Hackers may be able to sneak into your laptop or smartphone just by analysing the low-power electronic signals your device emits even when it is not connected to the Internet, researchers say.
Researchers at the Georgia Institute of Technology are now investigating where these information “leaks” originate so they can help hardware and software designers develop strategies to plug them.
By studying emissions from multiple computers, the team from the Georgia Institute of Technology in the US has developed a matrix for measuring the strength of the leaks – known technically as “side-channel signal” – to help prioritise security efforts.
“Side-channel” emissions can be measured several feet away from an operating computer using a variety of spying methods.
“People are focused on security for the Internet and on the wireless communication side, but we are concerned with what can be learned from your computer without it intentionally sending anything,” said Alenka Zajic, an assistant professor in Georgia Tech’s School of Electrical and Computer Engineering.
“Even if you have the Internet connection disabled, you are still emanating information that somebody could use to attack your computer or smartphone,” said Zajic.
Each computer operation has a different potential for leaking information.
The processor draws different amounts of current depending on the operation, creating fluctuations that can be measured.
Saving data to memory also requires a large amount of current, creating a “loud” operation.
“When you are executing instructions in the processor, you generate a different type of waveform than if you are doing things in memory. And there is interaction between the two,” said Alenka Zajic, assistant professor at Georgia Tech.
To measure the vulnerability, Zajic and the team developed a metric known as “signal available to attacker” (SAVAT), which is a measure of the strength of the signal emitted.
They measured the level of SAVAT for 11 different instructions executed on three different laptops and found the largest signals when the processors accessed off-chip memory.
It is not really possible to eliminate all “side-channel signal”.
“The trick is to make those signals weak so potential attackers would have to use larger antennas and utilise time-consuming signal analyses,” Zajic added.
The researchers are also now studying smartphones, whose compact design and large differential between idle and in-use power may make them more vulnerable.
As a demonstration, Zajic typed a simulated password on one laptop that was not connected to the Internet.
On the other side of a wall, a colleague using another disconnected laptop read the password as it was being typed by intercepting side-channel signals produced by the first laptop’s keyboard software, which had been modified to make the characters easier to identify.
“There is nothing added in the code to raise suspicion,” said Milos Prvulovic, an associate professor in the Georgia Tech School of Computer Science.
“It looks like a correct, but not terribly efficient version of normal keyboard driver software. And in several applications, such as normal spell-checking, grammar-checking and display-updating, the existing software is sufficient for a successful attack,” said Prvulovic.
Currently, there is no mention in the open literature of hackers using side-channel attacks, but the researchers believe it is only a matter of time before that happens.