Stealthy Data Exfiltration Possible via Magnetic Fields

Discussion in 'HardForum Tech News' started by DooKey, Feb 8, 2018.

  1. DooKey

    DooKey [H]ardness Supreme

    Messages:
    7,941
    Joined:
    Apr 25, 2001
    Researchers in Israel have come up with a couple of unique pieces of malware that can be used to steal data using the magnetic fields generated by a cpu. As a matter of fact they demonstrated this can even work if the cpu is inside of a Faraday cage. These guys have found many ways to get data out of air-gapped networks, but this one has to be the best one yet. Check out the video below to see how the ODINI version works.

    Watch the video here.

    Ben Gurion University researchers have developed two pieces of malware that rely on magnetic fields to exfiltrate data from an air-gapped device. One of them is called ODINI and it uses this method to transmit the data to a nearby magnetic sensor. The second piece of malware is named MAGNETO and it sends data to a smartphone, which typically have magnetometers for determining the device’s orientation.
     
  2. otherweeb

    otherweeb Gawd

    Messages:
    860
    Joined:
    Jan 8, 2016
    Ha, step one, infiltrate the faraday cage.
     
    Balthazar2k4 likes this.
  3. PaulP

    PaulP Gawd

    Messages:
    776
    Joined:
    Oct 31, 2016
    Yes, if they can get inside the highly secure room (faraday cage) with a cellphone, then it's all academic anyway.
     
  4. raz-0

    raz-0 [H]ardness Supreme

    Messages:
    4,503
    Joined:
    Mar 9, 2003
    You don't have to be inside the faraday cage for the method to work. Odini will make it out depending on the size of your faraday cage. Magento won't because the range is impractically small.

    This isn't about data being hacked, it's about moving secured data you have gained access to without getting caught.
     
  5. PaulP

    PaulP Gawd

    Messages:
    776
    Joined:
    Oct 31, 2016
    Yeah, magnetic fields are hard to block, but they do fall in strength by the square of the distance. So given the weak nature of the signal here, the solution is to create an exclusion zone around the cage that creates enough distance to make it impossible to detect the signal.
     
  6. Vaulter98c

    Vaulter98c [H]ard|DCer of the Month - October 2009

    Messages:
    5,698
    Joined:
    May 21, 2008
    I think he was talking about how you have to get physical access to the air gap machine first, then you can do whatever. Physical security is still king
     
  7. zexelon

    zexelon n00b

    Messages:
    40
    Joined:
    Jul 16, 2006
    I am going back to hand written documents! With all the "word processing" i do these days no one can read my handwriting anyway! Also my spelling is so bad OCR/Document reading would effectively be encrypted! Its foolproof!
     
  8. raz-0

    raz-0 [H]ardness Supreme

    Messages:
    4,503
    Joined:
    Mar 9, 2003
    Yeah you don't get it. Sometimes, like when the mossad goes mossading, access is only half the problem. Moving the data without becoming a corpse means you need a way to break the air gap and not be seen to be doing something disallowed. Sometimes the way you get access to an air gapped system is by unwittingly compromising people with access and the issue then becomes how to retrieve any data your malware is accessing given the lack of a network and the lack of ongoing physical access. This is, in large part, a proof of concept in how to breech physcial security on the outbound side.
     
  9. SSimmons05

    SSimmons05 Limp Gawd

    Messages:
    203
    Joined:
    Mar 11, 2007
    Basically we worry to much because our data is truly never safe.
     
  10. raz-0

    raz-0 [H]ardness Supreme

    Messages:
    4,503
    Joined:
    Mar 9, 2003
    I'm not worried about it. This kind of stuff will never be used on 99.9999999% of people or installations. However, if you are trying to protect air gapped sensitive systems, this stuff matters. For most IT professionals it peaks at interesting.
     
  11. donald_k

    donald_k Limp Gawd

    Messages:
    426
    Joined:
    May 23, 2002
    Very much so- physical security, access controls/policies, and irregular sweeps/occasions are still called on for maintaining protection of classified processing. It is also why typically where TOP SECRET processing occurs is within a few 'onion' layers of SECRET realms within your nearby friendly military/intel operation. Social engineering is definitely a major aspect of breaking in - especially true these days with how many contractors are usually on site (Visit/Facility clearance validation is key). NORTEL found this out the hard way (... as their Carling Campus - now occupied by DND... was confirmed bugged and still is suspected to be bugged).

    I wonder how 'strong' that faraday cage was (was it actual Cu/Ag lined and bonded?)... alas the Israelis are VERY smart cats and all bets are on this is one of many tools in their toolbox.
     
  12. Nenu

    Nenu [H]ardened

    Messages:
    18,739
    Joined:
    Apr 28, 2007
    Or add noise to mask the signal.
     
  13. lostin3d

    lostin3d [H]ard|Gawd

    Messages:
    2,004
    Joined:
    Oct 13, 2016
    This reminds me of something I learned of in college. It didn't use malware, nor did it involve a Faraday cage. In our security class the professor showed us a report of someone in a government agency demonstrating a proof of concept exploit involving both CRT and LCD screens. They were able to use some kind of magnetic sensitive film over a second screen in a separate room w/o line of sight to the original and recreate the first screen's image.
     
    GoldenTiger likes this.
  14. lostin3d

    lostin3d [H]ard|Gawd

    Messages:
    2,004
    Joined:
    Oct 13, 2016
    Using antennae technology it's also possible to have similar results for cable. Very tricky, but once I was able to duplicate a neighbors cable signal by simply aligning rabbit ears a particular way. Years later I read an article explaining the technique but the finer technical aspects were beyond me, I just had dumb luck when I stumbled upon it.
     
  15. triwolf

    triwolf Gawd

    Messages:
    708
    Joined:
    Dec 19, 2015
    To be secure, brain to brain connection? Anything can be hacked it seems.
     
  16. Nunu

    Nunu Limp Gawd

    Messages:
    256
    Joined:
    Jun 5, 2017
    Imagine if they took this a step further, they may be able to pull out your thought/brain waves and steal those soon enough.
     
  17. Iratus

    Iratus [H]ard|Gawd

    Messages:
    1,224
    Joined:
    Jan 16, 2003
    https://en.m.wikipedia.org/wiki/Van_Eck_phreaking

    TEMPEST protection is designed to help with it
     
    lostin3d likes this.
  18. lostin3d

    lostin3d [H]ard|Gawd

    Messages:
    2,004
    Joined:
    Oct 13, 2016
    Cool stuff! Thanks that was definitely what he was talking about. The section about tailored batteries, well total James Bond at that point.