快猫短视频

Hackers can steal data by messing with a computer’s processor

Software that has been blocked from connecting to the internet should be secure from hacking attempts, but now researchers have found a way to sneak data out by varying the speed of the computer's processor
Watch out 鈥 hackers have a new way to get at your data
Shutterstock Copyright: solarseven/Shutterstock

Hackers could extract information from software that has been banned from connecting to the internet, by adjusting the speed of a computer鈥檚 processor up or down and encoding data in the fluctuations. Details of these fluctuations could then be accessed remotely, circumventing the ban.

Some computers handle such sensitive tasks that they are separated from the internet entirely to avoid hacks 鈥 a precaution known as air-gapping. But an attacker who manages to install malware on a machine like this using an infected USB stick can extract data from the computer with cunning techniques like transmitting ultrasonic noise containing encoded data via speakers.

at Boise State University in Idaho and his colleagues worked on a similar problem, where the computer isn鈥檛 air-gapped, but certain sensitive applications are prevented from accessing the internet, while benign applications are allowed to function normally. For example, imagine an app used by bank staff to view customer accounts, which is banned from internet access by a firewall, while the browser and email can work as usual.

To maintain security, such applications are carefully designed to have no direct way of passing data between them. But Alam says that a malevolent insider, or perhaps cunning malware, could trick these apps into communicating in the background by encoding data in tiny fluctuations in processing power, allowing the insecure app to transmit data to remote hackers.

In particular, Alam used a feature in Intel processors that allows the chip to be slowed to save power or sped up to handle intense tasks. In experiments, the researchers were able to encode and transmit 55.24 bits per second from one app to another 鈥 enough to encode around seven characters of text per second.

Alam says that it is likely that any system designed to prevent attacks can be tricked in some way, and that security will remain a cat-and-mouse game between hackers and system designers.

鈥淚 think it鈥檚 impossible to create a completely secure system,鈥 says Alam. 鈥淎ll we can do is make it harder for attackers to succeed. Once they catch up, we need to strengthen our defences again. It鈥檚 a continuous cycle.鈥

An Intel spokesperson told 快猫短视频 that no steps would be taken to fix the issue.聽鈥淭he paper appears to describe a potential method that could only be utilised by an attacker who has privileged access to the system they are attacking. In this kind of situation, the system would already be compromised. As such, we have no plans to address the issues described in the paper,鈥 they said.

Reference

arXiv

Topics: Hacking