ODINI : Escaping Sensitive Data from Faraday-Caged, Air-Gapped Computers via Magnetic Fields
February 08, 2018 Β· Declared Dead Β· π IEEE Transactions on Information Forensics and Security
"No code URL or promise found in abstract"
Evidence collected by the PWNC Scanner
Authors
Mordechai Guri, Boris Zadov, Andrey Daidakulov, Yuval Elovici
arXiv ID
1802.02700
Category
cs.CR: Cryptography & Security
Citations
86
Venue
IEEE Transactions on Information Forensics and Security
Last Checked
4 months ago
Abstract
Air-gapped computers are computers which are kept isolated from the Internet, because they store and process sensitive information. When highly sensitive data is involved, an air-gapped computer might also be kept secluded in a Faraday cage. The Faraday cage prevents the leakage of electromagnetic signals emanating from various computer parts, which may be picked up by an eavesdropping adversary remotely. The air-gap separation, coupled with the Faraday shield, provides a high level of isolation, preventing the potential leakage of sensitive data from the system. In this paper, we show how attackers can bypass Faraday cages and air-gaps in order to leak data from highly secure computers. Our method is based on an exploitation of the magnetic field generated by the computer CPU. Unlike electromagnetic radiation (EMR), low frequency magnetic radiation propagates though the air, penetrating metal shielding such as Faraday cages (e.g., compass still works inside Faraday cages). We introduce a malware code-named ODINI that can control the low frequency magnetic fields emitted from the infected computer by regulating the load of the CPU cores. Arbitrary data can be modulated and transmitted on top of the magnetic emission and received by a magnetic receiver (bug) placed nearby. We provide technical background and examine the characteristics of the magnetic fields. We implement a malware prototype and discuss the design considerations along with the implementation details. We also show that the malicious code does not require special privileges (e.g., root) and can successfully operate from within isolated virtual machines (VMs) as well.
Community Contributions
Found the code? Know the venue? Think something is wrong? Let us know!
π Similar Papers
In the same crypt β Cryptography & Security
R.I.P.
π»
Ghosted
R.I.P.
π»
Ghosted
The Limitations of Deep Learning in Adversarial Settings
R.I.P.
π»
Ghosted
Distillation as a Defense to Adversarial Perturbations against Deep Neural Networks
R.I.P.
π»
Ghosted
Spectre Attacks: Exploiting Speculative Execution
R.I.P.
π»
Ghosted
How To Backdoor Federated Learning
R.I.P.
π»
Ghosted
Evasion Attacks against Machine Learning at Test Time
Died the same way β π» Ghosted
R.I.P.
π»
Ghosted
Federated Learning: Strategies for Improving Communication Efficiency
R.I.P.
π»
Ghosted
In-Datacenter Performance Analysis of a Tensor Processing Unit
R.I.P.
π»
Ghosted
Deep Convolutional Neural Networks for Computer-Aided Detection: CNN Architectures, Dataset Characteristics and Transfer Learning
R.I.P.
π»
Ghosted