Adding Android and Mac OS X Malware to the APT Toolbox 2012 Other authors. Tracking GhostNet: Investigating a Cyber Espionage Network March 28, 2009. 2 illustrate how the program is divided into two threads. It is worth noting that Mac OS X microphone recorders use this two thread approach as well. The primary thread, Fig. 1(a), acts as a control and the secondary, Fig. 1(b), handles the data returned from the sound card. Of an advanced persistent threat (APT) called GhostNet. GhostNet originates from China with one of the main target as Tibet. The his-tory and political background about the conflict between Tibet and China for more than 50 years is a strong motivation for the emer-gence of the threat. Even though GhostNet began with Tibetan. 1.介绍 GhostNet是华为诺亚方舟实验室在CVPR202提出 ,其论文名字是:GhostNet: More Features from Cheap Operations,简单来说,它的意思就是通过更简单的运算提取特征,至于怎么提就需要看论文了。 2.模型结构 训练好的网络里的feature map存在大量的冗余信息 ,有很多特征.
Newsletter
Subscribe to our Threatpost Today newsletter
Join thousands of people who receive the latest breaking cybersecurity news every day.
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.
Infosec Insider Post
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
Security researchers have confirmed that MacBook webcams can spy on their users without the warning light being activated.
Apple computers have a “hardware interlock” between the camera and the light that is supposed to ensure the camera can't be activated without alerting the user by lighting a tell-tale LED above the screen.
However Stephen Checkoway, a computer science professor at Johns Hopkins University and graduate student Matthew Brocker were able to circumvent this security feature by reprogramming the micro-controller chip inside the camera.
Normally, any program running on a MacBook’s central processing unit that takes images through Apple's iSight camera would turn on the tell-tale light. Brocker and Checkoway's reprogramming tactic allows the camera and it light to be activated independently, so that the camera can be running while the light is switched off.
The researchers have released proof-of-concept software to demonstrate the trick, including a paper , entitled iSeeYou: Disabling the MacBook Webcam Indicator LED. The study provides the first public confirmation that a sophisticated hacker tactic long suspected to be part of the playbook of intelligence agencies, feds and others is not only possible but relatively straightforward.
The same technique that allows us to disable the LED, namely reprogramming the firmware that runs on the iSight, enables a virtual machine escape whereby malware running inside a virtual machine reprograms the camera to act as a USB Human Interface Device (HID) keyboard which executes code in the host operating system. We build two proofs-of-concept: (1) an OS X application, iSeeYou, which demonstrates capturing video with the LED disabled; and (2) a virtual machine escape that launches Terminal.app and runs shell commands. To defend against these and related threats, we build an OS X kernel extension, iSightDefender, which prohibits the modification of the iSight’s firmware from user space.
Ghostnet Mac Os 11
Ghostnet Mac Os Download
The research focused on MacBook and iMac computers released before 2008 (iMac G5 and early Intel-based iMacs, MacBooks, and MacBook Pros) but other security researchers reckon the same tactics would work on more recent models from multiple vendors, not just Apple. This means that any laptop with a built-in camera could be used by a skilled hacker to spy on its users without giving the game away. It's unclear whether or not Apple or other manufacturers are developing any mitigation plans.
Attacks on micro-controllers, particularly on Mac machines, are becoming an increasingly fruitful area of security research. For example, security researcher Charlie Miller demonstrated a hack on systems that control Apple batteries, causing the battery to discharge rapidly and potentially leading to explosive consequences. Other attacks target Apple's keyboard controllers.
The spying on people without turning on warning lights issue is far from an academic concern. A tell-tale flickering light was central feature of a notorious case involving school-supplied laptops in Pennsylvania back in 2008.
Administrators at Lower Merion High School near Philadelphia reportedly captured 56,000 images of students by using a trojan installed on school-issued laptops. 'Students reported seeing a ‘creepy’ green flicker that indicated that the camera was in use. That helped to alert students to the issue, eventually leading to a lawsuit,' the Washington Post reported.
More sophisticated hackers have developed the apparent ability to suppress any warning light. This may be a feature of commercial spyware packages, such as FinSpy from FinFisher, which marketing documents covertly leaked through WikiLeaks claim can be “covertly deployed on target systems” to allow “live surveillance through webcam and microphone.”
A surveillance program called Ghostnet, reckoned to be a Chinese spying operation against prominent Tibetans including the Dalai Lama, involved “web cameras [which are] silently triggered, and audio inputs surreptitiously activated,” according to a 2009 report into the snooping by the University of Toronto.
Marcus Thomas, a former assistant director of the FBI’s Operational Technology Division, recently told the Washington Post that the FBI has long been able to covertly activate a computer’s camera, without triggering any 'recording in progress' warning light.
Privacy conscious users have one ready means to protect themselves from spying. “The safest thing to do is to put a piece of tape on your camera,” Miller told the Washington Post. ®
Camnote
A video demonstrating how the iSight camera can be turned on without activating the small-green LED light on older Macs can be found here.
Get ourTech Resources