Researchers breakthrough Air-Gapped Computer with a Basic Cell Phone

By CIOReview | Tuesday, August 11, 2015

FREMONT, CA: Cyber security is under constant threat as hackers find innovative ways to breach the network. The latest research sheds light on bypassing the most relied and sophisticated security, Air-gapped computers. Sensitive work environments such as nuclear power plants demand highest security to protect their confidential data. Security is therefore achieved using air-gapping computers. Employees and visitors are restricted from using USB devices in the computers. Smartphones with camera are also not welcome, reports Kim Zetter for Wired.

The latest finding bypasses all these protections using the GSM network, electromagnetic waves and a basic low-end mobile phone. The researchers were successful in extracting data from air-gapped systems and say it serves as a warning to defense companies and others to relook into their security guidelines to ensure the restriction of devices capable of intersecting RF signals, says Yuval Elovici, Director, Cyber Security Research Center, Ben-Gurion University of the Negev.

The research builds on a previous attack the academics devised earlier using a smartphone to wirelessly extract data from air-gapped computers. The latest experiment uses a different method for transmitting the data and infiltrates environments where even smartphones are restricted. The attack requires both the targeted computer and the mobile phone to have malware installed on them. Once installed the attack exploits the natural capabilities of each device to exfiltrate data.

Computers naturally emit electromagnetic radiation during their normal operation and cell phones posses the ability to receive such signals. These two factors combined create an “invitation for attackers seeking to exfiltrate data over a covert channel,” the researchers write in a paper about their findings. Though the attack permits only a small amount of data to be extracted to a nearby phone, it’s enough to allow to exfiltrate passwords or even encryption keys in a minute or two, depending on the length of the password.

An attacker can siphon data from a distance of 30 meters using a dedicated receiver. Though the first threat can be mitigated by restricting the use of mobile phones, but to counter an attack from a dedicated receiver would require installing insulated partitions.

Based on their previous knowledge, the researchers have built a malware called GSMem, which exploits data swindling by forcing the computer’s memory bus to act as an antenna and transmit data wirelessly to a phone over cellular frequencies.

“This is not a scenario where you can leak out megabytes of documents, but today sensitive data is usually locked down by smaller amounts of data,” says DuduMimran, CTO of the Cyber Security Research Center. “So if you can get the RSA private key, you’re breaking a lot of things,” reports Wired.