This crafty tool can eavesdrop on 6G wireless signals

dan / Getty Images

Featured eBooks
The State of Trust in Government
Cybersecurity in State and Local Government
Building Data Literacy in the State and Local Workforce
By Jade Boyd-Rice,
Futurity
 

Connecting state and local government leaders

By Jade Boyd-Rice ,
Futurity

|

With a tool made out of simple materials like office paper and a metallic foil transfer, attackers can listen in on 6G transmissions between two users, researchers said.

Hackers could make a tool to eavesdrop on some 6G wireless signals with just office paper, an inkjet printer, a metallic foil transfer, and a laminator.

The researchers who discovered the wireless security hack presented their findings and demonstrated the attack in San Antonio at ACM WiSec 2022, the Association for Computing Machinery’s annual conference on security and privacy in wireless and mobile networks.

“Awareness of a future threat is the first step to counter that threat,” says study coauthor Edward Knightly, professor of electrical and computer engineering at Rice University. “The frequencies that are vulnerable to this attack aren’t in use yet, but they are coming and we need to be prepared.”

‘Metasurface in the middle’

In the study, Knightly, Brown University engineering professor Daniel Mittleman, and colleagues showed an attacker could easily make a sheet of office paper covered with 2D foil symbols—a metasurface—and use it to redirect part of a 150 gigahertz” pencil beam” transmission between two users.

They dubbed the attack “Metasurface-in-the-Middle” as a nod to both the hacker’s tool and the way it is wielded. Metasurfaces are thin sheets of material with patterned designs that manipulate light or electromagnetic waves.” Man-in-the-middle” is a computer security industry classification for attacks in which an adversary secretly inserts themself between two parties.

The 150 gigahertz frequency is higher than is used in today’s 5G cellular or Wi-Fi networks. But Knightly says wireless carriers are looking to roll out 150 gigahertz and similar frequencies known as terahertz waves or millimeter waves over the next decade.

“Next-generation wireless will use high frequencies and pencil beams to support wide-band applications like virtual reality and autonomous vehicles,” says Knightly, who will present the research with coauthor Zhambyl Shaikhanov, a graduate student in his lab.

How the attack would work

In the study, the researchers use the names Alice and Bob to refer to the two people whose communications are hacked. The eavesdropper is called Eve.

To mount the attack, Eve first designs a metasurface that will diffract a portion of the tight-beam signal to her location. For the demonstration, the researchers designed a pattern with hundreds of rows of split rings. Each looks like the letter C, but they are not identical. The open part of each ring varies in size and orientation.

“Those openings and orientations are very specifically done to get the signal to diffract in the exact direction Eve wants,” Shaikhanov says. “After she designs the metasurface, she prints it on a regular laser printer, and then she uses a hot stamping technique that’s used in crafting. She places a metal foil on the printed paper, feeds it through a laminator and the heat and pressure create a bond between the metal and the toner.”

Mittleman and study coauthor Hichem Guerboukha, a postdoctoral research fellow at Brown, show in a 2021 study that the hot-stamping method could be used to make split-ring metasurfaces with resonances up to 550 GHz.

“We developed this approach in order to lower the barrier for fabrication of metasurfaces, so that researchers could test many different designs quickly and inexpensively,” Mittleman says. “Of course, this lowers the barrier for eavesdroppers too.”

Better to know this now than later

The researchers say they hope the study will dispel a common misperception in the wireless industry that higher frequencies are inherently secure.

“People have been quoted saying millimeter-wave frequencies are ‘covert’ and ‘highly confidential’ and that they ‘provide security,'” Shaikhanov says. “The thinking is, ‘If you have a super narrow beam, nobody can eavesdrop on the signal because they would have to physically get between the transmitter and the receiver.’ What we’ve shown is that Eve doesn’t have to be obtrusive to mount this attack.”

The research shows that the attack would be difficult for Alice or Bob to detect today. And while the metasurface must be placed between Alice and Bob, “it could be hidden in the environment,” Knightly says. “You could conceal it with other sheets of paper, for instance.”

Knightly says now that wireless researchers and equipment manufacturers know about the attack, they can further study it, develop detection systems, and build those into terahertz networks up front.

“If we had known from day one, when the internet first came out, that there would be denial-of-service attacks and attempts to take down web servers, we would have designed it differently,” Knightly says. “If you build first, wait for attacks, and then try to repair, that is a much more costly and expensive path than designing securely up front.”

“Millimeter-wave frequencies and metasurfaces are new technologies that can each be used to advance communication, but any time we get a new capability for communication we have to ask the question, ‘What if the adversary has this technology? What new capabilities will it give them that they didn’t have in the past? And how can we realize a secure network against a strong adversary?'”

Support for the research came from Cisco, Intel, the National Science Foundation, and the Army Research Laboratory.

This article was originally published in Futurity. It has been republished under the Attribution 4.0 International license.

NEXT STORY: Nonprogrammers are building more of the world’s software – a computer scientist explains ‘no-code’

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.