• Home
  • News
  • Security
  • New MAGNETO & ODINI Techniques Steal Data From Faraday Cage-Protected Equipment

New MAGNETO & ODINI Techniques Steal Data From Faraday Cage-Protected Equipment

  • February 8, 2018
  • 01:00 AM
  • 2

MAGNETO attack

Research published earlier today by a group of scientists from Israel with a prodigious history of extravagant and extraordinary hacks reveal that an attacker can steal data from air-gapped devices protected by Faraday cages.

Faraday cages, also known as Faraday shields, are metallic enclosures meant to block electromagnetic fields coming in or going out.

While everyone has seen Faraday cages in quirky science TV shows and science laboratories, they are also widely deployed in the real world and are often used to isolate sensitive devices from outside networks.

For example, companies place sensitive networking equipment, servers, or workstations inside data centers or rooms protected by a Faraday cage. Banks regularly use Faraday-shielded rooms to protect servers.

Basis of MAGNETO & ODINI attacks

But these protections have been proven today to be inadequate in two research papers that describe two techniques for stealing data from computers placed inside a Faraday cage.

The two techniques are named MAGNETO and ODINI and are both the work of scientists from the Cyber Security Research Center at the Ben-Gurion University of the Negev in Israel.

Both techniques function on the same premise —of using malware installed on air-gapped devices inside the Faraday cage to regulate the workloads on CPU cores in order to control the magnetic fields emanating from the computer.

Binary data from the computer is encoded in the magnetic field frequencies, which are strong enough to penetrate Faraday cages. A simple explanation from the MAGNETO paper is embedded below:

[M]oving charges in a wire generate a magnetic field. The magnetic field changes according to the acceleration of the charges in the wire. In a standard computer, the wires that supply electricity from the main power supply to the motherboard are the primary source of the magnetic emanation. The CPU is one of the largest consumers of power in the motherboard. Since modern CPUs are energy efficient, the momentary workload of the CPU directly affects the dynamic changes in its power consumption. By regulating the workload of the CPU, it is possible to govern its power consumption, and hence to control the magnetic field generated. In the most basic case, overloading the CPU with calculations will consume more current and generate a stronger magnetic field. By intentionally starting and stopping the CPU workload, we can generate a magnetic field at the
required frequency and modulate binary data over it.

At this point, an attacker must plant a "receiver" outside the Faraday cage in order to record the incoming magnetic field and decode the data.

Differences between MAGNETO & ODINI attacks

While MAGNETO and ODINI achieve the same result —data exfiltration— there are differences between the two. According to the table below, ODINI can transmit data at more considerable distances and at higher speeds but needs a dedicated magnetic sensor to receive the data, something that could stand out and break an attacker's cover.

On the other hand, MAGNETO works with the help of an Android app installed on a regular smartphone (low-cost magnetometers embedded in modern smartphones), and an attack with this method of exfiltration will be harder to detect, as most users carry a smartphone everywhere they go these days.

MAGNETO and ODINI attacks

The reason why these two attacks are novel is that they can break out of shielded devices, something that previous attacks could not.

The reason why previous attacks could not was because they were not pure magnetic attacks, but electromagnetic attacks, relying on electromagnetic-induced radio waves to transmit data from the devices —radio waves that cannot pass through Faraday cages.

The MAGNETO and ODINI transmission channel is a pure magnetic field, which will pass through walls, humans, other objects, and also Faraday cages.

Exfiltration techniques

But both techniques hinge on an attacker's ability to infect air-gapped devices with malware in the first place, malware that would be responsible for generating the magnetic waves used for exfiltration.

Both attacks can be thwarted in their early phases by proper network hygiene and good security practices.

Video demonstrations

The Ben-Gurion team released two proof-of-concept videos today, one showing the MAGNETO attack sending data to a nearby phone wrapped in a Faraday bag, and another showing the ODINI attack sending data to a nearby magnetic sensor outside a Faraday cage-protected vault room.

This research center that came up with these two techniques has a long history of weird hacks and ingenious attacks, detailed below:

LED-it-Go - exfiltrate data from air-gapped systems via an HDD's activity LED
SPEAKE(a)R - use headphones to record audio and spy on nearby users
9-1-1 DDoS - launch DDoS attacks that can cripple a US state's 911 emergency systems
USBee - make a USB connector's data bus give out electromagnetic emissions that can be used to exfiltrate data
AirHopper - use the local GPU card to emit electromagnetic signals to a nearby mobile phone, also used to steal data
Fansmitter - steal data from air-gapped PCs using sounds emanated by a computer's GPU fan
DiskFiltration - use controlled read/write HDD operations to steal data via sound waves
BitWhisper - exfiltrate data from non-networked computers using heat emanations

Unnamed attack - uses flatbed scanners to relay commands to malware infested PCs or to exfiltrate data from compromised systems
xLED - use router or switch LEDs to exfiltrate data
Shattered Trust - using backdoored replacement parts to take over smartphones
aIR-Jumper - use security camera infrared capabilities to steal data from air-gapped networks
HVACKer - use HVAC systems to control malware on air-gapped systems

Related Articles:

Nvidia Creates AI for Training Robots to Learn From Watching Humans

Google Develops AI That Can Separate Voices in a Crowd

Hacker Breaches Syscoin GitHub Account and Poisons Official Client

UK Retailer Says Hacker Accessed 5.9Mil Card Details, 1.2Mil User Records

Cortana Hack Lets You Change Passwords on Locked PCs

Catalin Cimpanu
Catalin Cimpanu is the Security News Editor for Bleeping Computer, where he covers topics such as malware, breaches, vulnerabilities, exploits, hacking news, the Dark Web, and a few more. Catalin previously covered Web & Security news for Softpedia between May 2015 and October 2016. The easiest way to reach Catalin is via his XMPP/Jabber address at campuscodi@xmpp.is. For other contact methods, please visit Catalin's author page.

Comments

  • Occasional Photo
    Occasional - 4 months ago

    Excellent article CC. The detailed explanations make all the difference.

    The research won't have any immediate impact on cybersecurity forensics, or dispel the false impression that lost/stolen devices can always be remotely data-wiped. However, high security facilities will have one more reason not to be over confident.

  • Exnor Photo
    Exnor - 4 months ago

    Great article. Thank you.

Post a Comment Community Rules
You need to login in order to post a comment

Not a member yet? Register Now

You may also like:

Newsletter Sign Up

To receive periodic updates and news from BleepingComputer, please use the form below.

Latest Downloads

Login

Remember Me
Sign in anonymously

Reporter

Help us understand the problem. What is going on with this comment?

Learn more about what is not allowed to be posted.

SUBMIT