Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Viral Wiretap?

From: "Andrew Ruef" <jabberwocky () mediasoft net>
Date: Mon, 8 Sep 2003 17:07:10 -0400
I think in order to make it undetected you'd have to figure out a way to
make speech to text consume less processor runtime, or people might
notice. 

But once desktop speed gets up to 3-4 ghz in the next ten months, it
should be easier. 

Otherwise standard problems for viral infections and detecting them
apply.

Andrew Ruef

-----Original Message-----
From: Dave Falloon [mailto:dave.falloon () analogda com] 
Sent: Monday, September 08, 2003 1:55 PM
To: security-basics () securityfocus com
Subject: Viral Wiretap?

Hello,
        This is more of a thought experiment than a problem.  I recently
read an
article in 2600 about remotely operating the microphone on a computer to
record what a user is saying.  Potentially this could be extended to the
following situation:

- A virus attacks and arbitrary code running exploit on a machine
- it starts up the microphone and runs something similar to RecAll which
is
used by ham operaters to record traffic that is identified as human
voice
- As traffic is recorded it is transcribed to text using something
similar
to the eff's ears program
- Then the compressed text is send via the network to different hosts
p2p
style masking the virus originators identity, then the text could be
worked
on easily with a home built perl script that grabs any important numbers
credit cards, phone numbers, really anything and everything about a
person
could be found out

Think of the sensitive data that would be flowing if this hit your
office?
An unscrupulous individual could sell your trade secrets to your
competition
or perhaps blow the doors wide open on your enron-esque embezzlement
scheme.

Is there anything really stopping something like this from happening?  I
for
one disconnected the mic on my gaming headset, but how many people out
there
are using the default setup they got from dell including the little
built in
microphone on your monitor, or where ever it may be?

Just some more dire thoughts to get the ulcer working over time.  Any
comments on the feasibility of this type of bug?

Dave Falloon

White Hat, Black Hat, Asshat, which h4x0r will get you?


------------------------------------------------------------------------
---
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: