Stealthy Data Exfiltration Possible via Magnetic Fields

DooKey

[H]F Junkie
Joined
Apr 25, 2001
Messages
8,542
Researchers in Israel have come up with a couple of unique pieces of malware that can be used to steal data using the magnetic fields generated by a cpu. As a matter of fact they demonstrated this can even work if the cpu is inside of a Faraday cage. These guys have found many ways to get data out of air-gapped networks, but this one has to be the best one yet. Check out the video below to see how the ODINI version works.

Watch the video here.

Ben Gurion University researchers have developed two pieces of malware that rely on magnetic fields to exfiltrate data from an air-gapped device. One of them is called ODINI and it uses this method to transmit the data to a nearby magnetic sensor. The second piece of malware is named MAGNETO and it sends data to a smartphone, which typically have magnetometers for determining the device’s orientation.
 

PaulP

Gawd
Joined
Oct 31, 2016
Messages
776
Yes, if they can get inside the highly secure room (faraday cage) with a cellphone, then it's all academic anyway.
 

raz-0

Supreme [H]ardness
Joined
Mar 9, 2003
Messages
4,643
Yes, if they can get inside the highly secure room (faraday cage) with a cellphone, then it's all academic anyway.
You don't have to be inside the faraday cage for the method to work. Odini will make it out depending on the size of your faraday cage. Magento won't because the range is impractically small.

This isn't about data being hacked, it's about moving secured data you have gained access to without getting caught.
 

PaulP

Gawd
Joined
Oct 31, 2016
Messages
776
You don't have to be inside the faraday cage for the method to work. Odini will make it out depending on the size of your faraday cage. Magento won't because the range is impractically small.

This isn't about data being hacked, it's about moving secured data you have gained access to without getting caught.
Yeah, magnetic fields are hard to block, but they do fall in strength by the square of the distance. So given the weak nature of the signal here, the solution is to create an exclusion zone around the cage that creates enough distance to make it impossible to detect the signal.
 

Vaulter98c

[H]ard|DCer of the Month - October 2009
Joined
May 21, 2008
Messages
5,713
I think he was talking about how you have to get physical access to the air gap machine first, then you can do whatever. Physical security is still king
 

zexelon

n00b
Joined
Jul 16, 2006
Messages
40
I am going back to hand written documents! With all the "word processing" i do these days no one can read my handwriting anyway! Also my spelling is so bad OCR/Document reading would effectively be encrypted! Its foolproof!
 

raz-0

Supreme [H]ardness
Joined
Mar 9, 2003
Messages
4,643
I think he was talking about how you have to get physical access to the air gap machine first, then you can do whatever. Physical security is still king
Yeah you don't get it. Sometimes, like when the mossad goes mossading, access is only half the problem. Moving the data without becoming a corpse means you need a way to break the air gap and not be seen to be doing something disallowed. Sometimes the way you get access to an air gapped system is by unwittingly compromising people with access and the issue then becomes how to retrieve any data your malware is accessing given the lack of a network and the lack of ongoing physical access. This is, in large part, a proof of concept in how to breech physcial security on the outbound side.
 

raz-0

Supreme [H]ardness
Joined
Mar 9, 2003
Messages
4,643
Basically we worry to much because our data is truly never safe.
I'm not worried about it. This kind of stuff will never be used on 99.9999999% of people or installations. However, if you are trying to protect air gapped sensitive systems, this stuff matters. For most IT professionals it peaks at interesting.
 

donald_k

Limp Gawd
Joined
May 23, 2002
Messages
426
Very much so- physical security, access controls/policies, and irregular sweeps/occasions are still called on for maintaining protection of classified processing. It is also why typically where TOP SECRET processing occurs is within a few 'onion' layers of SECRET realms within your nearby friendly military/intel operation. Social engineering is definitely a major aspect of breaking in - especially true these days with how many contractors are usually on site (Visit/Facility clearance validation is key). NORTEL found this out the hard way (... as their Carling Campus - now occupied by DND... was confirmed bugged and still is suspected to be bugged).

I wonder how 'strong' that faraday cage was (was it actual Cu/Ag lined and bonded?)... alas the Israelis are VERY smart cats and all bets are on this is one of many tools in their toolbox.
 

Nenu

[H]ardened
Joined
Apr 28, 2007
Messages
19,187
Yeah, magnetic fields are hard to block, but they do fall in strength by the square of the distance. So given the weak nature of the signal here, the solution is to create an exclusion zone around the cage that creates enough distance to make it impossible to detect the signal.
Or add noise to mask the signal.
 

lostin3d

[H]ard|Gawd
Joined
Oct 13, 2016
Messages
2,043
This reminds me of something I learned of in college. It didn't use malware, nor did it involve a Faraday cage. In our security class the professor showed us a report of someone in a government agency demonstrating a proof of concept exploit involving both CRT and LCD screens. They were able to use some kind of magnetic sensitive film over a second screen in a separate room w/o line of sight to the original and recreate the first screen's image.
 

lostin3d

[H]ard|Gawd
Joined
Oct 13, 2016
Messages
2,043
Using antennae technology it's also possible to have similar results for cable. Very tricky, but once I was able to duplicate a neighbors cable signal by simply aligning rabbit ears a particular way. Years later I read an article explaining the technique but the finer technical aspects were beyond me, I just had dumb luck when I stumbled upon it.
 

triwolf

Gawd
Joined
Dec 19, 2015
Messages
708
Researchers in Israel have come up with a couple of unique pieces of malware that can be used to steal data using the magnetic fields generated by a cpu. As a matter of fact they demonstrated this can even work if the cpu is inside of a Faraday cage. These guys have found many ways to get data out of air-gapped networks, but this one has to be the best one yet. Check out the video below to see how the ODINI version works.

Watch the video here.

Ben Gurion University researchers have developed two pieces of malware that rely on magnetic fields to exfiltrate data from an air-gapped device. One of them is called ODINI and it uses this method to transmit the data to a nearby magnetic sensor. The second piece of malware is named MAGNETO and it sends data to a smartphone, which typically have magnetometers for determining the device’s orientation.
To be secure, brain to brain connection? Anything can be hacked it seems.
 

Nunu

Limp Gawd
Joined
Jun 5, 2017
Messages
257
Imagine if they took this a step further, they may be able to pull out your thought/brain waves and steal those soon enough.
 

Iratus

[H]ard|Gawd
Joined
Jan 16, 2003
Messages
1,317
This reminds me of something I learned of in college. It didn't use malware, nor did it involve a Faraday cage. In our security class the professor showed us a report of someone in a government agency demonstrating a proof of concept exploit involving both CRT and LCD screens. They were able to use some kind of magnetic sensitive film over a second screen in a separate room w/o line of sight to the original and recreate the first screen's image.
https://en.m.wikipedia.org/wiki/Van_Eck_phreaking

TEMPEST protection is designed to help with it
 
Top