Tuesday, November 24, 2020

Researchers work to counter a new class of coffee shop hackers

Must read

Canadian-Based Forensic Anthropologists are Helping Bring Closure to Guatemalan Genocide Victims

by Raf Katigbak, VICE From an outsider's perspective, the job of a forensic anthropologist can seem almost mundane. There's the practical side: the digging, the meticulous...

Video: How DNA brought the BTK killer down

The Smithsonian Channel series: Catching Killers have created an informative video to show when BTK started killing, using DNA evidence wasn't the norm. But 20 years later, tiny traces...

Fake fingerprints could help fight fraud

Who says only humans should have fingerprints? A technique for generating artificial ones could see banknotes, jewellery and other valuables tagged with a unique...

New modified fingerprint chemical that fluoresces touch DNA on clothing

In sexual assault and burglary investigations, the recovery of DNA from items that have been handled by the suspect is very important....
Michael Whyte
Crime Scene Officer and Fingerprint Expert with over 7 years experience in Crime Scene Investigation and Latent Print Analysis. The opinions or assertions contained on this site are the private views of the author and are not to be construed as those of any professional organisation or policing body.
- Forensic Podcast -

If you’re sitting in a coffee shop, tapping away on your laptop, feeling safe from hackers because you didn’t connect to the shop’s wi-fi, think again. The bad guys may be able to see what you’re doing just by analyzing the low-power electronic signals your laptop emits even when it’s not connected to the Internet.

And smartphones may be even more vulnerable to such spying.

Researchers at the Georgia Institute of Technology are investigating where these information “leaks” originate so they can help hardware and software designers develop strategies to plug them. By studying emissions from multiple computers, the researchers have developed a metric for measuring the strength of the leaks – known technically as “side-channel signal” – to help prioritize security efforts.

“People are focused on security for the Internet and on the wireless communication side, but we are concerned with what can be learned from your computer without it intentionally sending anything,” said Alenka Zajic, an assistant professor in Georgia Tech’s School of Electrical and Computer Engineering. “Even if you have the Internet connection disabled, you are still emanating information that somebody could use to attack your computer or smartphone.”

Results of the research were presented December 15 at the 47th Annual IEEE/ACM International Symposium on Microarchitecture in Cambridge, U.K. The work is sponsored by the National Science Foundation and the Air Force Office of Scientific Research.

Side-channel emissions can be measured several feet away from an operating computer using a variety of spying methods. Electromagnetic emissions can be received using antennas hidden in a briefcase, for instance. Acoustic emissions – sounds produced by electronic components such as capacitors – can be picked up by microphones hidden beneath tables. Information on power fluctuations, which can help hackers determine what the computer is doing, can be measured by fake battery chargers plugged into power outlets adjacent to a laptop’s power converter.

Some signals can be picked up by a simple AM/FM radio, while others require more sophisticated spectrum analyzers.  And computer components such as voltage regulators produce emissions that can carry signals produced elsewhere in the laptop.

As a demonstration, Zajic typed a simulated password on one laptop that was not connected to the Internet. On the other side of a wall, a colleague using another disconnected laptop read the password as it was being typed by intercepting side-channel signals produced by the first laptop’s keyboard software, which had been modified to make the characters easier to identify.

“There is nothing added in the code to raise suspicion,” said Milos Prvulovic, an associate professor in the Georgia Tech School of Computer Science. “It looks like a correct, but not terribly efficient version of normal keyboard driver software. And in several applications, such as normal spell-checking, grammar-checking and display-updating, the existing software is sufficient for a successful attack.”

Currently, there is no mention in the open literature of hackers using side-channel attacks, but the researchers believe it’s only a matter of time before that happens. The potential risks of side-channel emissions have been reported over the years, but not at the level of detail being studied by the Georgia Tech researchers.

“Of course, it’s possible that somebody is using it right now, but they are not sharing that information,” Zajic noted.

To counter the threat, the researchers are determining where the leaks originate.

“We are trying to understand why these side channels exist and what can be done to fix these leaks,” said Zajic. “We are measuring computers and smartphones to identify the parts of the devices that leak the most. That information can guide efforts to redesign them, and on an architectural level, perhaps change the instructions in the software to change the device behavior.”

Each computer operation has a different potential for leaking information. The processor draws different amounts of current depending on the operation, creating fluctuations that can be measured. Saving data to memory also requires a large amount of current, creating a “loud” operation.

“When you are executing instructions in the processor, you generate a different type of waveform than if you are doing things in memory,” explained Zajic. “And there is interaction between the two.”

To measure the vulnerability, Zajic, Prvulovic and graduate student Robert Callen developed a metric known as “signal available to attacker” (SAVAT), which is a measure of the strength of the signal emitted. They measured the level of SAVAT for 11 different instructions executed on three different laptops, and found the largest signals when the processors accessed off-chip memory.

“It is not really possible to eliminate all side-channel signal,” said Prvulovic. “The trick is to make those signals weak, so potential attackers would have to be closer, use larger antennas and utilize time-consuming signal analyses. We have found that some operations are much ‘louder’ than others, so quieting them would make it more difficult for attackers.”

The researchers are also now studying smartphones, whose compact design and large differential between idle and in-use power may make them more vulnerable. So far, they have only looked at Android devices.

Because the spying is passive and emits no signals itself, users of computers and smartphones wouldn’t know they’re being watched.

“If somebody is putting strange objects near your computer, you certainly should beware,” said Zajic. “But from the user’s perspective, there is not much they can do right now. Based on our research, we hope to develop something like virus scan software that will look for vulnerability in the code and tell developers what they should update to reduce this vulerability.”

Source: Georgia Institute of Technology

- Advertisement -

More articles

- Advertisement -

Latest article

Trees and shrubs might reveal the location of decomposing bodies

Plants could help investigators find dead bodies. Botanists believe the sudden flush of nutrients into the soil from decomposition may affect nearby foliage. If...

Are Detectives discounting the associative value of fingerprints that fall short of an identification in their investigations?

Every day, Fingerprint Experts in every latent office across the globe examine fingermarks that they determine to fall short of an identification....

Using the NCIC Bayesian Network to improve your AFIS searches

This National Crime Information Centre (NCIC) Bayesian network is based on the statistical data of general patterns of fingerprints on the hands...

DNA decontamination of fingerprint brushes

Using fingerprint brushes across multiple crime scenes yields a high risk of DNA cross-contamination. Thankfully an Australian study has discovered a quick and easy way to safely decontaminate fingerprint brushes to prevent this contamination risk and allows the brushes to be safely reused even after multiple cleaning cycles.

Detection of latent fingerprint hidden beneath adhesive tape by optical coherence tomography

Adhesive tape is a common item which can be encountered in criminal cases involving rape, murder, kidnapping and explosives. It is often the case...