Why is RF shielding so important?

In a word: Exploits

Using RF and EMI interference and frequencies has been used in denial of service attacks designed to cause equipment reboots, failures, and other behaviors.  Now, RF and EMI from unshielded cables has been used as a data exfiltration method to remotely steal sensitive data.  Below are three examples showing just how real the danger of RF/EMI-based data exfiltration and system compromise is. In each of these example cases, the data exfiltration took place on PCs that were on air-gapped networks (air-gapped means that the computers in question were not connected to the internet). Air-gapped networks are regularly used by Government agencies, financial institutions, utilities companies, and any businesses that have sensitive information.

Example 1:

A researcher has shown how to extract data from computers by manipulating the power supplies to generate radio waves.  The radio waves can then be received and interpreted via a nearby smartphone. The types of data that were demonstrably exfiltrated were keystrokes, passwords, and entire documents.  

Read the full story here.

Example 2:

A researcher has shown how to extract information by turning unshielded ethernet cables into antennas by pulsating frequencies via the network adapter, converting the pulses into data, allowing a remote device to receive the information.

The cables used in areas/environments where wireless signals are expressly disallowed for security reasons, ironically became the very transmission medium of the wireless signals facilitating the data exfiltration.

Read the full story here.

Example 3:

Researchers have discovered an entire framework designed to install malware designed to exfiltrate data from air-gapped networks.  The malware is designed to install via any one of a number of existing avenues including; through well-known and widely used word processing applications and other office productivity software. 

Read the full story here.

 

If the methods and exploits that allow these sorts of attacks are this widely publicized, it is logical to assume that there are less well-known and more advanced attack methods and exploits available.

In the real world, it would be easy to gain access to sensitive equipment for any length of time.  Access to a voting machine, a computer in a doctor's office or in a flex or coworking spaces, or even a telephone for long enough to compromise the hardware would be fairly easy. Voting information, sensitive personal information (including patient data), or sensitive corporate information, could all be remotely stolen by someone waiting in a hallway with a smartphone.  

When one considers the number of people with computers that do not receive regular security patching, the possibility of remotely installing malware via public wifi through a software bug or security flaw, the potential for information theft is nothing short of staggering.  The threat and danger that exists if exploits like the ones mentioned could be used, cannot be understated.

Despite how scary all the real-world example cases cited above are, adding shielded power and data cables is an effective risk reduction and mitigation strategy. In addition to offering risk reduction through physical security, ALL securecables.com cables use top-of-the-line bi-metal shielding as well as additional data cable shielding to minimize (or mitigate) the threats associated with RF and EMI exploits.