Develop a way to steal data through firewalls from computers |
An information security researcher has developed a new way to steal data from offline devices using electromagnetic waves emitted from the device's power source.
He warned that data could be stolen from so-called "air-locked" computers, or computers isolated over the Internet, by someone with a smartphone or laptop more than 6 feet away or even through walls with a special receiver.
The method, developed by Mordechai Guri, a researcher at Ben-Gurion University in Beersheba, has been dubbed COVID-bit, perhaps in reference to common social distancing rules that prevent people from getting close.
The widespread use of offline computers in organizations dealing with highly sensitive data and tasks, such as energy, government, and military weapons, has made this new approach attractive.
First, according to Juri, the target system must have some malware pre-installed, which is only possible with physical access to the device. The malware then controls the CPU load and base frequency so that the power supply generates electromagnetic waves between 0 and 48 kHz.
The switching elements in these systems generate square waves of electromagnetic radiation at specific frequencies that are turned on and off during the AC/DC conversion, Gorey added.
The waves can carry raw data that can be decoded by someone outside the device using an antenna that simply plugs into the headphone jack of the mobile device. The device software can then decode the raw data by applying a noise filter.
Gorey tested his method on a desktop computer, a laptop, and a Raspberry Pi 3 and found that laptops were the most difficult to hack because their low-power characteristics made their electromagnetic signature less powerful.
On the other hand, a desktop computer can transmit 500 bps with an error rate of 0.01% to 0.8% and 1000 bps with an error rate of 1.78%, which is still subtle enough to effectively steal data.
At this speed, a 10KB file can be sent in less than 90 seconds, and raw data for an hour of activity on the target device can be sent in just 20 seconds. This may include keyboard clicks.
And with the Pi 3, insufficient power means that the receiver's range to successfully transmit data is limited.
Juri recommends protecting systems isolated from the Internet by monitoring processor load and clock frequency for suspicious or unusual activity. However, this monitoring increases processing costs, which means lower performance and higher power consumption.
Juri proposes another solution, which is to lock the processor to a specific central frequency to prevent the associated electromagnetic radiation from decrypting the data. The downside here is that the base frequencies should fluctuate naturally, so locking in frequencies sometimes degrades and other times overwhelms performance.