An information security researcher has developed a new way to steal data from devices that are not connected to the Internet using the electromagnetic waves emitted from their power sources.
He warns that the data of the so-called “air-sequestered” computers, or those isolated from the Internet, may be stolen from distances of more than six feet, and even through walls, by a person with a smartphone or laptop equipped with a special receiver.
The method was developed by Mordechai Guri, a researcher at Ben-Gurion University in Beersheba, who named it COVID-bit, perhaps in reference to common social distancing rules that prevent people from getting close to each other.
The prevalence of computers cut off from the Internet is common in organizations dealing with data and highly sensitive tasks, such as those related to energy, government, and military weapons, which makes this new method a cause for concern.
First, the target system must have certain malware pre-installed, which can only be done with physical access to the device, and then this malware controls the CPU load and its core frequencies in order to make the power source produce electromagnetic waves, between 0 and 48 kHz.
Gorey added that the switching components within these systems generate a square wave of electromagnetic radiation at specific frequencies, which are switched on and off during the conversion of alternating current to direct current.
This wave can carry raw data, which those far away from the device can decode using an antenna that easily plugs into the earphone jack of a mobile device. An on-device software can then decode the raw data by applying a noise filter.
Gorey tested his method on a desktop computer, a laptop, and a Raspberry Pi 3, and found that laptops are the hardest to hack because their power-saving properties make them emit an electromagnetic signal that isn’t strong enough.
On the other hand, desktop computers can transmit 500 bps with an error rate of 0.01 percent to 0.8 percent, and 1,000 bps with an error rate of 1.78 percent, which is still subtle enough for effective data theft.
At this speed, a 10KB file can be sent in less than 90 seconds, and raw data on an hour’s worth of activity on the target device can be sent in just 20 seconds. This can include keyboard clicks.
And when it came to the Pi 3, its poor power supply meant that receiver distances were limited for successful data transfer.
Gorey recommends that systems isolated from the Internet remain secure by monitoring CPU loads and frequencies for suspicious or unusual activity. However, this monitoring can lead to an increase in processing cost, which means that performance can be reduced and energy use can be increased.
An alternative solution, Gorey suggests, is to lock the CPU to certain core frequencies, to prevent the data from being decoded by the associated electromagnetic radiation. The drawback here is that natural fluctuations in the base frequencies are expected, so locking them will degrade performance at certain times, and overuse them at other times.
