‘Funtenna’ hack turns IoT devices into radios
The software-based hack – called "Funtenna" – causes an infected computing device to broadcast data via a radio backchannel (or even audio frequencies) to attackers who can monitor it without using standard wireless communication protocols like Wi-Fi and Bluetooth. Using just seven lines of code, the researchers, from security startup Red Balloon Security (New York, NY), were able to turn an otherwise unmodified laser printer into a radio transmitter by rapidly switching the power state of the printer’s I/O ports (see video demo (2:13) below):
Funtenna Demo: Data Exfiltration Using Malware Induced Compromising Emanation from Red Balloon Security on Vimeo.
The resulting modulated radio signal was broadcast via the wiring and components associated with the printer’s I/O circuitry and connections. The GPIO connections, which had relatively short wires, resulted in a radio transmission of a few meters while the printer’s UART output, which had a 10-foot cable, generated a signal that could be received outside of the building.
According to the researchers, who presented their "Funtenna" proof of concept at last week’s Black Hat conference, the same type of attack could be used on almost any IoT device, or devices with onboard computing like network routers. The only real defense against such attacks, they say, needs to be host based and built into embedded devices.
"A network [intrusion detection system] is no substitute for host-based defense," says Ang Cui, chief scientist at Red Balloon Security. "You could monitor every known spectrum, but it would be very expensive and may not work. The best way is to have host-based defense baked into every embedded device."
Red Balloon Security: www.redballoonsecurity.com