Stealing Data From Computers Using Heat

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
How in the hell do you steal data from computers using heat?

But security researchers at Ben Gurion University in Israel have found a way to retrieve data from an air-gapped computer using only heat emissions and a computer’s built-in thermal sensors. The method would allow attackers to surreptitiously siphon passwords or security keys from a protected system and transmit the data to an internet-connected system that’s in close proximity and that the attackers control.
Click to expand...
 
if you're that close to the hardware, wouldn't there be quicker methods of gaining access to the stuff its running?
 
ml_paladin888 said:
if you're that close to the hardware, wouldn't there be quicker methods of gaining access to the stuff its running?
Click to expand...
I didn't RTFA, so I agree with this. You have to be really close to not get information from background sources. Plus, a heat signature changes significantly when things like glass are in the way.

Scanned the article a bit. Yup, the source has to be within 15 inches of the target computer, and the target computer has to be infected with malware. How are you going to infect an airgapped computer with malware? I suppose if you can put an attack computer that close that you would have the opportunity, but still this is assuming a lot of things not limited to incompetent security around the location.
 
Proof on concept. Add FLIR from a distance and you get where this could go. If you could get the package on there, you could manipulate it enough to get data.

Pretty bad ass.
 
Well, that's just some
tumblr_static_weird_science_title1.jpg
 
Limited applications for sure. For this to make any sense you need to have an airgapped system that you can get within a few inches of AND have specialized software installed on it. You'd also need to tailor it to the specific hardware.
 
You can apparently steal data at about 0.002~ baud this way... and the computer you want to steal the data from has to be prehacked, as does the one that has to be nearby the whole time.

Interesting, if impractical.
 
cageymaru said:
What if aliens were using this technology today to spy on us?
Click to expand...

Don't be silly. Aliens would be using quantum entanglement across a zero-point resonance field that's phase-shifted so there would be no detectable EM trace when they scan your brain.
 
As a proof of concept I would say it's OK. I mean, OK, yes it can be done.

As a working method, not so much. Many of the reasons already listed. An insider threat is certainly a means to get the malware on the systems. Gaining a password or a key doesn't help much because the target system is still airgapped. An insider could pull off so much more just because of his access to the systems. And if you have to run the systems up to higher then normal operating temperatures then it's easy to guard against using the same method as the attack, separate and independent heat sensors.

The EM transmissions that are normal for all computers and actually carry data are much easier to pull information from and do not require compromise of the target system. You just have to compromise the environment of the targeted system. Unless the computer is in a Faraday Cage or similarly a TEMPESTed Environment, the EM signals can be snatched right from the air or across power lines, etc.

Still, it's valid as a proof of concept, good for a headline as well I guess. I'm sure there are congressional staffers jumping around trying to find out if this is a real concern for their bosses.
 
I read some of it.

They are sending commands via thermal energy. IE: using the thermal sensors in one computer to detect heat in another, interpret those heat changes and then guide the toy missile.

Note the "video 16x" text. It's super slow. How you would pull real data using this technique is beyond me.

To exploit this would be...problematic.

"Hey Bob, What's this check-in for?"

"Oh, I load the CPU to modulate temperature so we can monitor the system with a thermostat!"

"Bob, that's the stupidest fucking thing I've ever heard. Why would you do that? We have a monitoring framework for that. You're fired."
 
And they never take the sides off the pc to show they aren't remotely connected by something internal. like a wifi card. fishy
 
The proof-of-concept attack requires both systems to first be compromised with malware.
Click to expand...

From the article.

So the stand alone machine has to be compromised with malware to understand the heat signatures of the nearby machine.

The scenario to have everything setup and to actually steal/command another machine to do anything is virtually 0%.
 
If you quantify all variables and you ensure the data is encoded in a way that it is decodable, you can use the byproduct of those processes to indirectly learn something about the source.

Translation, if everyone in the room speaks the same language, and you force them to talk within your hearing distance, odds are you can learn something about the people speaking.

Having worked in university research, I can attest to the following phenomenon: quantifiable obviously means valuable.
 
Phoenix333 said:
Don't be silly. Aliens would be using quantum entanglement across a zero-point resonance field that's phase-shifted so there would be no detectable EM trace when they scan your brain.
Click to expand...

Aliens hacked your brain?

I for one welcome our Alien overloads.
 
It would be a much faster transmission rate to use malware on the secure pc (lol infected) that used audio to transmit data. I understood audio that is hard for humans to hear is possible from computer speakers.
 
not as much stealing data as much as just relaying data through heat. big difference.
 
You must log in or register to reply here.
Back
Top