Hackers use electromagnetic attack to steal data from air gapped systems

1 0

By Matthew Griffin Security and Privacy 10th May 2018

WHY THIS MATTERS IN BRIEF

Faraday cages are supposed to be the ultimate in stopping air gapped computer systems from being attacked and their data exfiltrated, but hackers in Israel have just proved that’s no longer the case.

Two common methods of physical cybersecurity, air gapping and Faraday cages, have been found breachable in two papers released by researchers from Ben Gurion University in Israel, and that’s after other hacks that used electric powerlines, fan noise, heat, infra red cameras, and even LED light and drones, to exfiltrate data from advanced air gapped networks and systems… Faraday cages are grounded cages made of electrically conductive material that can completely block electromagnetic fields and signals. Air-gapped computers are those completely isolated from outside networks and signals. Air-gap setups commonly include Faraday cages.

Dubai heads to Mars, announces 2117 colonisation plans

Anyone who has interacted with a Faraday cage can attest to their effectiveness, put a smartphone in a Faraday cage and you can watch the signal drop instantly. What researchers found, however, is that commonly overlooked low-level magnetic fields can still penetrate air gaps and Faraday cages, allowing attackers to intercept and steal data.

Take a basic compass into a Faraday cage, research lead Dr. Mordechai Guri said, and it will still work.

“While Faraday rooms may successfully block electromagnetic signals that emanate from computers, low frequency magnetic radiation disseminates through the air, penetrating metal shields within the rooms,” he said.

It’s that low-level field that allows attackers to covertly access any device with a CPU hidden inside a Faraday cage or air-gapped room. That’s worth reiterating, anything with a CPU can be manipulated using what Guri and his team call the Odini method.

New Facebook AI de-identifies you in videos to protect you from facial recognition tech

A device infected with Odini malware can control the low-level magnetic field emitted by a CPU by regulating the load on its cores. Data can then piggyback on the CPU’s magnetic field, transmit outside the Faraday cage or air gap, and be picked up by a receiving device designed to detect magnetic field manipulation.

A second attack, which the team calls Magneto, uses the same method of CPU magnetic field manipulation but allows it to be picked up by a nearby smartphone.

Don’t think sticking the smartphone in a Faraday bag or putting it into airplane mode will stop it from detecting the signal, it’s magnetic, so it passes right through and is picked up by the device’s magnetic field sensor, a standard feature in most modern smartphones.

It’s impossible to escape magnetic fields, they’re a basic part of nature and a fundamental part of computing, which makes Odini and Magneto seriously threatening. The researchers do propose several methods for blocking the attacks, though their practicality is questioned by the team recommending them.

LG's keynote speaker at CES 2021 was a digital human called Reah

First is shielding sensitive computers from magnetic fields, which the researchers point out is impractical in all but the most sensitive military and scientific applications. In order to reliably shield against the low-frequency fields manipulated by Odini and Magneto, multiple layers of ferromagnetic material, which would weight multiple tons, would need to be built into secure rooms. The paper adds that these ferromagnetic rooms are incredibly expensive.

The second suggestion the team gives is signal jamming using either magnetic field-generating hardware or software. The hardware needed can produce magnetic fields much stronger than CPUs, rendering their emissions unreadable. Software is also available that can run dummy tasks that generate random magnetic signals, but it is processor-intensive and can severely reduce performance.

Third, the team recommends zoning. This would be physical restriction of certain devices, like smartphones, from being anywhere near sensitive machines. It’s no longer enough to just drop the devices into a small Faraday cage, they need to be across the building from vulnerable hardware.

As Covid-19 lockdowns ease companies begin tracking employees with in-house tracking apps

Guri and his team also recommend monitoring hardware for abnormal processes and magnetic radiation, which can be done with standard antivirus, intrusion detection, and intrusion prevention software.

There’s no reason to assume that these attacks exist in the wild, and executing one would require planting malware on the target machines, making it quite difficult, though not impossible, as we saw with Stuxnet. Don’t take chances if you’re responsible for systems secure enough to warrant Faraday cages and air gaps—make plans to enhance your security knowing these kinds of nearly unstoppable attacks are increasingly possible.

Matthew Griffin / About Author

Matthew Griffin, multi-award winning Futurist and named Futurist of the Year 2024, has been described as a "Walking encyclopaedia of the future" by NASA and a futurist polymath. One of the world's most renowned futurists and strategic foresight experts Matthew is the 15 times author of the blockbuster "Codex of the Future" series, and is the Founder and Futurist in Chief of the 311 Institute, a global Futures and Deep Futures advisory firm working across the next 50 years, XPotential University, the world's first free futures and foresight university, and the World Futures Forum which works with the United Nations to solve the worlds greatest challenges. Matthew is an in demand international keynote, acclaimed university lecturer and mentor, and host of the hit Fanatical Futurist podcast.

A rare talent in his past Matthew helped build and run several multi-billion dollar business units for Atos, Dell-EMC, and IBM, and his ability to identify, track, and explain the impacts of hundreds of emerging technologies and trends on global business, culture, and society has earned him a powerful reputation and a roster of clients that include royal households, world leaders, G7, G20, and G77+ governments, and many of the world's most respected brands including ABB, Accenture, Adidas, AON, ARM, BCG, Centrica, Citi Group, Coca Cola, Dentons, Deloitte, Disney, Dow, EY, KPMG, Lego, Legal & General, LinkedIn, Microsoft, PepsiCo, Qualcomm, RWE, Samsung, T-Mobile, UBS, VISA, and many others. He was also the only futurist invited to talk at the UN COP28 held in Dubai alongside world leaders.

Regularly featured in the global media including the AP, BBC, Bloomberg, CNBC, Discovery, Forbes, Khaleej Times, Telegraph, TIME, ViacomCBS, WIRED, and the WSJ, Matthews mission is to help organisations create a fair and sustainable future whose benefits are shared by everyone irrespective of their ability, background, or circumstances.