TVTechnology: Low-Level RF Signals Allow Hackers to Grab Data From Laptops. Post #360
TVTechnology: Low-Level RF Signals Allow Hackers to Grab Data From Laptops: "Low-Level RF Signals Allow Hackers to Grab Data From Laptops. No Wi-Fi required. As anyone who has tried to use a portable AM or shortwave radio near a computer knows, computers emit a variety of RF signals over a wide range of frequencies. The emissions can extend into the VHF bands. Although these emissions are considered noise or interference, the reality is they contain information about what's happening inside the computer.
Researchers at the George Institute of Technology are studying these emissions to help hardware and software designers develop strategies to plug these RF data leaks. Alenka Zajic, an assistant professor in Georgia Tech’s School of Electrical and Computer Engineering, explains, “People are focused on security for the Internet and on the wireless communication side, but we are concerned with what can be learned from your computer without it intentionally sending anything. Even if you have the Internet connection disabled, you are still emanating information that somebody could use to attack your computer or smartphone.”
Zajic demonstrated how this could work by typing a simulated password on one laptop that was not connected to the Internet. On the other side of a wall, a colleague using another disconnected laptop read the password as it was being typed by intercepting the “side-channel” signal produced by the first laptop's keyboard software. The software had been modified to make the characters easier to identify.
Milos Prvulovic, an associate professor in the Georgia Tech School of Computer Science, said, “There is nothing added in the code to raise suspicion. It looks like a correct, but not terribly efficient version of normal keyboard driver software. And in several applications, such as normal spell-checking, grammar-checking and display-updating, the existing software is sufficient for a successful attack.”
Zajic's team is trying to understand why these side channels exist and what can be done to prevent the data leaks. Zajic said, “We are measuring computers and smartphones to identify the parts of the devices that leak the most. That information can guide efforts to redesign them, and on an architectural level, perhaps change the instructions in the software to change the device behavior.
“When you are executing instructions in the processor, you generate a different type of waveform than if you are doing things in memory, and there is interaction between the two,” Zajic added. Zajic, Prvulovic and graduate student Robert Callen have developed a metric known as “signal available to attacker” (SAVAT) which is a measure of the strength of the signal emitted. The largest signals occurred when processors accessed off-chip memory.
Prvulovic said, “It is not really possible to eliminate all side-channel signals. The trick is to make those signals weak, so potential attackers would have to be closer, use larger antennas and utilize time-consuming signal analyses. We have found that some operations are much ‘louder’ than others, so quieting them would make it more difficult for attackers.”
How can you protect yourself from side-channel attacks? Zajic said, “If somebody is putting strange objects near your computer, you certainly should beware. But from the user’s perspective, there is not much they can do right now. Based on our research, we hope to develop something like virus scan software that will look for vulnerability in the code and tell developers what they should update to reduce this vulnerability.”
The Georgia Tech news release did not describe the equipment the researchers used to measure the side-channel emissions, but stronger signals should be able to be picked up by a software defined radio using a repurposed $20 DVB-T USB stick's RealTek RTL2832u. See Software-Defined Radios Help Explore RF Spectrum for details on the RealTek SDR.
---------------------------------------------------
This information from author Doug Lang of "TVTechnology" should interest those of us who use PCs, Macs, or laptops to run logging and DX programs. Apparently, our digital devices give off enough rf at VHF/UHF frequencies that hackers, equipped with simple equipment, can intercept those weak signals and possibly compromise data on our computers. There's little that can be done right now, except to keep your anti-virus/malware software up to date and be wary of any strange plug-in devices used near your computer station. Although the article didn't mention Blue-Tooth devices such as wireless keyboards, they, too, could be susceptible for unwanted monitoring. Technology is indeed a mixed blessing.
For the latest Amateur Radio news and events, please check out the blog sidebars. These news feeds are updated daily.
You can follow our blog community with a free email subscription or by tapping into the blog RSS feed. For more Amateur Radio news, please visit my amateur radio news site at http://kh6jrm.net.
Thanks for joining us today!
Aloha es 73 de Russ (KH6JRM).
"
'via Blog this'
Researchers at the George Institute of Technology are studying these emissions to help hardware and software designers develop strategies to plug these RF data leaks. Alenka Zajic, an assistant professor in Georgia Tech’s School of Electrical and Computer Engineering, explains, “People are focused on security for the Internet and on the wireless communication side, but we are concerned with what can be learned from your computer without it intentionally sending anything. Even if you have the Internet connection disabled, you are still emanating information that somebody could use to attack your computer or smartphone.”
Zajic demonstrated how this could work by typing a simulated password on one laptop that was not connected to the Internet. On the other side of a wall, a colleague using another disconnected laptop read the password as it was being typed by intercepting the “side-channel” signal produced by the first laptop's keyboard software. The software had been modified to make the characters easier to identify.
Milos Prvulovic, an associate professor in the Georgia Tech School of Computer Science, said, “There is nothing added in the code to raise suspicion. It looks like a correct, but not terribly efficient version of normal keyboard driver software. And in several applications, such as normal spell-checking, grammar-checking and display-updating, the existing software is sufficient for a successful attack.”
Zajic's team is trying to understand why these side channels exist and what can be done to prevent the data leaks. Zajic said, “We are measuring computers and smartphones to identify the parts of the devices that leak the most. That information can guide efforts to redesign them, and on an architectural level, perhaps change the instructions in the software to change the device behavior.
“When you are executing instructions in the processor, you generate a different type of waveform than if you are doing things in memory, and there is interaction between the two,” Zajic added. Zajic, Prvulovic and graduate student Robert Callen have developed a metric known as “signal available to attacker” (SAVAT) which is a measure of the strength of the signal emitted. The largest signals occurred when processors accessed off-chip memory.
Prvulovic said, “It is not really possible to eliminate all side-channel signals. The trick is to make those signals weak, so potential attackers would have to be closer, use larger antennas and utilize time-consuming signal analyses. We have found that some operations are much ‘louder’ than others, so quieting them would make it more difficult for attackers.”
How can you protect yourself from side-channel attacks? Zajic said, “If somebody is putting strange objects near your computer, you certainly should beware. But from the user’s perspective, there is not much they can do right now. Based on our research, we hope to develop something like virus scan software that will look for vulnerability in the code and tell developers what they should update to reduce this vulnerability.”
The Georgia Tech news release did not describe the equipment the researchers used to measure the side-channel emissions, but stronger signals should be able to be picked up by a software defined radio using a repurposed $20 DVB-T USB stick's RealTek RTL2832u. See Software-Defined Radios Help Explore RF Spectrum for details on the RealTek SDR.
---------------------------------------------------
This information from author Doug Lang of "TVTechnology" should interest those of us who use PCs, Macs, or laptops to run logging and DX programs. Apparently, our digital devices give off enough rf at VHF/UHF frequencies that hackers, equipped with simple equipment, can intercept those weak signals and possibly compromise data on our computers. There's little that can be done right now, except to keep your anti-virus/malware software up to date and be wary of any strange plug-in devices used near your computer station. Although the article didn't mention Blue-Tooth devices such as wireless keyboards, they, too, could be susceptible for unwanted monitoring. Technology is indeed a mixed blessing.
For the latest Amateur Radio news and events, please check out the blog sidebars. These news feeds are updated daily.
You can follow our blog community with a free email subscription or by tapping into the blog RSS feed. For more Amateur Radio news, please visit my amateur radio news site at http://kh6jrm.net.
Thanks for joining us today!
Aloha es 73 de Russ (KH6JRM).
"
'via Blog this'
Comments
Post a Comment
Thank you for visiting my Amateur Radio Blog. I value your comments and suggestions. For Amateur Radio Antenna Topics and Discussions, stay here. For Amateur Radio News and Trends, please visit my news site at https://bigislandarrlnews.com.
Aloha es 73 de Russ (KH6JRM).