Researchers at the Georgia Institute of Technology have developed a methodology that uses electromagnetic (EM) side-channel signals to attack a computer, regardless of whether or not it’s been air-gapped.
In their research paper, Robert Callan, Alenka Zajic, and Milos Prvulovic discuss that their metric, which they call Signal Available to Attacker (SAVAT), exploits a natural yet not readily apparent vulnerability in all CPUs: the emission of electromagnetic signals, known as “side channels,” when performing certain tasks.
As Zajic explains, “The reason for studying EM and power side-channels is the fact that zeros and ones have different voltage levels.” These voltage fluctuations, in turn, release EM radiation, which can be captured and analyzed at up to six meters away.
Traditionally, side-channel attacks have received less attention from researchers due to the difficulty of distinguishing useful information and the weakness of the electromagnetic signals.
The researchers’ metric overcomes those problems, however.
“Our measurement methodology proposes directly analyzing the signal created by the execution of code containing both A and B instructions,” explains the team. “This code is carefully constructed so that any signal due to differences between the A and B instructions is localized in frequency.”
They have also developed the means to amplify weak EM signals. This allows attackers to potentially decode keystrokes from across the room, as is demonstrated by Prvulovic in this video.
This is not the first time EM signals have been used to compromise air-gapped computers. For instance, security researcher Mordechai Guri with guidance from Professor Yuval Elovici from the cyber security labs at Ben-Gurion University developed “AirHopper,” a method which captures EM radiation using a mobile phone and sends the data to a remote server where it can be analyzed. A video of AirHopper in action can be found here.
Some have pointed out that this particular vulnerability could be remedied via the use of a Farraday Cage. However, whether users at home would be willing to implement this precaution is another matter.