Research published earlier today by a group of scientists from Israel with a prodigious history of extravagant and extraordinary hacks reveal that an attacker can steal data from air-gapped devices protected by Faraday cages.
Faraday cages, also known as Faraday shields, are metallic enclosures meant to block electromagnetic fields coming in or going out.
While everyone has seen Faraday cages in quirky science TV shows and science laboratories, they are also widely deployed in the real world and are often used to isolate sensitive devices from outside networks.
For example, companies place sensitive networking equipment, servers, or workstations inside data centers or rooms protected by a Faraday cage. Banks regularly use Faraday-shielded rooms to protect servers.
But these protections have been proven today to be inadequate in two research papers that describe two techniques for stealing data from computers placed inside a Faraday cage.
Both techniques function on the same premise —of using malware installed on air-gapped devices inside the Faraday cage to regulate the workloads on CPU cores in order to control the magnetic fields emanating from the computer.
Binary data from the computer is encoded in the magnetic field frequencies, which are strong enough to penetrate Faraday cages. A simple explanation from the MAGNETO paper is embedded below:
At this point, an attacker must plant a "receiver" outside the Faraday cage in order to record the incoming magnetic field and decode the data.
While MAGNETO and ODINI achieve the same result —data exfiltration— there are differences between the two. According to the table below, ODINI can transmit data at more considerable distances and at higher speeds but needs a dedicated magnetic sensor to receive the data, something that could stand out and break an attacker's cover.
On the other hand, MAGNETO works with the help of an Android app installed on a regular smartphone (low-cost magnetometers embedded in modern smartphones), and an attack with this method of exfiltration will be harder to detect, as most users carry a smartphone everywhere they go these days.
The reason why these two attacks are novel is that they can break out of shielded devices, something that previous attacks could not.
The reason why previous attacks could not was because they were not pure magnetic attacks, but electromagnetic attacks, relying on electromagnetic-induced radio waves to transmit data from the devices —radio waves that cannot pass through Faraday cages.
The MAGNETO and ODINI transmission channel is a pure magnetic field, which will pass through walls, humans, other objects, and also Faraday cages.
But both techniques hinge on an attacker's ability to infect air-gapped devices with malware in the first place, malware that would be responsible for generating the magnetic waves used for exfiltration.
Both attacks can be thwarted in their early phases by proper network hygiene and good security practices.
The Ben-Gurion team released two proof-of-concept videos today, one showing the MAGNETO attack sending data to a nearby phone wrapped in a Faraday bag, and another showing the ODINI attack sending data to a nearby magnetic sensor outside a Faraday cage-protected vault room.
This researcher center that came up with these two techniques has a long history of weird hacks and ingenious attacks, detailed below: