Researchers Uncover New Vulnerability For Computers Used in Public Places

Security experts are discovering computers and smartphones being used in public places are vulnerable to hackers even if they are not connected to the Internet.

Low-power electronic signals that laptops emit could be read by spies or other eavesdroppers, researchers at the Georgia Institute of Technology have found.

“People are focused on security for the Internet and on the wireless communication side, but we are concerned with what can be learned from your computer without it intentionally sending anything,” said Alenka Zajic, an assistant professor in Georgia Tech’s school of electrical and computer engineering. “Even if you have the Internet connection disabled, you are still emanating information that somebody could use to attack your computer or smartphone,” he said in a statement. Because the spying is passive and emits no signals itself, users of computers and smartphones wouldn’t know they’re being watched.

By studying emissions from multiple computers, the researchers have developed a metric for measuring the strength of the leaks — known as “side-channel signals” — to help prioritize security efforts. The National Science Foundation and the Air Force office of scientific research are funding the research.

Side-channel emissions can be measured several feet away from an operating computer by using a variety of spying methods. For example, they can be received using antennas hidden in a briefcase.

Acoustic emissions — sounds produced by electronic components such as capacitors — can be picked up by microphones hidden beneath tables. Information on power fluctuations, which can help hackers determine what the computer is doing, can be measured by fake battery chargers plugged into power outlets adjacent to a laptop’s power converter, according to information provided by the university.

Some signals can be picked up by a simple AM/FM radio, while others require more sophisticated spectrum analyzers. Computer components such as voltage regulators produce emissions that can carry signals produced elsewhere in the laptop, it said.

Currently, there is no mention in the open literature of hackers using side-channel attacks, but the researchers believe it’s only a matter of time before that happens. The potential risks of side-channel emissions have been reported over the years, but not at the level of detail being studied by the Georgia Tech researchers.

“Of course, it’s possible that somebody is using it right now, but they are not sharing that information,” Zajic noted.

The researchers are also now studying smartphones, whose compact design and large differential between idle and in-use power may make them more vulnerable. So far, they have only looked at Android devices.

Topics: C4ISR, Cybersecurity