Download our Guide to Penetration Testing to learn everything you need to know to successfully plan, scope and execute your penetration testing projects
While many IT security professionals are tasked with understanding the high-level implementation of IT technology stacks such as source code, network configurations, and access controls, some hackers take a completely different approach to exploitation. Side-channel attacks leverage the low-level physical properties of technology rather than the high-level implementation.
A revolutionary talk from Samy Kamkar at DECFON 2024 exposes novel hacks that exploit the most fundamental aspect of computers: electromagneticism. As a child in the 1990s, when the Internet was still in its infancy, Samy was hacked in an IRC chatroom. So, from a young age, Kamkar's desire to understand computer exploitation in a holistic way has driven him to look deeply into digital technologies looking for flaws.
In this article, we will review his approach to understanding computers at the most fundamental level of electromagnetic radiation, and how he combined this understanding with a hacker-mindset to find novel and groundbreaking exploits.
In his 46-minute presentation, Kamkar excitedly delves into advanced espionage techniques that leverage various forms of energy transmission—such as infrared, visible, and ultraviolet light, radio waves, ultrasound and audible sound, and temperature fluctuations—to manipulate devices, extract information from air-gapped systems, and achieve surveillance that could only be described as cutting edge espionage. His presentation also provides a comprehensive overview of the physical properties that underpin the interaction between these energy forms.
At the start of the talk - Kamkar discusses the relationship between energy, power and information. This idea is the premise for power-based side-channel attacks. As computers require different levels of electricity to compute different equations, this electricity usage can be monitored and analysed. Various forms of energy transmission—such as infrared, visible, and ultraviolet light, radio waves, ultrasound, mechanical vibrations, and temperature fluctuations—can interact with each other in various ways to allow extraction of information from air-gapped systems and also potentially inducing actions on digital devices without physically touching them.
When a keyboard operates, its electrical circuit generates and emits an electromagnetic field as a byproduct of the current flow within its internal electronics. This EMI propagates into a nearby environment and can also be impacted by targeted EMI pulses.
Introducing a high-energy, time-varying electromagnetic field near the keyboard can trigger currents in its circuit through electrical resonance, mimicking legitimate key presses or disrupting normal operation. Essentially, specific frequencies of electromagnetic interference (EMI) can trigger specific keys on the keyboard due to the different length of copper circuits between the keys and the controller.
In the presentation, the speaker discussed monitor-based attacks, focusing on how cathode ray tube (CRT) displays emit radio frequency (RF) signals that can be exploited for surveillance purposes. This technique takes advantage of the electromagnetic emissions generated during the operation of CRT monitors to exfiltrate and reproduce displayed content remotely.
Essentially, because monitors emit the signals used to transfer information onto the screen as radio waves, the screen's contents can be monitored from within proximity of the radio signal.
In the presentation, Kamkar discussed his project magspoof that leveraged the vulnerabilities of magnetic stripe technology used in credit cards and demonstrated how black iron oxide (a component of magnetic recording materials) could be exploited to manipulate or clone data stored on these cards.
His explanation included an explanation of how security settings on a card could be altered to bypass security mechanisms that require the card to be inserted rather than swiped or tapped. He also showcased his low-cost DIY tool that could interact with payment devices using radio-frequency.
Kamkar discussed previous research that served a basis for some of his audible and ultra-sound (inaudible) audio-based side channel attacks. For example, researchers from Tel Aviv University achieved RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis. This led him to explore the possibilities of monitoring acoustic anomalies with light—intercepting keystrokes through glass windows using laser technology. His implementation and research drew from a previous BlackHat talk titled Sniffing keystrokes with Lasers and Voltmenters that reflected a laser off a laptop to detect keystrokes.
By directing an invisible infrared laser at a window from a distance, he showcases the ability to detect vibrations caused by sound waves, which are then analyzed to reconstruct the captured information. Kamkar outlines the challenges he overcame to distinguish meaningful signals from background noise and provides practical knowledge on how electromagnetic radiation can be both intercepted and injected into target systems.
Samy Kamkar's talk at DEFCON 2024 "Optical Espionage: Using Lasers to Hear Keystrokes Through Glass Windows" was designed to impart hands-on insights into state-of-the-art side-channel attacks and surveillance methods, making them more accessible to a broad audience interested in understanding and defending against such espionage techniques. The talk helps solidify an understanding of the relationship between different physical properties of light and electricity, electromagnetic interference, radio, and sound waves.
The presentation is highly recommended for those looking to expand their understanding of the foundational laws of physics used by technology and the wide scope of exploitable techniques for use in ethical hacking scenarios.
Share your details, and a member of our team will be in touch soon.
Explore in-depth resources from our ethical hackers to assist you and your team’s cyber-related decisions.
September 13 - Blog
Knowing is half the battle, and the use and abuse of common frameworks shed insight into what defenders need to do to build defense in depth.
November 19 - Blog
The top cybersecurity statistics for 2024 can help inform your organization's security strategies for 2025 and beyond. Learn more today.
October 24 - Blog
Packetlabs is thrilled to have been a part of SecTor 2024. Learn more about our top takeaway's from this year's Black Hat event.
© 2024 Packetlabs. All rights reserved.