Any system that is connected to the Internet is always subject to threats, no matter how well it is protected. This assumption is well known to any teenager today. No software barriers can fully prevent human errors in a program code or user behavior.
That’s why devices that have functions of special importance, or that contain top-secret information, are usually not connected to the Internet. It is always better to accept inconvenience than face unpleasant consequences. This is how, for example, control systems for large industrial objects or some bank computers are protected.
It may seem that going offline completely will keep any secret safe: if there is no Internet, then there is no data leakage. However, that is not the case. Remote data transfer techniques adopted by secret services long time ago become more accessible each year to ‘commercial’ users. Quite a few spy gadgets at James Bond’s disposal are becoming commonplace today.
Any operational device that is connected to a power line generates electromagnetic radiation that can be intercepted by proven technologies. Almost half a century ago, state security services of the U.S. and the USSR were concerned with such leakages, and the information that has been obtained since those days is massive. Some parts of the American activity are known under the TEMPEST abbreviation, and some declassified archives reads as good as detective novels.
Despite the long history, new methods of ‘surfing’ electromagnetic waves appear regularly as the electrical equipment evolves. In the past, the weakest links were CRT monitors and unshielded VGA cables that produced electromagnetic noise. Keyboards have become favorite toys for data security researchers over the past few years. The research in this area has been steadily productive. These are just a few examples.
Keystrokes can be remotely tracked with high accuracy at the 67-feet (20-meter) distance by using a homemade device that analyzes the radio spectrum and costs around $5,000. It is interesting to note that the attack is equally effective against common cheap USB keyboards, expensive wireless keyboards with a signal encryption, and built-in notebook keyboards.
All of the devices work on the same principle and generate electromagnetic noise. The difference is stipulated by the signal power, which depends upon the length of the data transmission wire (it is the shortest for notebooks).
Software to transmit keystrokes via RF emissions, receive with a inexpensive SDR like rtl-sdr and loop antenna http://t.co/fx1ki7rmJM
— dragosr (@dragosr) January 31, 2015
Data can be intercepted more easily if the target computer is connected to the power line. Voltage fluctuations that correspond to keystrokes create noise in the ground line. The ground line noise can be intercepted by a hacker connected to a nearby power socket. The price for the equipment with the effective range of 50 feet (15 meters) is $500.
How to counter it: The best protection from electromagnetic spies can be achieved by shielding the room (a Faraday cage) and by special noise generators. If your secrets are not that expensive, and you are not ready to cover the walls of your basement with foil, then you can just use a “manual” noise generator: type redundant characters sporadically and delete them afterwards.Virtual keyboards can be used to enter valuable data.
Watch out for the laser
There are alternative methods that work well for keylogging. For example, the accelerometer of a smartphone that rests near the keyboard provides an approximate 80 percent recognition accuracy rating. This accuracy rating is not good enough to intercept passwords, but text with a meaning can be deciphered well. The method is based upon comparison of the vibration of the successive pairs of impulses that correspond to keystrokes.
A laser ray, inconspicuously directed at the computer, is an even more effective method to register vibrations. Researchers assure us that each key generates its own pattern of vibrations. The laser should be directed at a part of a notebook or a keyboard that reflects light well: for example, at the logotype of the manufacturer.
How to counter it: These methods work only in the immediate vicinity. Try not to let spies close to you.
Listen to the radio
Intercepting keyboard input is not always useful, obviously, as it is not possible to access the memory of a computer. However, it is possible to infect an offline computer with malware by the means of an external medium. Incidentally, that was how the famous Stuxnet worm infected its target computer within the uranium enrichment infrastructure. After infection, malware works like an internal spy, ‘siphoning’ data through a certain physical medium.
For example, Israeli researchers developed software that modulates electromagnetic radiation in computers’ hardware. This radio signal is quite strong and can be received even by a standard FM receiver on the phone
Why the complications? Computers with classified data are placed inside well-shielded rooms with limited access to eliminate any possible leakage. A spy phone can be brought inside unlike a spectrum analyzer.
How to counter it: All of the mobile phones, not to mention more suspicious equipment, should be left outside of the shielded room.
Warm… Warmer… Hot!
The aforementioned Israeli team recently demonstrated a more exotic scenario of stealing data through… heat emissions!
The principle of the attack is as follows: two desktop computers sit close to each other (up to 15 inches (about 40 centimeters) apart) and the internal motherboard temperature sensors of one computer tracks the temperature changes of the other.
Internet-isolated computers are put right next to internet-connected computers for convenience quite often. The Internet-isolated computer contains classified data; the other is a common Internet-connected computer.
If someone infects both systems with malware, the following happens: The malware reads classified data and periodically changes the system temperature by adjusting the load level and producing a modulated heat signal. The second computer reads and decodes it and sends the classified data over the Internet.
The heat inertia of the system prevents fast data transmission. The transmission speed is limited to eight bits per hour. At this rate, it is possible to steal a password; however, a massive database theft remains in question.
Researchers have found a way to steal data from computers using heat http://t.co/pJIKAOkWi4
— WIRED (@WIRED) March 24, 2015
Nevertheless, with the popularity of Internet-dependent gadgets, the role of the second computer that siphons data can be fulfilled by a smart conditioner or a climate-control sensor that can register temperature changes with greater precision. The transfer rate may well increase in the nearest future.
How to counter it: Do not place offline computers with classified data next to other, Internet connected computers.
Knock, knock. Who’s there?
A classic well-shielded room does not guarantee full data leakage protection. For electromagnetic noise the steel shield is impermeable; not quite so for ultrasound.
In the case of ultrasound technology, spy equipment is represented in two compact units. One unit is inconspicuously placed inside of the classified room, while the other is placed somewhere outside of it. The data transfer rate through steel for ultrasound reaches up to 12 MB/s. Additionally, no power supply is required for one of the units, as the energy is transmitted along with data.
How to counter it: If you have your own classified steel room, then all of the installed equipment should be minutely inspected.
Overall, awareness and knowledge of modern spy techniques (at least ‘modern’ according to public standards), can leave your data intact. A strong security solution is obligatory for the software side.