Skip to main content

ODINI: Escaping Sensitive Data FromFaraday-Caged, Air-Gapped Computersvia Magnetic Fields

 https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=8820015

 

Abstract— Air-gapped computers are devices that are keptisolated from the Internet, because they store and process sensi-tive information. When highly sensitive data is involved, an air-gapped computer might also be kept secluded in a Faraday cage.The Faraday cage prevents the leakage of electromagnetic signalsemanating from various computer parts, which may be picked upremotely by an eavesdropping adversary. The air-gap separation,coupled with the Faraday shield, provides a high level of isolation,preventing the potential leakage of sensitive data from the system.In this paper, we show how attackers can bypass Faraday cagesand air-gaps in order to leak data from highly secure computers.Our method is based on exploitation of the magnetic field gen-erated by the computer’s CPU. Unlike electromagnetic radiation(EMR), low frequency magnetic fields propagate through theair, penetrating metal shielding such as Faraday cages (e.g.,a compass still works inside a Faraday cage). Since the CPU isan essential part of any computer, the magnetic covert channel isrelevant to virtually any device with a CPU: desktop PCs, servers,laptops, embedded systems, and Internet of Things (IoT) devices.We introduce a malware codenamed ‘ODINI’ that can controlthe low frequency magnetic fields emitted from the infectedcomputer by regulating the load of the CPU cores. Arbitrarydata can be modulated and transmitted on top of the magneticemission and received by a magnetic ‘bug’ located nearby.We implement a malware prototype and discuss the designconsiderations along with the implementation details. We alsoshow that the malicious code does not require special privileges(e.g., root) and can successfully operate from within isolatedvirtual machines (VMs) as well. Finally, we propose differenttypes of defensive countermeasures such as signal detection andsignal jamming to cope with this type of threat (demonstrationvideo: https://www.youtube.com/watch?v=h07iXD-aSCA).Index Terms— Network security, air gaps, computer viruses.

Comments

Post a Comment

Popular posts from this blog

Logic Analyzer with STM32 Boards

https://sysprogs.com/w/how-we-turned-8-popular-stm32-boards-into-powerful-logic-analyzers/ How We Turned 8 Popular STM32 Boards into Powerful Logic Analyzers March 23, 2017 Ivan Shcherbakov The idea of making a “soft logic analyzer” that will run on top of popular prototyping boards has been crossing my mind since we first got acquainted with the STM32 Discovery and Nucleo boards. The STM32 GPIO is blazingly fast and the built-in DMA controller looks powerful enough to handle high bandwidths. So having that in mind, we spent several months perfecting both software and firmware side and here is what we got in the end. Capturing the signals The main challenge when using a microcontroller like STM32 as a core of a logic analyzer is dealing with sampling irregularities. Unlike FPGA-based analyzers, the microcontroller has to share the same resources to load instructions from memory, read/write th...
Post a Comment
Read more

The Difference Between LEGO MINDSTORMS EV3 Home Edition (#31313) and LEGO MINDSTORMS Education EV3 (#45544)

http://robotsquare.com/2013/11/25/difference-between-ev3-home-edition-and-education-ev3/ This article covers the difference between the LEGO MINDSTORMS EV3 Home Edition and LEGO MINDSTORMS Education EV3 products. Other articles in the ‘difference between’ series: * The difference and compatibility between EV3 and NXT ( link ) * The difference between NXT Home Edition and NXT Education products ( link ) One robotics platform, two targets The LEGO MINDSTORMS EV3 robotics platform has been developed for two different target audiences. We have home users (children and hobbyists) and educational users (students and teachers). LEGO has designed a base set for each group, as well as several add on sets. There isn’t a clear line between home users and educational users, though. It’s fine to use the Education set at home, and it’s fine to use the Home Edition set at school. This article aims to clarify the differences between the two product lines so you can decide which...
1 comment
Read more

Building a portable GSM BTS using the Nuand bladeRF, Raspberry Pi and YateBTS (The Definitive and Step by Step Guide)

https://blog.strcpy.info/2016/04/21/building-a-portable-gsm-bts-using-bladerf-raspberry-and-yatebts-the-definitive-guide/ Building a portable GSM BTS using the Nuand bladeRF, Raspberry Pi and YateBTS (The Definitive and Step by Step Guide) I was always amazed when I read articles published by some hackers related to GSM technology. H owever , playing with GSM technologies was not cheap until the arrival of Software Defined Radios (SDRs), besides not being something easy to be implemented. A fter reading various articles related to GSM BTS, I noticed that there were a lot of inconsistent and or incomplete information related to the topic. From this, I decided to write this article, detailing and describing step by step the building process of a portable and operational GSM BTS. Before starting with the “hands on”, I would like to thank all the pioneering Hackers and Researchers who started the studies related to previously closed GSM technology. In part...
Post a Comment
Read more