If you’re at a hotel or café and connected to public Wi-Fi, you might have reason to fear hackers. After all, security is one reason Marriott cites for wanting to block hotspots on its properties and require you to pay to connect to its supposedly well managed and secure Wi-Fi system.
However, even if your Wi-Fi function is turned off, you may be susceptible to a nearby hacker passively monitoring your laptop through acoustic or electromagnetic side-channel signals. Researchers at the Georgia Institute of Technology are studying emissions from computers to help hardware and software designers develop strategies to help plug information leaks.
“People are focused on security for the Internet and on the wireless communication side, but we are concerned with what can be learned from your computer without it intentionally sending anything,” said Alenka Zajic, an assistant professor in Georgia Tech’s School of Electrical and Computer Engineering, as quoted at Newswise. “Even if you have the Internet connection disabled, you are still emanating information that somebody could use to attack your computer or smartphone.”
The researchers point out that side-channel electromagnetic emissions from a computer can be received several feet away from an operating computer using antennas hidden in a briefcase. A spectrum analyzer would be the instrument of choice for measuring such signals, although an AM/FM radio might suffice.
Acoustic emissions can be picked up by microphones hidden beneath tables. And information on power fluctuations can be measured by fake battery chargers plugged into power outlets adjacent to a laptop’s power converter.
The researchers have developed a metric called “signal available to attacker” (SAVAT) to indicate vulnerability. SAVAT is particularly large for off-chip memory access.
“It is not really possible to eliminate all side-channel signal,” said Milos Prvulovic, an associate professor in the Georgia Tech School of Computer Science. “The trick is to make those signals weak, so potential attackers would have to be closer, use larger antennas, and utilize time-consuming signal analyses. We have found that some operations are much ‘louder’ than others, so quieting them would make it more difficult for attackers.”
Side-channel signal analysis is probably not ready for prime time among data thieves. Zajic and a colleague have demonstrated the use of side-channel signals to steal a password she was typing, but her test computer’s keyboard software had been modified to make the characters more distinct.
The researchers have not found mentions in open literature of side-channel signals being used to steal data, but, added Zajic, “Of course, it is possible that somebody is using it right now, but they are not sharing that information.”
For now, according to Zajic, your best bet is to beware if someone is trying to place strange objects near your computer.
Results of the research were presented December 15, 2014, at the 47th Annual IEEE/ACM International Symposium on Microarchitecture in Cambridge, U.K. The work is sponsored by the National Science Foundation and the Air Force Office of Scientific Research.