New Breed Of Cyber Criminal Spies On Your Laptop By Listening To Signals — Even When It’s OFFLINE
Jonathan O’Callaghan, on the January 9, 2014 DailyMailOnline website, begins by noting something that most of us are well aware of. “When your computer performs a spell check, opens up a program, or even just types a letter, it emits a tiny — imperceptible signal. At least — it was thought to be imperceptible. Researchers say a new breed of hackers could ‘listen’ to these signals and find out what your computer is doing. And, researchers are working on methods to keep your computer safe from hackers employing this technique,” Mr. O’Callaghan writes.
“Researchers at The Georgia Institute of Technology are investigating where these information ‘leaks’ originate, — so they can help hardware and software designers develop strategies to plug them. Studying emissions from several computers, researchers have found a way to measure the strength of the leaks — known technically as ‘side-channel signals,’ — and prioritize security efforts,” the DailyMail noted.
“Worrying, the signals didn’t even require your computer to be online — simply being active is enough for a hacker to listen to what you are up to.”
“People are focused on security for the Internet, and on the wireless communication side; but, we are concerned with what can be learned from your computer without it intentionally sending anything.’ said Dr. Alenka Zajic, an Assistant Professor in Georgia Tech’s School of Electrical and Computer Engineering. “Even if you have an Internet connection disabled, you are still emanating information that somebody could use to attack your computer, or smartphone,” Professor Zajic added.
“Side-channel emissions can be measured several feet away from an operating computer, using a variety of spying methods,” Mr. O’Callaghan writes. Electromagnetic emissions can be received using antennas hidden in a briefcase, for instance. Acoustic emissions — sounds produced by electronic components, such as capacitors — can be picked up by microphones hidden underneath a table. Information on power fluctuations, which can help hackers determine what the computer is doing — can be measured by fake battery chargers, plugged into power outlets adjacent to a laptop’s power converter. Some signals can be picked up by a simple AM/FM radio, while others require more sophisticated spectrum analyzers. And, computer components such as voltage regulators produce emissions that can carry signals produced elsewhere on the laptop. Because the spying is passive and emits no signals itself, users of computers and smartphones wouldn’t know they’re being watched,”
“If somebody is putting strange objects near your computer, you certainly be aware,” said Dr. Zajic. “But, from the user’s perspective, we hope to develop something like virus scan software that will look for vulnerability in the code…and tell developers what they should update to reduce this vulnerability.”
“As a demonstration,” Dr. Zajic typed a simulated password on a laptop that was not connected to the Internet. On the other side of the wall, a colleague using another disconnected laptop — read the password as if it was being typed by intercepting side-channel signals produced by the first laptop’s keyboard software, which had been modified to make the characters easier to identify. “There is nothing added in the code to raise suspicion,” Dr. Milos Prvulovic, an Associate Professor in the Georgia Tech School of Computer Science. “It looks like a correct, but terribly efficient version of normal keyboard driver software. And, in several applications, such as normal spell checking, grammar-checking and display-updating, the existing software is sufficient for a successful attack.”
“Currently,” Mr. O’Callaghan writes, “there has been no mention in the open literature of hackers — using side-channel attacks; but, the researchers believe it’s only a matter of time before that happens. The potential risks of side-channel emissions have been reported over the years, but not at the level of detail being reported by the Georgia Tech researchers,” he contends. I think the Israelis have done a fair amount in this area; and, for at least the past 18 months or two years — but, I could be mistaken, “Of course it is possible that everyone is using it right now; but, they aren’t sharing that information,” Dr. Zajic said.
There are so many ways of compromising someone’s laptop or smartphone, that the list would be too long to detail here on this note. Even encryption has weaknesses and tradeoffs. Software user beware. V/R, RCP