Highly-Contagious XSS RootKit 

“In general, malware can exploit various hardware combinations to leak sensitive information from air-gapped systems using “air-gap covert channels”.[19] These hardware combinations use a number of different mediums to bridge the air-gap, including: acoustic, light, seismic, magnetic, thermal, and radio-frequencies.”

“Protecting equipment from spying is done with distance, shielding, filtering, and masking.”

“Noise can also protect information by masking the actual data.” – cancellation 

“it is possible to log a user’s keystrokes using the motion sensor inside smartphones.” – Apple’s 3D Touch flaw

“Adding random noise to the least significant bits of pixel values may render the emanations from flat-panel displays unintelligible to eavesdroppers but is not a secure method.”

“Later in 2015, researchers introduced GSMem, a method for exfiltrating data from air-gapped computers over cellular frequencies. The transmission – generated by a standard internal bus – renders the computer into a small cellular transmitter antenna.”


Protocols and services which enables a remote, third-party to stream all data out of computer, including writing to the disk sectors:

CUPS service a

IPv6, ntp (network time protocol) referencing, mDNSresponder (5353 <–|->5353<-> internal DNS service at :53) service , srf0, gif0, lo0 interfaces, IPP, IPPS, HTTP, airplay/googlecast service message broadcasts, uscan, uscans, pdl-datastream, ptp (point to point), (serial) ippusb, forged certs (invalid valid HTTPS TCP handshake), kerberos

fe80::1 at 5353 -> ff02::fb at 5353

The third party can initiate a TCP connection once it has located the target computer on the /16 subset of addresses. Localhost IPv6’s multicasting address (broadcasting presence) attached to an interface, as indicated by the % zone identifier (loopback interface), . Packets are replayed back to the source’s address (localhost), which can route the returning packets through resolve the 

::1%lo0 or



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s