In a new type of computer attack, cyber thieves are targeting computers being used at coffee shops or other public spaces. Surprisingly, users don't even have to be connected to wifi to be affected.
What's more, researchers warn smartphones may be even more vulnerable.
The thieves look for sources of low power "leaks" that can let out information from your computer or smartphone, including your online activity, passwords and other personal information. The leaks are similar to so-called "leaky cable" transmissions, also known as Part 15. It takes a "side channel" intercept, through a receiver that monitors and records information, to steal sensitive information from your computer. Experts say that in some cases, this can be done by using an AM or FM receiver.
Researchers at the Georgia Institute of Technology are investigating where these information "leaks" originate so they can help hardware and software designers develop strategies to plug them. Luckily, they have made some progress by developing a metric used to measure the strength of the leaks to help prioritize security efforts.
"People are focused on security for the Internet and on the wireless communication side, but we are concerned with what can be learned from your computer without it intentionally sending anything," Alenka Zajic, an assistant professor in Georgia Tech's School of Electrical and Computer Engineering, said in a press release. "Even if you have the Internet disabled, you are still emanating information that somebody could use to attack your computer or smartphone."
These side-channel emissions can be measured several feet away from a computer using a variety of spying methods. For example, electromagnetic emissions can be received using antennas hidden in a briefcase, the researchers warn. Acoustic emissions could be picked up by microphones hidden beneath tables.
While the potential risk of side-channel emissions have been reported over the years, it has never been studied with the level of detail that Georgia Tech researchers are currently involved in. The group is measuring which devices leak the most and how makers could redesign them to avoid this from being a major problem in the future, especially as hackers get more advanced in their actions.
Researchers emphasize that because the spying is passive and emits no signals itself, users of computers or smartphones would not know they are being spied on.
Of course, individuals should still, however, pay close attention to those around them and take note of any suspicious people or behaviors. If your instinct tells you something seems off, you should err on the side of caution and turn off your devices— since these leaks are only possible to tap into when your devices are on.