[jtchang]

So a possible use case for this covert channel:

You are trying to infiltrate a specific computer inside a large corporation. You have a wireless USB key that you sneak in and plug it into a target computer.

The problem is issuing commands to that USB dongle (which I assume is running some sort of OS).

If the dongle sets up a new wireless network it will be detected by rogue AP scanners (common feature in many enterprise access points). So instead you stick your data in a covert channel. You then sit in the parking lot and communicate with your device without it tripping any IDS systems. At least for now until the IDS systems start looking for weird packets with data stuffed in all the wrong places.

[lifeisstillgood]

I take back my previous pessimism - brilliance

[jvictor118]

This is awesome.

[skeletonjelly]

Can you elaborate on the OS on a USB thing? You mean you'd reboot the machine to the OS on the USB? Wouldn't that trigger things? Or that machine merely a conduit?

[Shish2k]

If you can convince a machine to boot from USB, then one could make a liveUSB distro which automatically boots the first hard drive in a fullscreen VM (+ remote access), so it would appear to the user and network to be unchanged.

(Not sure how well that works for windows, which freaks out at the slightest hardware change, but it seems to work great for linux - I'm doing that at work to get modern hardware and software support of ubuntu while the software we use is only for centos; if I ever want to go back I just remove my extra hard drive and boot from the original again :) )

[hobolobo]

So you boot into Ubuntu which then loads the HDDs OS in a VM? What do you use to do this?

[Shish2k]

Yup, using KVM / Virt-Manager, "Create VM" -> "Use existing disk: /dev/sda" -> "Run". Aside from X getting confused, which was easily fixed [1], everything Just Worked. SSHFS is used so that I can edit code from the native desktop and run it in the VM.

[1] it had the nvidia proprietary driver hardcoded in xorg.conf -- with a blank config, Xorg correctly auto-configures the neuveuo(sp?) driver when it's running natively and the emulated card driver when running in a VM.

[garg]

A good defense against this would be to have all the local HDs encrypted. That way nothing can run/access the contents of the HDs without the encryption password.

[dublinben]

I think the USB key would have some logic so it could steal information from its host, and send these WiFi signals by itself.