Team urges new protections after discovering computer-hack vulnerability

A team led by Clemson University has discovered a new way of stealing information from multiple computers at the same time, underscoring the need for industry to devise safeguards, researchers said.

Researchers have long known it is possible for hackers to intercept memory electromagnetic radiation emitted by computers and then decode it to extract potentially sensitive information. The Clemson-led team took the work a step further, demonstrating for the first time that the method could be used to hack multiple computers simultaneously.

The team further showed, also for the first time, the feasibility of doing it not only in a controlled laboratory setting but in an environment that more closely resembles an office.

Linke Guo, an associate professor in Clemson's Holcombe Department of Electrical and Computer Engineering, said the team published its findings as a warning and so that countermeasures can be developed.

"People need to realize this could be a threat and somebody should take measures to mitigate it," he said. "For example, those who develop memory and motherboard technologies should take this into consideration."

The team detailed its findings in a paper that was published in June at ACM MobiSys, a top conference on mobile systems, applications and services. The paper was well received at the conference, which was held this year in Tokyo, Guo said.

The first author was Sihan Yu, who will receive his Ph.D. in electrical and computer engineering from Clemson in August and has secured a position as an assistant professor in the Computer Science Department at Rowan University. Guo, who was Yu's advisor, served as corresponding author.

"This paper has been very important to me," Yu said. "When I entered my Ph.D. program, I had a dream of becoming a professor, and I was able to secure my first faculty job because the paper was accepted by a top conference. It wasn't even necessary for me to do a postdoc first."

Researchers said the hack would begin by installing malware that causes computers to generate electromagnetic signals, usually containing sensitive encoded information. It can be received by desktop computer, laptop or smartphone connected to a software-defined radio. The receiver can be in the same room or one adjacent.

The team showed it is possible for the computer that is sending the information and the receiver to be separated by as much as 20 meters, which is equivalent to nearly 22 yards.

Crucial to the project was Yu's expertise in parallel communication.

Hacking multiple computers at once using memory electromagnetic radiation is hard because colliding signals from each of the computers make it difficult to distinguish and decode each one's data accurately.

Parallel communication solves this by processing multiple signals simultaneously, using advanced algorithms to separate and interpret the colliding signals efficiently. This enhances the ability to extract information from multiple sources without significant loss of accuracy.

Researchers showed that the hack would be possible in an office-type setting, where electronic noise and physical obstacles would make it more difficult than in a lab. That possibility underscores the urgency to find new protections, they said.

The title of the paper is, "FreeEM: Uncovering Parallel Memory EMR Covert Communication in Volatile Environments." Click the link to read the full paper.

Co-authors in addition to Yu and Guo were Jingjing Fu, Chenxu Jiang, ChunChih Lin, Zhenkai Zhang, Long Cheng, all of Clemson; Ming Li of The University of Texas at Arlington; and Xiaonan Zhang of Florida State University.