A group of security researchers have revealed frightening new ways in which criminals can steal data from computer systems.
Instead of breaking into the computer network via the Internet, hackers can simply infect an office printer and turn it into a radio using a piece of software. It sounds strange, but a Manhattan startup has demonstrated that it is certainly possible, writes Jose Pagliery for CNN Money.
New cybersecurity weakness exposed
The team is able to make devices such as printers, washing machines and air-conditioning units broadcast invisible, inaudible signals which can be picked up for miles around. Their method could lead to a new era for hackers.
Currently the cyber security industry is focused on preventing unauthorized access to computer networks. Despite advances in protective measures, hackers keep finding new loopholes to exploit.
Ang Cui and his team at Red Balloon Security may have opened up an entirely new cyber battlefield. Their method allows data to be stolen without setting off any warnings from cybersecurity systems, and can even pull data from computers that are not connected to the Internet, such as those at nuclear facilities.
The team demonstrated their method by infecting a Pantum laser printer and modifying its circuits so that it emitted electromagnetic radiation. By quickly switching the energy output back and forth, the printer can be made to emit radio waves that can transmit information.
Computer security breach can be detected using AM radio
The stream of information emitted by the printer is slow, at around one letter per second, but this rate is increased by the presence of thick server cables. The cables amplify the information stream, meaning it can steal more information from huge computer rooms which contain lots of data.
“You have network detection, firewalls… but this transmits data in a way that none of those things are monitoring,” Cui said. “This fundamentally challenges how certain we can be of our network security.”
One of the few methods of detecting a hack of this kind is decidedly retro. By walking around your devices with an AM radio in hand, you can monitor whether the radio static is interspersed by a loud beeping noise. If so, the device is secretly transmitting radio signals.
Cui and his team at Red Balloon are set to present their research at the Black Hat hacking conference this week. The implications for cyber security could be huge.