A feasibility study of radio-frequency retroreflector attack

Satohiro Wakabayashi, Seita Maruyama, Tatsuya Mori, Shigeki Goto, Masahiro Kinugawa, Yu ichi Hayashi

Research output: Contribution to conferencePaperpeer-review

1 Citation (Scopus)

Abstract

Radio-frequency (RF) retroreflector attack (RFRA) is an active electromagnetic side-channel attack that aims to leak the target’s internal signals by irradiating the targeted device with a radio wave, where an attacker has embedded a malicious circuit (RF retroreflector) in the device in advance. As the retroreflector consists of small and cheap electrical elements, such as a field-effect transistor (FET) chip and a wire that can work as a dipole antenna, the reflector can be embedded into various kinds of electric devices that carry unencrypted, sensitive information;, e.g., keyboard, display monitor, microphone, speaker, USB, and so on. Only a few studies have addressed the RFRA. However, they did not evaluate the conditions for a successful attack scientifically, and therefore, assessing the feasibility of the RFRA remains an open issue. In the present study, we aim to evaluate the conditions for a successful RFRA, empirically, through extensive experiments. Understanding attack limitations should help to develop effective countermeasures against it. In particular, as the conditions for a successful attack, we studied the distance between the attacker and the target, and the target signal frequencies. Through the extensive experiments, using off-the-shelf hardware, including software-defined radio (SDR) equipment, we revealed that the required conditions for a successful attack are (1) up to a 10-Mbps of a target signal and (2) up to a distance of 10 meters. We also demonstrated that a USB keyboard, using USB low-speed (1.5 Mbps), is attackable, and we succeeded to eavesdrop typing. We conclude that the RFRA threat is realistic.

Original languageEnglish
Publication statusPublished - 2018
Event12th USENIX Workshop on Offensive Technologies, WOOT 2018, co-located with USENIX Security 2018 - Baltimore, United States
Duration: 2018 Aug 132018 Aug 14

Conference

Conference12th USENIX Workshop on Offensive Technologies, WOOT 2018, co-located with USENIX Security 2018
CountryUnited States
CityBaltimore
Period18/8/1318/8/14

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Hardware and Architecture
  • Information Systems
  • Software

Fingerprint Dive into the research topics of 'A feasibility study of radio-frequency retroreflector attack'. Together they form a unique fingerprint.

Cite this