A recent experiment by a researcher would force you to reconsider the safety of your important data and make you put a meshed shield around your computers and data centres to stop the radio frequencies from passing.
A researcher named Ang Cui demonstrated that there’s a possibility to remotely steal data from a targeted computer without gaining any physical access to the target computer, or to the network connected with the target computer. He codenamed this innovative hack as ‘Funtenna’.
This inventive hack can transform any device or hardware, let’s say printer or scanner, connected to the Internet – part of the Internet of Things (IoT) – into a radio frequency transmitter capable of transmitting data out of a computer network, by using unnoticeable sound waves, over to an AM radio receiver located short distance away.
Ang Cui, a PhD student of Intrusion Detection Systems Laboratory at Columbia University, describes this hack as:
“Software payload that intentionally causes its host hardware to act as an improvised RF transmitter using existing hardware, which are typically not designed for electromagnetic emanation.”
How Funtenna Works
Fundamentally, Funtenna works by transforming an infected device or hardware into a transmitter. Then those transmitted RF signals are received by a software controlled radio receiver.
Comprehensively, Funtenna is a method that allows a spy to infect a device or hardware by infecting it with a malware. Those devices could be anything, from a printer to an office phone. Once infected, the internal components and wires of the device can be transformed into a transmitter to transmit radiofrequency.
Then the hacker can force the infected device to produce radio frequencies that can be used to transmit or leak data from the computer or hardware. These produced RF signals can then be received by an AM radio antenna that is further connected to a software controlled radio receiver.
The software controlled radio receiver can be any device specifically programmed to send and receive various radio frequencies while being completely dependent upon the software instead of hardware.
For demo purpose, Cui infected a wireless printer with the malicious code to make it act as a transmitter. But this same technique could be used with other devices including laptop or computer system. Now the researcher can force the hacked device to produce ultrasounds and radio signals that can be modified to silently transmit data out of the printer to the nearby receiver located outside the office block.
Cui, while explaining his hacking method, said:
“[It is a] much more attractive way to go about [transmitting the data] because instead of having a physical implant and the need to illuminate the thing with a radar gun with direct line of sight, you can send software into machine, transmit data out, and if you want to erase your presence you just delete the software.”
The Practical Usage of Funtenna
To get into the local network of any data centre or office, Funtenna can be used to infect network-connected printer located inside the office building, which then further be used to communicate with other devices like computer or laptop to capture and leak valuable data. Then that data would be transferred back to the infected printer and transmitted to the radio receiver via radio frequency.
Similarly, spies or hackers can eavesdrop onto the office communication system by compromising the office phone and collecting the microphone data.
The Black Hat page of this researcher describes this hack as:
“Funtenna is an advancement of current state-of-the-art covert wireless exfiltration technologies. Specifically, Funtenna offers comparable exfiltration capabilities to RF-based retro-reflectors, but can be realized without the need for physical implantation and illumination.”
Demo Video of Funtenna
If you have any knowledge about the sending and receiving of radio-frequency signals then do watch the demo video to learn about the working of Funtenna.
Ang Cui has planned to present and brief about his invention of Funtenna at the Black Hat Hacking Conference that is scheduled for Friday, August 7th in Las Vegas.
Report corrections to firstname.lastname@example.org