BGU’s Information Escape Artist
February 13, 2018
WIRED – The field of cyber security is obsessed with preventing and detecting breaches, finding every possible strategy to keep hackers from infiltrating your digital inner sanctum.
But, Dr. Mordechai Guri, head of research and development at BGU’s Cyber Security Research Center (CSRC), has spent the last four years fixated instead on exfiltration: How spies pull information out once they’ve gotten in.
Specifically, he focuses on stealing secrets sensitive enough to be stored on an air-gapped computer, one that’s disconnected from all networks and sometimes even shielded from radio waves. Which makes Dr. Guri something like an information escape artist.
“Everyone was talking about breaking the air gap to get in, but no one was talking about getting the information out,” Dr. Guri says of his initial covert channel work, which he started in 2014 as a Ph.D. student in BGU’s Department of Information Systems Engineering.
“That opened the gate to all this research, to break the paradigm that there’s a hermetic seal around air-gapped networks.”
More, perhaps, than any single researcher outside of a three-letter agency, Dr. Guri has uniquely fixated his career on defeating air gaps by using so-called “covert channels,” stealthy methods of transmitting data in ways that most security models don’t account for.
Dr. Guri’s team of CSRC experts has invented one devious hack after another that takes advantage of the accidental and little-noticed emissions of a computer’s components — everything from light to sound to heat.
They have shown, for instance, that it’s possible to trick a fully offline computer into leaking data to another nearby device via the noise its internal fan generates, by changing air temperatures in patterns that the receiving computer can detect with thermal sensors, or even by blinking out a stream of information from a computer hard drive LED to the camera on a quadcopter drone hovering outside a nearby window.
In newly published research, Dr. Guri’s CSRC team has even shown that they can pull data off a computer protected by not only an air gap, but also a Faraday cage designed to block all radio signals.
This new technique they call MAGNETO, is what Dr, Guri describes as the most dangerous yet of the dozen covert channels they’ve developed over the last four years. By carefully coordinating operations on a computer’s processor cores to create certain frequencies of electrical signals, their malware can electrically generate a pattern of magnetic forces powerful enough to carry a small stream of information to nearby devices.
The team went so far as to built an Android app they call ODINI, named for the escape artist Harry Houdini, to catch those signals using a phone’s magnetometer, the magnetic sensor that enables its compass and remains active even when the phone is in airplane mode.
Depending on how close that smartphone “bug” is to the target air-gapped computer, the team could exfiltrate stolen data at between one and 40 bits a second—even at the slowest rate, fast enough to steal a password in a minute, or a 4096-bit encryption key in a little over an hour.
Dr. Guri’s technique communicates with strong magnetic forces that can penetrate even Faraday barriers, like metal-lined walls, or a smartphone kept in a Faraday bag. “The simple solution to other techniques [designed to keep hackers out] was simply to put the computer in a Faraday cage and all the signals are jailed,” Dr. Guri says. “We’ve shown it doesn’t work like that.”