Saturday, November 01, 2014

AirHopper Jumps The Air Gap

When people, companies or governments wants to isolate their computers from hackers or other bad people or to be anti-surveillance, usually they create an "air gap". Air Gap is usually a computer devoid of any network connection, be it wired, wireless or on GSM/LTE phone tethered to the computer. Air Gap will keep the bad guys off the computer. but the will it?

We have heard about hackers and surveillance measures using radio and emf produced by monitors and computers. like infamous Tempest but new technology is in town now, AirHopper.

This week a proof-of-concept malware developed by researchers at the Ben Gurion University in Israel was presented at MalCon 2014,
"AirHopper: Bridging the Air Gap between Isolated Networks and Mobile Phones using Radio Frequencies",
that an attacker can transmit sensitive information from isolated computers to nearby mobile phones by using radio signals.
Abstract of the Papaer;
Mordechai Guri, Gabi Kedma, Assaf Kachlon, Yuval Elovici,
Department of Information Systems Engineering, Ben Gurion University
Information is the most critical asset of modern organizations, and accordingly coveted by adversaries. When highly sensitive data is involved, an organization may resort to air gap isolation, in which there is no networking connection between the inner network and the external world. While infiltrating an air-gapped network has been proven feasible in recent years (e.g.,Stuxnet), data ex-filtration from an air-gapped network is still considered to be one of the most challenging phases of an advanced cyber attack

In this paper we present "AirHopper", a bifurcated malware that bridges the air gap between an isolated network and nearby infected mobile phones using FM signals. While it is known that software can intentionally create radio emissions from a video display unit, this is the first time that mobile phones are considered in an attack model as the intended receivers of maliciously crafted radio signals. We examine the attack model and its limitations, and discuss implementation considerations such as stealth and modulation methods. Finally, we evaluate AirHopper and demonstrate how textual and binary data can be ex-filtrated from physically isolated computer to mobile phones at a distance of 1 - 7 meters, with effective bandwidth of 13-60 Bps (Bytes per second).
Ben Gurion University.

No comments: