVD Drives
Publication TypeConference Paper
Year of Publication2020
AuthorsGuri, M.
Conference Name2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC)
Date PublishedJuly 2020
ISBN Number978-1-7281-7303-0
Keywordsacoustic, acoustic signal detection, acoustical characteristics, Acoustics, air gap, Air gaps, air-gapped environment, air-gapped networks, audioless air-gapped computers, CD-LEAK, composability, compromised computer, computer network security, computer speakers, Computers, covert acoustic signals, covert channels, data modulation, Demodulation, demodulation algorithms, digital versatile discs, Drives, exfiltration, Human Behavior, human factors, Internet, invasive software, loudspeakers, Malware, Metrics, nearby Internet connected receiver, novel acoustic covert channel, optical drives, optical modulation, optical receivers, process sensitive information, pubcrawl, resilience, Resiliency, signal generation, smart phones

Air-gapped networks are isolated from the Internet, since they store and process sensitive information. It has been shown that attackers can exfiltrate data from air-gapped networks by sending acoustic signals generated by computer speakers, however this type of covert channel relies on the existence of loudspeakers in the air-gapped environment. In this paper, we present CD-LEAK - a novel acoustic covert channel that works in constrained environments where loudspeakers are not available to the attacker. Malware installed on a compromised computer can maliciously generate acoustic signals via the optical CD/DVD drives. Binary information can then be modulated over the acoustic signals and be picked up by a nearby Internet connected receiver (e.g., a workstation, hidden microphone, smartphone, laptop, etc.). We examine CD/DVD drives and discuss their acoustical characteristics. We also present signal generation and detection, and data modulation and demodulation algorithms. Based on our proposed method, we developed a transmitter and receiver for PCs and smartphones, and provide the design and implementation details. We examine the channel and evaluate it on various optical drives. We also provide a set of countermeasures against this threat - which has been overlooked.

Citation Keyguri_cd-leak_2020