Product reviews, deals and the latest tech news

A new attack technique can breach walls to steal data from offline PCs

Using the electromagnetic radiation emitted by offline equipment’ power supplies, a novel technique for data theft has been created.

Experts have cautioned that even “air-gapped” PCs, which are completely cut off from the internet, may be hacked from distances of over six feet and even through walls by someone with a smartphone or laptop outfitted with a particular receiver.

Mordechai Guri, a researcher at Ben-Gurion University in Beersheba, Israel, came up with the approach and gave it the name COVID-bit, maybe in reference to norms of social distance that discourage individuals from standing too near to one another.

Linking two points in space

This new approach raises concerns since air-gapped systems are typically used in organisations dealing with extremely sensitive data and tasks, such as those involved with energy, government, and military weaponry.

First, the attacker needs physical access to the compromised system in order to install specific malware on it. This virus manipulates the power supply to generate electromagnetic waves with a frequency range of 0-48kHz by manipulating the load on the CPU and the frequencies of its cores.

Guri said that, during the AC/DC conversion process, the switching components inside these systems emit a square wave of electromagnetic radiation at certain frequencies.

Raw data may be transmitted through this wave and decrypted by individuals located far from the machine using an antenna that plugs into a standard 3.5 mm headphone socket. The device’s app may then apply a noise filter to the raw data and decode it.

Guri put his approach to the test on desktops, a laptop, and a Raspberry Pi 3, and discovered that the latter two were the most difficult to hack due to the weak electromagnetic signal they emit due to their efforts to conserve power.

The desktops, on the other hand, had an error rate of between 0.01% and 0.8% when transmitting at 500 bps and up to 1.78% while transmitting at 1000 bps, which was still sufficient for efficient data harvesting.

To put this in perspective, sending a 10KB file would take less than 90 seconds at this rate, while sending raw data relating to an hour’s worth of activity on the destination system would take less than 20 seconds. Live, in-the-moment transmission of keystroke logging is also possible.

The Pi 3’s poor power supply restricted the range over which signals could be received by the receiver.

Guri suggests that air-gapped computers keep themselves secure by keeping an eye on CPU use and frequency for any signs of malicious or unexpected behaviour. However, as these values often fluctuate substantially under realistic conditions of use, this might result in a large number of false positives.

The extra money spent on monitoring raises the possibility of slower performance and higher energy use.

Another option is to prevent data from being deciphered by electromagnetic radiation by locking the CPU to specific core frequencies. However, as previously indicated, normal swings of core frequencies are to be expected, therefore locking them will result in reduced performance at certain periods and misuse at others.