MAGNETO and ODINI
Both the techniques make use of proof-of-concept (PoC) malware installed on an air-gapped computer inside the Faraday cage to control the "magnetic fields emanating from the computer by regulating workloads on the CPU cores" and use it to transmit data stealthily.The two techniques are named MAGNETO and ODINI and are both the work of scientists from the Cyber Security Research Center at the Ben-Gurion University of the Negev in Israel.
This a part extracted from their research paper
[M]oving charges in a wire generate a magnetic field. The magnetic field changes according to the acceleration of the charges in the wire. In a standard computer, the wires that supply electricity from the main power supply to the motherboard are the primary source of the magnetic emanation. The CPU is one of the largest consumers of power in the motherboard. Since modern CPUs are energy efficient, the momentary workload of the CPU directly affects the dynamic changes in its power consumption. By regulating the workload of the CPU, it is possible to govern its power consumption, and hence to control the magnetic field generated. In the most basic case, overloading the CPU with calculations will consume more current and generate a stronger magnetic field. By intentionally starting and stopping the CPU workload, we can generate a magnetic field at the required frequency and modulate binary data over it.
MAGNETO and ODINI comparison
ODINI can transmit data at more considerable distances and at higher speeds but needs a dedicated magnetic sensor to receive the data, something that could stand out and break an attacker's cover.
On the other hand, MAGNETO works with the help of an Android app installed on a regular smartphone (low-cost magnetometers embedded in modern smartphones), and an attack with this method of exfiltration will be harder to detect, as most users carry a smartphone everywhere they go these days.
Post a Comment
Post a Comment