Emerging Tech

Blog archive
Computer security

Hacking your data without touching your network

It's an IT manager's nightmare.  A hacker -- perhaps an employee, a service provider or custodial staff -- plants a sensor near a critical server to capture the flow of data without ever having to crack a password or break through a firewall.

And the problem isn't only the data breach.  Since the hacker didn't access the network, there's no audit trail -- you may never know what data has been stolen or by whom.

No, it's not a scene from Mission Impossible.  Researchers at MWR Security, a cybersecurity company headquartered in England, have shown how they could "sniff" data being transferred internally within a device by analyzing electromagnetic radiation leaking from the device.

It's called "near-field analysis," and the MWR Security researchers say they have successfully grabbed data by analyzing variations in the electromagnetic field leaking from a storage device and then applying an algorithm to decode the traffic.    

According to MWR researcher Piotr Osuch, near-field detection tools don't have to necessarily be right next to the device being monitored.  "Near-field might not be that 'near,'" Osuch said.  "If a subsystem of a device is operating at 1 MHz, for example a keyboard, then near-field can be up to 150 meters away."  He added that many electronic components operate at 32 MHz, which means their electromagnetic fields could be detected from a distance of 4 meters.

What's more, Osuch said, the equipment needed to gather the data is getting less expensive, costing from a few thousand to tens of thousands of dollars, depending on the sophistication of the attack.  If the data moving through the monitored device is not encrypted -- and data is rarely encrypted while it is transiting inside an organization's network -- it is susceptible to being picked up.  While tempest shielding -- usually a simple metal enclosure around a device -- might prevent a data leak, there is little assurance without testing.

How big is the threat?  That, said Osuch, depends on the scenario.  "Suppose that the attack path is to sniff keyboard strokes in an institution -- that has been done at distances of roughly 20 meters, across walls," said Osuch.  "This would be a high threat.  A solution would be using electromagnetic-safe keyboards."

Tapping into a 4G wireless transmission, he says, would be more problematic but not impossible, particularly if the attacker were to setup a baseband station and "fuzz the device until a crash occurs," then analyze the crash and determine how to gain system-level code execution.

The key point is that near-field analysis of electromagnetic fields can allow a hacker to gather transmissions that can -- with varying amounts of further work and decoding -- result in data leakage without actually entering the network.

How to protect against this?  "There is no general answer," Osuch said, "as this is very application-specific."  At the same time, Osuch noted that using near-field analysis as a hacking tool, for now at least, is likely to be used only against high-value targets. 

"In most cases the attacks would have to be quite sophisticated," he said.  "Probably targeting equipment that is expensive to design from the get go and so would deserve a comprehensive and formal EM evaluation by an RF engineer."

Posted by Patrick Marshall on Sep 27, 2016 at 9:37 AM


  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.