New attack methods can steal data from offline PCs
A new hacking method called Covid-bit used for stealing sensitive information from offline PCs has been developed by Mordechai Guri, a researcher at Ben-Gurion University in Beersheba, Israel.
Covid-bit, probably named for Covid social distancing rules that prevented people from being in close proximity, uses so-called air-gapped PCs that are disconnected from the public internet to steal information through the air over six feet distance, even through walls.
Air-gapped systems are commonly used in institutions where highly sensitive data and applications are used such as those related to energy, military weaponry, government, etc.
In order for the targeted system to be exploited, a certain malware has to be pre-installed on it which could only be done via physical access to the machine. This malware actually controls the CPU load and core frequencies in order for the PSU (power supply) unit to produce electromagnetic waves between 0-48kHz.
Guri explained that components in these systems create waves of electromagnetic radiation at specific frequencies during AC/DC conversions. These waves can carry raw data that can be decoded by attackers that are physically away from these systems.
A machine equipped with an antenna that can easily be connected to mobile devices with a 3.5mm audio jack can then decode the raw data by applying a noise filter.
Guri has tested this method on desktops, laptops, and Raspberry Pi3 and discovered that laptops were the hardest to hack since they don’t output a strong enough electromagnetic signal.
On the other hand, desktops can transmit 500 bps with an error rate between 0.01% and 0.8% and 1000bps with an error rate of up to 1.78%. This is still very accurate for an effective data steal.
Guri recommends for air-gapped systems remain safe by monitoring CPU and frequency loads or even locking the CPU to certain core frequencies to prevent data from being decoded and stolen due to their associated electromagnetic radiation.