A technique widely used to avoid hacking a computer is to isolate it completely from the network, known as air-gapped. This technique was used to write the script of the latest Star Wars movie, and it is one of the few ways to be completely sure that they will not be able to steal anything from that computer. Or so we believed until now.
MAGNETO and ODINI are the methods of remote espionage even with an isolated PC
A team of information security researchers, dedicated to finding ways to extract data remotely from isolated computers, has published an investigation demonstrating how it is possible to steal data from an isolated computer. And not only by air without blockages in between, but inside a Faraday box.
While the first are isolated at the level of connectivity of a network, a Faraday box blocks any electromagnetic emission inside, such as mobile network, Wi-Fi, Bluetooth, etc. This is the reason why when you want to isolate a mobile there is someone who puts it in the fridge, because it acts as a Faraday box because it is made of metal.
The group of information security experts has found at least two ways to bypass this type of protection.
MAGNETO and ODINI, both use a malware installed on the computer inside the Faraday box based on the changes that are made in the magnetic field by the processor cores. Thanks to this, information can be transmitted secretly, explain a company specialized in information security.
According to notes of information security experts MAGNETO requires an application for Android installed in the mobile near the PC, which through the magnetometer of the mobile can receive data from the attacked computer. ODIN, on the other hand, allows to capture the signal from further away through a dedicated magnetic sensor.
As per investigation of the International Institute of Cyber Security the malware allows you to obtain written text on your computer in real time.
For this type of attack it is first necessary that the malware is installed on the PC to spy. This step is perhaps the most complex, but a user can install it without wanting to introduce a program. If the computer is isolated from the Internet, it may not have the antivirus databases up to date. In addition, the malware is very light and does not require administrator permission, so it can go unnoticed by the antivirus.
Once installed, the malware is able to act as a keylogger and record everything written, even getting passwords. Once the data is obtained, they send it through magnetic frequency patterns changing the processor load; the greater the load, the greater the intensity of the generated magnetic field. These emissions (acoustic, optical or thermal) are collected by a receiver near the PC, and are emitted in the form of 0 and 1 with patterns similar to the Morse code.
Pursuant to the information security experts the speed with MAGNETO is 5 bits per second at a distance of up to 12.5 centimeters, while with ODINI the speed is 40 bits per second up to 1 or 1.5 meters.
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.