Researchers from Georgia Institute of Technology say that hackers may be able to sneak into your laptop or smartphone just by analysing the low-power electronic signals your device emits
Researchers from Georgia Institute of Technology say that hackers can snoop on your laptop or smartphone just by analysing the low power electronic signals emitted by them. According to the research paper put on Georgia Institute of Technology’s website they can hack a laptop even when it is not connected to internet.
The Researchers are now investigating where these information “leaks” originate so they can help hardware and software designers develop strategies to plug them.
By studying emissions from multiple computers, the researchers have developed a metric for measuring the strength of the leaks – known technically as “side-channel signal” – to help prioritize security efforts.
The research stated that these “side-channel signals” are very low power electronic signals but powerful enough to provide hackers with the necessary vector to attack a unconnected smartphone or laptop. The researchers say that these side-channel signals can used even to hack passwords.
“Side-channel signals emitted by computers and cellphones could provide hackers with another way to see what the devices are doing. By analyzing the low-power electronic signals emitted by these devices – even when they’re not transmitting on the Internet or cellular networks – hackers can obtain information about computer operations and even track passwords.”
One of the researchers, Alena Zajic who is assistant professor in Georgia Tech’s School of Electrical and Computer Engineering said that “People are focused on security for the Internet and on the wireless communication side, but we are concerned with what can be learned from your computer without it intentionally sending anything,”
“Even if you have the Internet connection disabled, you are still emanating information that somebody could use to attack your computer or smartphone,” said Zajic.
The researchers had presented their demonstration presented on December 15 at the 47th Annual IEEE/ACM International Symposium on Microarchitecture in Cambridge, U.K.
The side-channel emissions can be measured several feet away from an operating computer using a variety of spying methods. Electromagnetic emissions can be received using antennas hidden in pockets or purses.
The researchers stated that such acoustic emissions which are sounds produced by electronic components such as capacitors can be easily picked up by microphones hidden beneath tables. Once the information is available the hackers can determine what the laptop or smartphone is doing based on the power fluctuations.
The researchers said that some of the signals can be picked up by our normal AM/FM radio transmitters while other require more sophisticated spectrum analysers. For gadgets, the researchers said that computer components like voltage regulators produce emissions that can be fetched by hackers.
The video of the demonstration presented by the researchers is given below :
“It is not really possible to eliminate all side-channel signal,” said Prvulovic. “The trick is to make those signals weak, so potential attackers would have to be closer, use larger antennas and utilize time-consuming signal analyses. We have found that some operations are much ‘louder’ than others, so quieting them would make it more difficult for attackers.”
The researchers are also now studying smartphones, whose compact design and large differential between idle and in-use power may make them more vulnerable. So far, they have only looked at Android devices.
Because the spying is passive and emits no signals itself, users of computers and smartphones wouldn’t know they’re being watched.
“If somebody is putting strange objects near your computer, you certainly should beware,” said Zajic. “But from the user’s perspective, there is not much they can do right now. Based on our research, we hope to develop something like virus scan software that will look for vulnerability in the code and tell developers what they should update to reduce this vulnerability.”