Laptops, Smartphones Vulnerable To Offline Hacks

(Inside Science) -- Hackers equipped with little more than a cheap radio antenna could spy on your digital activities by monitoring the electronic signals your computer produces during the course of its normal operations.

Even disconnecting from the Internet won’t help protect you from this kind of so-called “side channel” attack, and your smartphone may be even more vulnerable, experts say.

As the name suggests, side channel attacks are indirect, relying on side effects of the computer’s activity, which are subtle but detectable, to spy on “leaks.” For example, electronic components such as capacitors and coils generate high-frequency sounds that are inaudible to humans but can be picked up by microphones. Similarly, a fake battery charger plugged into power outlets next to a laptop’s power converter could measure fluctuating power levels that could reveal what a computer is doing.

“In a conventional attack, a hacker might try to intercept a data signal that you’ve sent over an overt channel, like the Internet,” said Milos Prvulovic, a computer scientist at the Georgia Institute of Technology in Atlanta. “A side channel is an unavoidable consequence of doing computation.”

In a new study, which was presented last month at the IEEE/ACM International Symposium on Microarchitecture in Cambridge, U.K., Prvulovic and his colleagues focused on electromagnetic (EM) emanations, a side channel signal generated anytime electrical current flows through a wire.

The team developed a metric for ranking the strength of EM emanations generated during various computer operations. For example, a computer’s microprocessor will draw different amounts of current depending on the task it is performing.

Using standard AM/FM radio antennas, the team measured the EM emanation signals for 11 different computer operations that were executed on three different laptops. They found that by far, the “loudest” operation occurred as the laptops were writing data to RAM, or random-access memory, a type of computer memory that allows for quick information retrieval.

“We tested a variety of antennas, ranging from one that cost $400 to a $1 antenna that was stripped from a radio and that we bought off of eBay,” Prvulovic said.

The team hopes that hardware and software developers can use their metric to identify leaks in their devices and programs and plug them before hackers can exploit them.

“What’s tricky with side channels is that you can’t eliminate the signals fully,” Prvulovic explained. “But what you can do is try to weaken them to reduce their visibility.”

One way to do this would be to change the architecture of microprocessors and other computer components so that their EM emanations aren’t easily distinguishable from one another. This would make it harder for a hacker to determine what component inside a computer is being activated. Such a detail could provide a clue about what the user is doing. Alternatively, programmers could adjust their code to avoid using “loud” instructions that can be easily picked up by an antenna.

Eran Tromer, a computer scientist at Tel Aviv University in Israel, said that most of the computers sold to consumers are at risk from side channel attacks like the one that Prvulovic’s team investigated.

“General-purpose computers, due to efficiency and cost concerns, include few protections, and are generally vulnerable,” said Tromer, who did not participate in the research.

In 2013, Tromer and his team showed that it was possible to recreate the decryption key that would unlock a user’s secure messages by spying on their computer’s acoustic emissions. A hacker interested in launching a side channel attack has many choices, he said. “EM has the advantage of high bandwidth and wireless contact,” he added. “Sound has the advantage that microphones are readily available and can be remotely activated by malware, and conducted emanations”–mechanical vibrations generated by a computer’s metal enclosure–“can propagate for very long distances.”

Prvulovic’s team also looked at EM emanations from smartphones, and found that they were even more noticeable than those emitted by laptops due to their high signal-to-noise ratio.

“Today’s smartphones are very power savvy. They create weaker EM signals because they use lower voltages, but on the other hand they don’t perform unnecessary tasks, so they create almost zero noise,” Prvulovic said.

Experts say that it is extremely difficult, if not impossible, to eliminate side channel vulnerabilities completely.

“Strong protection against side channels is possible, but very expensive in cost and performance, and still covers only the attacks known at the time of manufacture," Tromer said. “Few organizations, let alone consumers, can afford such hardware.”

Prvulovic agreed. “There will always be some vulnerability that someone with enough resources will be able to exploit,” Prvulovic said.

Ker Than is a freelance writer living in the Bay Area. He tweets at @kerthan.