Emerging Tech

Blog archive
Computer security

Hacking your data without touching your network

It's an IT manager's nightmare.  A hacker -- perhaps an employee, a service provider or custodial staff -- plants a sensor near a critical server to capture the flow of data without ever having to crack a password or break through a firewall.

And the problem isn't only the data breach.  Since the hacker didn't access the network, there's no audit trail -- you may never know what data has been stolen or by whom.

No, it's not a scene from Mission Impossible.  Researchers at MWR Security, a cybersecurity company headquartered in England, have shown how they could "sniff" data being transferred internally within a device by analyzing electromagnetic radiation leaking from the device.

It's called "near-field analysis," and the MWR Security researchers say they have successfully grabbed data by analyzing variations in the electromagnetic field leaking from a storage device and then applying an algorithm to decode the traffic.    

According to MWR researcher Piotr Osuch, near-field detection tools don't have to necessarily be right next to the device being monitored.  "Near-field might not be that 'near,'" Osuch said.  "If a subsystem of a device is operating at 1 MHz, for example a keyboard, then near-field can be up to 150 meters away."  He added that many electronic components operate at 32 MHz, which means their electromagnetic fields could be detected from a distance of 4 meters.

What's more, Osuch said, the equipment needed to gather the data is getting less expensive, costing from a few thousand to tens of thousands of dollars, depending on the sophistication of the attack.  If the data moving through the monitored device is not encrypted -- and data is rarely encrypted while it is transiting inside an organization's network -- it is susceptible to being picked up.  While tempest shielding -- usually a simple metal enclosure around a device -- might prevent a data leak, there is little assurance without testing.

How big is the threat?  That, said Osuch, depends on the scenario.  "Suppose that the attack path is to sniff keyboard strokes in an institution -- that has been done at distances of roughly 20 meters, across walls," said Osuch.  "This would be a high threat.  A solution would be using electromagnetic-safe keyboards."

Tapping into a 4G wireless transmission, he says, would be more problematic but not impossible, particularly if the attacker were to setup a baseband station and "fuzz the device until a crash occurs," then analyze the crash and determine how to gain system-level code execution.

The key point is that near-field analysis of electromagnetic fields can allow a hacker to gather transmissions that can -- with varying amounts of further work and decoding -- result in data leakage without actually entering the network.

How to protect against this?  "There is no general answer," Osuch said, "as this is very application-specific."  At the same time, Osuch noted that using near-field analysis as a hacking tool, for now at least, is likely to be used only against high-value targets. 

"In most cases the attacks would have to be quite sophisticated," he said.  "Probably targeting equipment that is expensive to design from the get go and so would deserve a comprehensive and formal EM evaluation by an RF engineer."

Posted by Patrick Marshall on Sep 27, 2016 at 9:37 AM


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.