Home > exploits, Security > ThruGlassXfr starts to make an impact

ThruGlassXfr starts to make an impact

October 2nd, 2014
Reading Time: 2 minutes

logoIt is awesome to see that Ian Latter’s work on bypassing all security measures to exfiltrate data via the screen is starting to be received by the InfoSec community. Today an article written by Richard Stiennon on Ian’s presentation at COSAC has been syndicated through to Forbes. Well done Ian!! this follows up on a post I did in July when I was allowed to start talking about TGXf.

As part of Ian’s presentation preparation (and in response to a number of CFP reviewers NOT READING HIS SUBMISSIONS) he also prepared a number of videos demonstrating the capability of ThruGlassXfr along with his ThruKeyboardXfr.

ThruGlassXfer Open Letter (PDF) – TGXf VER8 FPS5 GD
http://youtu.be/IXlYDYjqFLU

Android smart-phone in flight mode, downloading a PDF from Youtube via a Laptop screen
http://youtu.be/2_8GlFdlb0Y

TGXf Demo – Open Letter PDF, ANSI (Terminal) Version 1 at 8 FPS
http://youtu.be/ZrMN54Rooec
(i.e. you don’t need graphical access to steal data)

TKXf Demo – Keyboard upload of virus to hardened Windows platform
http://youtu.be/2Szza7dQZsY
(i.e. I can type a virus into Windows .. stop me)

TKXf Demo – Keyboard upload of payload via Windows to Linux
http://youtu.be/QmROf-Tx92E
(i.e. I can type any payload into anything via anything .. stop me)

TCXf Demo – Attacker exfiltration from Linux via socket over PuTTY/XPe/HP Thin Client
http://youtu.be/sMHx5VDpFjQ
(i.e. I can route anything via anything over screen and keyboard)

And my personal favourite!!!!!
TCXf Demo – IP networking over Screen and Keyboard!
http://youtu.be/PdjhevoBKbs

Yes that last one is a functional network over TGXf and TKXf…

As a Security Enthusiast I love seeing this, though I have to say as a Security Technology Vendor and IT Outsourcing and Management Supplier it causes me pause. Now I finally have that enthusiasm back to write that paper on the risks of BYOD.

 

Comments are closed.