WHY THIS MATTERS IN BRIEF
Faraday cages are supposed to be the ultimate in stopping air gapped computer systems from being attacked and their data exfiltrated, but hackers in Israel have just proved that’s no longer the case.
Two common methods of physical cybersecurity, air gapping and Faraday cages, have been found breachable in two papers released by researchers from Ben Gurion University in Israel, and that’s after other hacks that used electric powerlines, fan noise, heat, infra red cameras, and even LED light and drones, to exfiltrate data from advanced air gapped networks and systems… Faraday cages are grounded cages made of electrically conductive material that can completely block electromagnetic fields and signals. Air-gapped computers are those completely isolated from outside networks and signals. Air-gap setups commonly include Faraday cages.
Anyone who has interacted with a Faraday cage can attest to their effectiveness, put a smartphone in a Faraday cage and you can watch the signal drop instantly. What researchers found, however, is that commonly overlooked low-level magnetic fields can still penetrate air gaps and Faraday cages, allowing attackers to intercept and steal data.
Take a basic compass into a Faraday cage, research lead Dr. Mordechai Guri said, and it will still work.
“While Faraday rooms may successfully block electromagnetic signals that emanate from computers, low frequency magnetic radiation disseminates through the air, penetrating metal shields within the rooms,” he said.
It’s that low-level field that allows attackers to covertly access any device with a CPU hidden inside a Faraday cage or air-gapped room. That’s worth reiterating, anything with a CPU can be manipulated using what Guri and his team call the Odini method.
A device infected with Odini malware can control the low-level magnetic field emitted by a CPU by regulating the load on its cores. Data can then piggyback on the CPU’s magnetic field, transmit outside the Faraday cage or air gap, and be picked up by a receiving device designed to detect magnetic field manipulation.
A second attack, which the team calls Magneto, uses the same method of CPU magnetic field manipulation but allows it to be picked up by a nearby smartphone.
Don’t think sticking the smartphone in a Faraday bag or putting it into airplane mode will stop it from detecting the signal, it’s magnetic, so it passes right through and is picked up by the device’s magnetic field sensor, a standard feature in most modern smartphones.
It’s impossible to escape magnetic fields, they’re a basic part of nature and a fundamental part of computing, which makes Odini and Magneto seriously threatening. The researchers do propose several methods for blocking the attacks, though their practicality is questioned by the team recommending them.
First is shielding sensitive computers from magnetic fields, which the researchers point out is impractical in all but the most sensitive military and scientific applications. In order to reliably shield against the low-frequency fields manipulated by Odini and Magneto, multiple layers of ferromagnetic material, which would weight multiple tons, would need to be built into secure rooms. The paper adds that these ferromagnetic rooms are incredibly expensive.
The second suggestion the team gives is signal jamming using either magnetic field-generating hardware or software. The hardware needed can produce magnetic fields much stronger than CPUs, rendering their emissions unreadable. Software is also available that can run dummy tasks that generate random magnetic signals, but it is processor-intensive and can severely reduce performance.
Third, the team recommends zoning. This would be physical restriction of certain devices, like smartphones, from being anywhere near sensitive machines. It’s no longer enough to just drop the devices into a small Faraday cage, they need to be across the building from vulnerable hardware.
Guri and his team also recommend monitoring hardware for abnormal processes and magnetic radiation, which can be done with standard antivirus, intrusion detection, and intrusion prevention software.
There’s no reason to assume that these attacks exist in the wild, and executing one would require planting malware on the target machines, making it quite difficult, though not impossible, as we saw with Stuxnet. Don’t take chances if you’re responsible for systems secure enough to warrant Faraday cages and air gaps—make plans to enhance your security knowing these kinds of nearly unstoppable attacks are increasingly possible.
