Security Researchers Claim Wireless Keylogging
Posted: 2015-01-29 09:57am
I generally try to avoid sky-is-falling hysteria, but this could have some serious legs if it ends up broadly proliferated. The Israeli example is particularly worrisome in the modern business environment of bring-your-own-device tablets and phones.Hacked.com wrote:Security professionals have said for years that the only way to make a computer truly secure is for it to not be connected to any other computers, a method called airgapping. Then, any attack would have to happen physically, with the attacker actually entering the room and accessing the computer that way, which is incredibly unlikely. In the case of computers containing highly sensitive information, additional, physical security can always be added in the form of security guards, cameras, and so on.
Researchers at Georgia Institute of Technology have uncovered a vulnerability in all computers, however, which can be exploited regardless of an air gap. It’s a vulnerability which you’d never suspect, and it’s one that’s hard to fight against. All CPUs emit electromagnetic signals when they are performing tasks, and the first thing these researchers discovered was that binary ones and zeroes emit different levels. The second thing they discovered is that electromagnetic radiation is also emitted by the voltage fluctuations and that it can be read from up to six meters away. These signals, by the way, are known as side-channels, and they are well-documented in the cryptography field.
The Least Traditional Attack You’ve Ever Seen
airgapSide channels are a powerful class of attacks that circumvent traditional security protections and access controls. Unlike traditional attacks that exploit vulnerabilities in what the system does, side channel attacks allow information to be obtained by observing how the system does it, reads their white paper.
The researchers, whose names are Robert Callan, Alenka Zajic, and Milos Prvulovic, have developed software which allows them to overcome the two main problems of this type of attack: multiple weak signals and determining what is of interest and what is not, such as keystrokes. In this video, Milos demonstrates that the keystrokes can be decoded in real time from across the room.
The white paper tries very hard to impress the importance of this vulnerability. An attacker who knows what they are looking for can do a great deal of damage using technology like this. They note that a vulnerability rating has been proposed recently, but that the proposal doesn’t do much in the way of providing developers of future technologies with a roadmap of improvement.
The current state of the art is the recently proposed Side-Channel Vulnerability Factor (SVF), which measures how the side channel signal correlates with high-level execution patterns (e.g. program phase transitions). While this metric allows overall assessment of the “leakiness” of a particular system and application over a given side channel, it provides limited insight to 1) computer architects about which architectural and microarchitectural features are the strongest leakers, and to 2) software developers about how to reduce the side channel leakiness of their code.
Nothing New Under the Sun
Elsewhere, in Israel, a similar process has been developed for except it runs on a cell phone, called the AirHopper. This was done back in October to challenge a policy of letting people bring their mobile phones on secure sites as long as they locked them up in a locker before beginning work. The Israeli researchers proved that they could get data from computers that were connected to no standard network by using side-channels.
With the foundations laid for this sort of compromise, one can only assume that it will be developed by governments and bad actors alike in order to further spy on communications of everyday people as well as gain access to incredibly sensitive data.
Farraday Cage Remedy
Conceivably, rooms containing computers or the computer cases themselves could be augmented with Farraday cages that would prevent this sort of close-range monitoring because the signals wouldn't make it past the cage. Doing this on your home PC might seem overkill now. But as the technique gains wider usage and the technology which enables it is improved, a revival of wardriving could happen in highly populated areas, this time with the intention of stealing passwords and other sensitive data. One thing is for sure: the future of computer security will have to account for this new, universal vulnerability in some way.