As anyone who has tried to use a portable AM or shortwave radio near a computer knows, computers emit a variety of RF signals over a wide range of frequencies. The emissions can extend into the VHF bands. Although these emissions are considered noise or interference, the reality is they contain information about what's happening inside the computer.
Researchers at the George Institute of Technology are studying these emissions to help hardware and software designers develop strategies to plug these RF data leaks. Alenka Zajic, an assistant professor in Georgia Tech’s School of Electrical and Computer Engineering, explains, “People are focused on security for the Internet and on the wireless communication side, but we are concerned with what can be learned from your computer without it intentionally sending anything. Even if you have the Internet connection disabled, you are still emanating information that somebody could use to attack your computer or smartphone.”
Zajic demonstrated how this could work by typing a simulated password on one laptop that was not connected to the Internet. On the other side of a wall, a colleague using another disconnected laptop read the password as it was being typed by intercepting the “side-channel” signal produced by the first laptop's keyboard software. The software had been modified to make the characters easier to identify.
Milos Prvulovic, an associate professor in the Georgia Tech School of Computer Science, said, “There is nothing added in the code to raise suspicion. It looks like a correct, but not terribly efficient version of normal keyboard driver software. And in several applications, such as normal spell-checking, grammar-checking and display-updating, the existing software is sufficient for a successful attack.”
Zajic's team is trying to understand why these side channels exist and what can be done to prevent the data leaks. Zajic said, “We are measuring computers and smartphones to identify the parts of the devices that leak the most. That information can guide efforts to redesign them, and on an architectural level, perhaps change the instructions in the software to change the device behavior.
“When you are executing instructions in the processor, you generate a different type of waveform than if you are doing things in memory, and there is interaction between the two,” Zajic added. Zajic, Prvulovic and graduate student Robert Callen have developed a metric known as “signal available to attacker” (SAVAT) which is a measure of the strength of the signal emitted. The largest signals occurred when processors accessed off-chip memory.
Prvulovic said, “It is not really possible to eliminate all side-channel signals. The trick is to make those signals weak, so potential attackers would have to be closer, use larger antennas and utilize time-consuming signal analyses. We have found that some operations are much ‘louder’ than others, so quieting them would make it more difficult for attackers.”
How can you protect yourself from side-channel attacks? Zajic said, “If somebody is putting strange objects near your computer, you certainly should beware. But from the user’s perspective, there is not much they can do right now. Based on our research, we hope to develop something like virus scan software that will look for vulnerability in the code and tell developers what they should update to reduce this vulnerability.”
The Georgia Tech news release did not describe the equipment the researchers used to measure the side-channel emissions, but stronger signals should be able to be picked up by a software defined radio using a repurposed $20 DVB-T USB stick's RealTek RTL2832u. See Software-Defined Radios Help Explore RF Spectrum for details on the RealTek SDR.