Data Is Never Safe—Students in Philadelphia Just Proved It

A completely disconnected computer can transmit data without any kind of transmitter

GYEONGJU, SOUTH KOREA - DECEMBER 22: In this handout provided by the Korea Hydro and Nuclear Power Co., Workers of the Korea Hydro and Nuclear Power Co. participate in anti cyber attack exercise at Wolsong power plant on December 22, 2014 in Gyeongju, South Korea. The state-run nuclear power plant operator Korea Hydro and Nuclear Power Co (KHNP) ran simulation drills today to prepare for more cyber-attacks after their data were leaked on a blog and to a Twitter account under the profile "president of anti-nuclear reactor group." The identity of hacker remains unknown. (Photo by Korea Hydro and Nuclear Power Co. via Getty Images)
Just when you thought you were disconnected… (Photo: Korea Hydro and Nuclear Power / Getty Images)

With the right program on board, data can be transmitted out of a computer with no ethernet, no wi-fi, no intentional vein to the external world at all.

Sign Up For Our Daily Newsletter

By clicking submit, you agree to our <a rel="nofollow noreferer" href="">terms of service</a> and acknowledge we may use your information to send you emails, product samples, and promotions on this website and other properties. You can opt out anytime.

See all of our newsletters

A team at this weekend’s PennApps hackathon in Philadelphia wrote a computer program that made it possible to transmit data out of a completely unconnected computer, as Philly previously reported. The hack transmits data slowly and it doesn’t broadcast far, but it does it, showing that there’s always a way around any kind of security.

RAMEAR working at PennApps. (Photo: Emrehan Tüzün)
RAMEAR working at PennApps. (Photo: Emrehan Tüzün)


The team behind it, RAMEAR, won this year’s hackathon with its dark creation, at the student-run event that has been running since 2009.

“The hack is seen as scary because many computers within sensitive areas (imagine top-secret research labs in companies, etc.) are air-gapped, which is a word meaning they are not connected to any external network,” Fu Yong Quah, a member of the team that built the hack, told the Observer via email.  “Our program has to be on the computer in the first place—and this is definitely a large barrier, however it is not insurmountable. For example, an employee unknowingly taking in a USB stick with our code on, or the computer being infected at a low level when it is delivered to the laboratory.”

Plus, his colleague Rob Roy Fletcher added via email, “Unless you were specifically monitoring for that, you would never know.”

Here’s how they did it: computers naturally generate a certain amount of radio signal just by virtue of running electricity through wires. The team took advantage of this fact. “There are approximately 128 wires that are used to access the memory on most computers that are constantly in use. What we did was make the computer use them all at once to make the signal much stronger,” Mr. Fletcher explained.

“By controlling whether or not we’re ‘cranking it up’ we can send ones and zeros, which are the bread and butter of communication. So to send 101 – it would be ‘cranked up for 0.5 seconds’, ‘not cranked up for 0.5 seconds’, ‘cranked up for 0.5 seconds,'” Mr. Quah explained.

The receiver is an off-the-shelf software defined radio. It takes several seconds just to transmit “Hello world,” but it gets it done. It was not at all easy. The team explains on DevPost that they had to build a fairly complex signal processing algorithm, for example. Now, though, they have a prototype of that software working. In true hackathon spirit, the team explained exactly how they did it and shared their code with the world. Mr. Quah’s fellow students on the winning team included Mr. Fletcher, Emrehan Tüzün and Tom Hartley.

The students behind it built it just to see if they could, but now we all have to live in the world where we know anyone can.

UPDATE: Members of the Ramear team have written a detailed technical post about their project. January 26, 2016 8:58)

Data Is Never Safe—Students in Philadelphia Just Proved It