Backtrack 5r3: Capturing Voice from Remote Mic and Converting it to Searchable Text

Okay, I introduced the cool capability of using Metasploit to capture remote voice via mic and then converting it into keyword searchable text in the last post. As promised, we will take a closer look at setting it up to work on Backtrack 5r3 in this post.

I am going to warn you up front, this can be quite a process, but well worth it.

In this tutorial we will be using a Windows 7 laptop as our target, Backtrack 5r3 as our “attacker” system, the Social Engineering Toolkit (SET), Metasploit, AT&T’s voice to text developer platform, and a proof of concept AT&T interface script by Metasploit developer Sinn3r.

Continue reading “Backtrack 5r3: Capturing Voice from Remote Mic and Converting it to Searchable Text”

Remotely Recording Speech and Turning it into Searchable Text with Metasploit & Watson

WATSON-graphic-5

Technology has made some amazing advances in the past few years. It makes you wonder what computer security will look like in the future. For example, how cool would it be to be able to remotely turn on a microphone, and record what it said. Then process the recorded speech – turning it into searchable text, and scanning it to look for keywords like “Password” or “Social Security Number”?

What if I said you can do that right now?

Well, you can!

Thanks to some amazing work by AT&T labs and “Sinn3r” from the Metasploit development team, you can now take any .wav file that contains spoken words, and search it for keywords like account information and passwords.

AT&T labs has opened up their “Watson” speech to text technology to the public, releasing a development SDK and API so programmers can add speech recognition to their products. With a proof of concept script written by Sinn3r from Rapid7, you can now add speech to text capability to Metasploit!

How does it work?

Amazing!

I will cover it in deeper detail in a following post, but here is a quick walk through:

I had a “target” system attach to my “attacker” Backtrack 5r3 box running a Java exploit. Once the target Windows 7 system (fully patched and updated of course, with AV protection enabled) ran the backdoored Java, I had an open session with it:

Active Sessions 2

Next, I simply ran the “record_mic” command to remotely turn on and capture any audio within the area of the target system:

Record_mic

Finally, I simply fed the resulting .wav file into the sound analyzer script. It converted the sound file to text and searched it for keywords.

Did it find anything?

Of course! It correctly scanned the file and noticed that the word “password” was mentioned:

IT WORKED CLOSE UP

Okay, it wasn’t 100% correct. I used a four number password, followed by a dash and four more numbers. As you can see, the AT&T program mistook it and tagged it as a phone number, dropping the first number off. I also said “secured” instead of “picture” at the beginning of the line.

AT&T tagged the transcription confidence level at .48, this means that the program was about 50% confident that it had the right translation, which was about correct.

Even so, this technology is AMAZING! You have to think, during the process a voice was copied live from a remote system, turned into text and then analyzed for keywords. Without any “voice training” like so many voice programs need, Watson pretty accurately deciphered the .wav file and gave us a useable output.

We will take a much closer look at this in the next few posts. There were a few hurdles to overcome getting the script to run on Backtrack 5r3, so I will create a step by step tutorial. We will even look at some other uses for the technology.

Awesome job AT&T, Sinn3r and the Metasploit development team!

Twitter Hacked: About 250,000 User Accounts Possibly Compromised

Seems to be the week for large media attacks. The NY Times and WSJ were hacked earlier this week and Twitter announced earlier today that they had a security breach and the credentials for about 250,000 accounts could have been compromised.

“This week, we detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data. We discovered one live attack and were able to shut it down in process moments later. However, our investigation has thus far indicated that the attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/salted versions of passwords – for approximately 250,000 users.

As a precautionary security measure, we have reset passwords and revoked session tokens for these accounts. If your account was one of them, you will have recently received (or will shortly) an email from us at the address associated with your Twitter account notifying you that you will need to create a new password. Your old password will not work when you try to log in to Twitter.”

Apparently the culprit of the breach was, drum roll please, a Java vulnerability. Twitter recommends disabling Java if it is not necessary, use different passwords for each site and if you are using weak passwords to change them now!

“Make sure you use a strong password – at least 10 (but more is better) characters and a mixture of upper- and lowercase letters, numbers, and symbols – that you are not using for any other accounts or sites. Using the same password for multiple online accounts significantly increases your odds of being compromised.”

Apparently Twitter was able to catch the hacker in progress and shut him out. They are working with Law Enforcement agencies to track the attackers and shut them down.

No source has been mentioned as to who the hackers were or where they were from. There was a lot of finger pointing at China earlier this week with the NY Times and WSJ attacks, not sure if I buy into that at this point. China (at least the military backed hackers) is usually more interested in cyber espionage and targets of strategic importance.