EMERGING TECH
BY PATRICK MARSHALL
Hacking your data
without touching your network
IT’S AN IT MANAGER’S NIGHTMARE: A hacker — perhaps an employee, a service provider or custodi- al staff member — plants a sensor near a critical server to capture the flow of data without having to crack a password or break through a firewall.
And the problem isn’t only the data breach. Because the hacker did not access the network, there’s no audit trail so you might never know what data has been stolen or by whom.
No, it’s not a scene from “Mission: Impossible.” Researchers at MWR In- foSecurity, a cybersecurity company headquartered
in England, have shown how they could “sniff” data being transferred within a device by analyzing electro- magnetic radiation leaking from that device.
It’s called near-field anal- ysis, and MWR researchers say they have successfully grabbed data by analyzing variations in the electro- magnetic field leaking from a storage device and then applying an algorithm to decode the traffic.
According to MWR re- searcher Piotr Osuch, near- field detection tools don’t even necessarily need to be right next to the device being monitored.
“Near-field might not be that ‘near,’” he said. “If
a subsystem of a device is operating at 1 MHz — for example, a keyboard — then near-field can be up to 150 meters away.”
He added that many electronic components operate at 32 MHz, which means their electromag- netic fields could be detected from a distance of 4 meters.
What’s more, Osuch said, the equipment needed to gather the data is getting less expensive — costing
an ‘afterthought’ in the design, usually in the form of a simple metal enclo- sure, which might (fingers crossed) reduce leaked signal strength sufficiently,” Osuch told The Register. “The same could as well be done for storage devices. However, to ensure secu- rity, an [electromagnetic]- aware design is necessary, which requires skilled professionals (such as [ra- dio frequency] engineers) — a practice not often
occurs,” then analyze the crash and determine how to gain system-level code execution.
The key point is that near-field analysis of electromagnetic fields can allow a hacker to gather transmissions that could — with varying amounts of further work and decoding — result in data leakage without the hacker actually entering the network.
So how do network ad- ministrators protect against
Researchers can “sniff” data being transferred within a device by analyzing electromagnetic radiation leaking from that device.
a few thousand to tens
of thousands of dollars depending on the sophisti- cation of the attack. If the data moving through the monitored device is not encrypted — and data is rarely encrypted while it is moving inside an organi- zation’s network — it is susceptible to being picked up.
Although tempest shield- ing, which usually involves putting a simple metal enclosure around a device, might prevent a data leak, there is little assurance without testing.
“In most cases, tempest shielding is included as
employed in industry.” How big is the threat?
Osuch said it depends on the scenario. “Suppose that the attack path is to sniff keyboard strokes in an institution. That has been done at distances of rough- ly 20 meters, across walls. This would be a high threat. A solution would be using electromagnetic-safe keyboards.”
He added that tap-
ping into a 4G wireless transmission would be more problematic but not impossible, particularly if the attacker were to set up a baseband station, “fuzz the device until a crash
such a threat?
“There is no general an-
swer as this is very applica- tion-specific,” Osuch said. At the same time, however, he noted that using near- field analysis as a hacking tool, for now at least, is likely to be reserved for high-value targets.
“In most cases, the at- tacks would have to be quite sophisticated — prob- ably targeting equipment that is expensive to design from the get-go and so would deserve a compre- hensive and formal [elec- tromagnetic] evaluation
by [a radio frequency] engineer,” he said. •
GCN OCTOBER/NOVEMBER 2016 • GCN.COM 25