New research from Ben-Gurion University has found that Faraday rooms, or “cages” as they are sometimes known, are still vulnerable to cyber hackers.
Air-gapped computers stored in a hermetically sealed Faraday room have traditionally been used to store an organization’s most sensitive information because this prevents electromagnetic signals from leaking out and being picked up remotely by eavesdropping adversaries.
However, two newly released reports reveal that Faraday rooms and air-gapped computers may not be as secure as previously thought. In this demonstration, the researchers from Ben-Gurion University reveal how attackers can bypass Faraday enclosures and leak data from even the most highly secured computers using the Odini method, which circumvents the magnetic field generated by a computer’s central processing unit.
“While Faraday rooms may successfully block electromagnetic signals that emanate from computers, low frequency magnetic radiation disseminates through the air, penetrating metal shields within the rooms,” explained Dr. Guri, head of the research team. “That’s why a compass still works inside of a Faraday room. Attackers can use this covert magnetic channel to intercept sensitive data from virtually any desktop PCs, servers, laptops, embedded systems, and other devices.”
In a second report, researchers simulate malware keystrokes and passwords to transfer data to a nearby Smartphone. They found that even when the phone is sealed in a Faraday bag or set on airplane mode, attackers can still intercept data.
