Stealthy Data Exfiltration Possible via Magnetic Fields

[DooKey]

Researchers in Israel have come up with a couple of unique pieces of malware that can be used to steal data using the magnetic fields generated by a cpu. As a matter of fact they demonstrated this can even work if the cpu is inside of a Faraday cage. These guys have found many ways to get data out of air-gapped networks, but this one has to be the best one yet. Check out the video below to see how the ODINI version works.

Watch the video here.

Ben Gurion University researchers have developed two pieces of malware that rely on magnetic fields to exfiltrate data from an air-gapped device. One of them is called ODINI and it uses this method to transmit the data to a nearby magnetic sensor. The second piece of malware is named MAGNETO and it sends data to a smartphone, which typically have magnetometers for determining the device’s orientation.

 

[otherweeb]

Ha, step one, infiltrate the faraday cage.

 

[PaulP]

Yes, if they can get inside the highly secure room (faraday cage) with a cellphone, then it's all academic anyway.

 

[raz-0]

Yes, if they can get inside the highly secure room (faraday cage) with a cellphone, then it's all academic anyway.

You don't have to be inside the faraday cage for the method to work. Odini will make it out depending on the size of your faraday cage. Magento won't because the range is impractically small.

This isn't about data being hacked, it's about moving secured data you have gained access to without getting caught.

 

[PaulP]

You don't have to be inside the faraday cage for the method to work. Odini will make it out depending on the size of your faraday cage. Magento won't because the range is impractically small.

This isn't about data being hacked, it's about moving secured data you have gained access to without getting caught.

Yeah, magnetic fields are hard to block, but they do fall in strength by the square of the distance. So given the weak nature of the signal here, the solution is to create an exclusion zone around the cage that creates enough distance to make it impossible to detect the signal.

 

[Vaulter98c]

I think he was talking about how you have to get physical access to the air gap machine first, then you can do whatever. Physical security is still king

 

[zexelon]

I am going back to hand written documents! With all the "word processing" i do these days no one can read my handwriting anyway! Also my spelling is so bad OCR/Document reading would effectively be encrypted! Its foolproof!

 

[raz-0]

I think he was talking about how you have to get physical access to the air gap machine first, then you can do whatever. Physical security is still king

Yeah you don't get it. Sometimes, like when the mossad goes mossading, access is only half the problem. Moving the data without becoming a corpse means you need a way to break the air gap and not be seen to be doing something disallowed. Sometimes the way you get access to an air gapped system is by unwittingly compromising people with access and the issue then becomes how to retrieve any data your malware is accessing given the lack of a network and the lack of ongoing physical access. This is, in large part, a proof of concept in how to breech physcial security on the outbound side.

 

[SSimmons05]

Basically we worry to much because our data is truly never safe.

 

[raz-0]

Basically we worry to much because our data is truly never safe.

I'm not worried about it. This kind of stuff will never be used on 99.9999999% of people or installations. However, if you are trying to protect air gapped sensitive systems, this stuff matters. For most IT professionals it peaks at interesting.

 

[donald_k]

Very much so- physical security, access controls/policies, and irregular sweeps/occasions are still called on for maintaining protection of classified processing. It is also why typically where TOP SECRET processing occurs is within a few 'onion' layers of SECRET realms within your nearby friendly military/intel operation. Social engineering is definitely a major aspect of breaking in - especially true these days with how many contractors are usually on site (Visit/Facility clearance validation is key). NORTEL found this out the hard way (... as their Carling Campus - now occupied by DND... was confirmed bugged and still is suspected to be bugged).

I wonder how 'strong' that faraday cage was (was it actual Cu/Ag lined and bonded?)... alas the Israelis are VERY smart cats and all bets are on this is one of many tools in their toolbox.

 

[Nenu]

Yeah, magnetic fields are hard to block, but they do fall in strength by the square of the distance. So given the weak nature of the signal here, the solution is to create an exclusion zone around the cage that creates enough distance to make it impossible to detect the signal.

Or add noise to mask the signal.

 

[lostin3d]

This reminds me of something I learned of in college. It didn't use malware, nor did it involve a Faraday cage. In our security class the professor showed us a report of someone in a government agency demonstrating a proof of concept exploit involving both CRT and LCD screens. They were able to use some kind of magnetic sensitive film over a second screen in a separate room w/o line of sight to the original and recreate the first screen's image.

 

[lostin3d]

Using antennae technology it's also possible to have similar results for cable. Very tricky, but once I was able to duplicate a neighbors cable signal by simply aligning rabbit ears a particular way. Years later I read an article explaining the technique but the finer technical aspects were beyond me, I just had dumb luck when I stumbled upon it.

 

[triwolf]

Researchers in Israel have come up with a couple of unique pieces of malware that can be used to steal data using the magnetic fields generated by a cpu. As a matter of fact they demonstrated this can even work if the cpu is inside of a Faraday cage. These guys have found many ways to get data out of air-gapped networks, but this one has to be the best one yet. Check out the video below to see how the ODINI version works.

Watch the video here.

Ben Gurion University researchers have developed two pieces of malware that rely on magnetic fields to exfiltrate data from an air-gapped device. One of them is called ODINI and it uses this method to transmit the data to a nearby magnetic sensor. The second piece of malware is named MAGNETO and it sends data to a smartphone, which typically have magnetometers for determining the device’s orientation.

To be secure, brain to brain connection? Anything can be hacked it seems.

 

[Nunu]

Imagine if they took this a step further, they may be able to pull out your thought/brain waves and steal those soon enough.

 

[Iratus]

This reminds me of something I learned of in college. It didn't use malware, nor did it involve a Faraday cage. In our security class the professor showed us a report of someone in a government agency demonstrating a proof of concept exploit involving both CRT and LCD screens. They were able to use some kind of magnetic sensitive film over a second screen in a separate room w/o line of sight to the original and recreate the first screen's image.

https://en.m.wikipedia.org/wiki/Van_Eck_phreaking

TEMPEST protection is designed to help with it

 

[lostin3d]

https://en.m.wikipedia.org/wiki/Van_Eck_phreaking

TEMPEST protection is designed to help with it

Cool stuff! Thanks that was definitely what he was talking about. The section about tailored batteries, well total James Bond at that point.