How your washing machine can steal computer files

ang cui
This is Red Balloon Security chief scientist Ang Cui. His hacked printer now emits radio waves to his antennae.

Imagine hackers stealing top secret files from a military base. Except they don’t need the Internet to pull data out of the facility’s computers. Instead, they can just infect an office printer and — with software alone — turn it into a radio.

This sounds like sci-fi, but it’s now possible. Security researchers at a Manhattan startup have discovered how to make any modern device — printer, washing machine, air conditioner — broadcast invisible, inaudible signals for miles.

That’s a game changer — and a huge step forward for hackers.

The rapidly expanding $77 billion cybersecurity industry is all about guarding computer networks. Companies and governments buy products to stay protected. But they keep running out of effective defensive options.

Keep out the hackers! Wait, they got in? Limit access! Wait, they grabbed the files? Don’t let them escape!

That’s where Ang Cui and his team of bright researchers come in. They found a way to sneak data out of a computer network without setting off any alarms. It’s groundbreaking research, because it also hints at the ability to steal data from computers that aren’t even connected to the Internet, like those at nuclear facilities.

Last week, the team at Red Balloon Security demonstrated how it works to several news reporters.

They infected a Pantum laser printer and toyed with its circuits, making it do something it was never meant to. By quickly switching a chip’s energy output back and forth, the printer emits electromagnetic radiation.

Do it real slow? You can actually hear a funky tune. Crank it way up? You get radio waves. Highs and lows become 1s and 0s — computer code.

The Red Balloon team calls it a “funtenna.”

It’s an incredibly slow stream of information. Think a single letter per second. But thick cables — like those attached to servers in massive computer rooms — serve as a sort of amplifier. That means, perversely, this theft is most effective at pulling data out of computers that house lots of it.

“You have network detection, firewalls… but this transmits data in a way that none of those things are monitoring,” Cui said. “This fundamentally challenges how certain we can be of our network security.”

In fact, one of the only ways to detect this highly advanced tactic is by walking around with an AM radio. If you get near a device and the radio static is interrupted by loud beeping, it’s secretly transmitting radio signals.

Cui will present his findings at the Black Hat hacker conference in Las Vegas on Wednesday.

This is what a hacker sees when stealing information using a “funtenna.” The dashes at the bottom is the incoming data, 1s and 0s.   @Jose_Pagliery

Begin or advance your IT Security career by attending Security Certification Courses with CED Solutions!

Protect your systems and networks with the knowledge gained from the new Cisco Course: Cyber Security Specialist (8/10 to 8/14, 9/14 to 9/18); ISC2 Official CISSP course (8/24 to 8/29) and attend our Security Certified Ethical Hacking course (8/31 to 9/4), our ( Computer Hacking Forensics Investigator course (10/26 to 10/30) and Security ESCA/LPT course (11/2 to 11/6) !

Share this post