New Hack Can Steal Data From Devices in Faraday Cages

Last year Wikileaks released documents detailing how attackers can compromise offline computers. This new study goes one step further, exposing the fallibility of Faraday cages

|
Feb 12 2018, 2:30pm

Image: MIC85/Wikimedia Commons

Many methods have failed in the effort to secure digital communications, but one has remained relatively reliable: Faraday cages. These metallic enclosures prevent all incoming and outgoing electrical charges, and have successfully been used in the past by those hoping to conceal their wireless communications. You may remember Chelsea Manning used a makeshift Faraday cage last year when she asked New York Times reporters to dump their phones in a microwave to prevent prying ears from listening in.

Despite their often unorthodox appearance, Faraday cages are largely considered an effective, if not extreme, additional step in securing communications. While many have utilized this technology for personal uses (A bar owner in the UK even created his own Faraday cage to keep drinkers off their phones), larger institutions like banks, governments, and other corporations turn to Faraday cages to house some of their most sensitive data. These systems also vary in size. Smaller Faraday cages and Faraday bags may be used for individuals while larger corporations may create entire Faraday conference rooms.

It appears, however, that these metal mesh cages may have a chink in their armor.

A new attack method laid out in two recently released papers from researchers at the Cyber Security Research Center in Ben Gurion University in Israel, show how data could potentially be compromised even when encased in a Faraday cage.

The extraction method, dubbed MAGNETO, works by infecting an “air-gapped” device—a computer that isn't connected to the internet—with a specialized malware called ODINI that regulates that device’s magnetic fields. From there, the malware can overload the CPU with calculations, forcing its magnetic fields to increase. A local smartphone, (located a maximum of 12 to 15 centimeters from the computer) can then receive the covert signals emanating off the magnetic waves to decode encryption keys, credential tokens, passwords and other sensitive information.

Mordechai Guri, who heads research and development at the Cyber Security Research Center, said he and his fellow researchers wanted to show that Faraday cages are not foolproof.

“Faraday cages are known for years as good security for electromagnetic covert channels,” Guri told Motherboard in an email. “Here we want to show that they are not hermetic and can be bypassed by a motivated attacker.”

According to the research, even if phones are placed on airplane mode in secure locations, these extraction techniques could still work. Since the phone’s magnetic sensors are not considered communication interfaces, they would remain active even in airplane mode.

The foundations for the researcher’s breakthrough were built off of previous public examples of offline computer vulnerabilities. Last July, Wikileaks released documents allegedly demonstrating how the CIA used malware to infect air-gapped machines. The tool suite, called “Brutal Kangaroo,” allegedly allowed CIA attackers to infiltrate closed networks by using a compromised USB flash drive. The researchers at the Cyber Security Research Center highlighted “Brutal Kangaroo” in their paper as a real life example of the fallibility of air-gapped computers.

The papers point out that air-gapped computer networks are being used by banks to store confidential information and by the military and defense sectors as well. Guri said that institutions hoping to addresses these security issues may face some difficulty.

“In [the] case of the Magnetic covert channel, its fairly challenging, since the computer must be shielded with a special ferromagnetic shield.” Guri said. “The practical countermeasures is the 'zoning' approach, where you define a perimeter in which not [every] receiver/smartphone allowed in.”

Get six of our favorite Motherboard stories every day by signing up for our newsletter.