Skip to main content

How hackers are able to steal data even from a air gaped computer.

Air-gapped computers are those that are isolated from the Internet and local networks and so, are believed to be the most secure devices that are difficult to infiltrate.

MAGNETO and ODINI

Both the techniques make use of proof-of-concept (PoC) malware installed on an air-gapped computer inside the Faraday cage to control the "magnetic fields emanating from the computer by regulating workloads on the CPU cores" and use it to transmit data stealthily.

The two techniques are named MAGNETO and ODINI and are both the work of scientists from the Cyber Security Research Center at the Ben-Gurion University of the Negev in Israel.

This a part extracted from their research paper
[M]oving charges in a wire generate a magnetic field. The magnetic field changes according to the acceleration of the charges in the wire. In a standard computer, the wires that supply electricity from the main power supply to the motherboard are the primary source of the magnetic emanation. The CPU is one of the largest consumers of power in the motherboard. Since modern CPUs are energy efficient, the momentary workload of the CPU directly affects the dynamic changes in its power consumption. By regulating the workload of the CPU, it is possible to govern its power consumption, and hence to control the magnetic field generated. In the most basic case, overloading the CPU with calculations will consume more current and generate a stronger magnetic field. By intentionally starting and stopping the CPU workload, we can generate a magnetic field at the required frequency and modulate binary data over it.

MAGNETO and ODINI comparison



ODINI can transmit data at more considerable distances and at higher speeds but needs a dedicated magnetic sensor to receive the data, something that could stand out and break an attacker's cover.

On the other hand, MAGNETO works with the help of an Android app installed on a regular smartphone (low-cost magnetometers embedded in modern smartphones), and an attack with this method of exfiltration will be harder to detect, as most users carry a smartphone everywhere they go these days.



Comments

Popular posts from this blog

Freenom ICANN registrar accreditation suspended for cybersquatting

OpenTLD, its registrar business, has been told it cannot accept new registrations or inbound transfers from July 8 to October 6 or until it provides ICANN with a full list of the names it squatted. I believe it’s the first time ICANN has suspended a registrar for this reason. ICANN has found that OpenTLD has engaged in a pattern and practice of trafficking in or use of domain names identical or confusingly similar to a trademark or service mark of a third party in which the Registered Name Holder has no rights or legitimate interest   To avoid termination, it has to provide ICANN with a list of all of its trademark infringing names, agree to transfer them to the mark owners or delete them, and bunch of other stuff. Source Letter

Will 5G cause a Digital divide in society ?

How 5G make huge difference in future and its negative impact on you.