Computers housing the world’s most sensitive data are usually “air-gapped” or isolated from the internet. They’re also not connected to other systems that are internet-connected, and their Bluetooth feature is disabled, too. Sometimes, workers are not even allowed to bring mobile phones within range of the computers. All of this is done to keep important data out of the hands of remote hackers.
But these security measures may be futile in the face of a new technique researchers in Israel have developed for stealthily extracting sensitive data from isolated machines—using radio frequency signals and a mobile phone.
The attack recalls a method the NSA has been secretly using for at least six years to siphon data in a similar manner. An NSA catalogue of spy tools leaked online last year describes systems that use radio frequency signals to remotely siphon data from air-gapped machines using transceivers—a combination receiver and transmitter—attached to or embedded in the computer instead of a mobile phone. The spy agency has reportedly used the method in China, Russia and even Iran. But the exact technique for doing this has never been revealed.
The researchers in Israel make no claims that theirs is the method used by the NSA, but Dudu Mimran, chief technology officer at the Israeli lab behind the research, acknowledges that if student researchers have discovered a method for using radio signals to extract data from hard-to-reach systems, professionals with more experience and resources likely have discovered it, too.
“We are doing research way behind people [like that],” he told WIRED. “The people who are doing that are getting a lot of money and are doing that [full time].”
Dubbed “AirHopper” by the researchers at Cyber Security Labs at Ben Gurion University, the proof-of-concept technique allows hackers and spies to surreptitiously siphon passwords and other data from an infected computer using radio signals generated and transmitted by the computer and received by a mobile phone. The research was conducted by Mordechai Guri, Gabi Kedma, Assaf Kachlon, and overseen by their advisor Yuval Elovici.
The attack borrows in part from previous research showing how radio signals (.pdf) can be generated by a computer’s video card (.pdf). The researchers in Israel have developed malware that exploits this vulnerability by generating radio signals that can transmit modulated data that is then received and decoded by the FM radio receiver built into mobile phones. FM receivers come installed in many mobile phones as an emergency backup, in part, for receiving radio transmissions when the internet and cell networks are down. Using this function, however, attackers can turn a ubiquitous and seemingly innocuous device into an ingenious spy tool. Though a company or agency may think it has protected its air-gapped network by detaching it from the outside world, the mobile phones on employee desktops and in their pockets still provide attackers with a vector to reach classified and other sensitive data.
The researchers tested two methods for transmitting digital data over audio signals but Audio Frequency-Shift Keying (A-FSK) turned out to be the most effective.
“[E]ach letter or character was keyed with different audio frequency,” they note in a paper released last week (.pdf) that describes their technique. “Using less than 40 distinct audio frequencies, we were able to encode simple textual data—both alphabetical and numerical. This method is very effective for transmitting short textual massages such as identifiers, key-stroking, keep-alive messages and notifications.”
The data can be picked up by a mobile phone up to 23 feet away and then transmitted over Wi-Fi or a cellular network to an attacker’s command-and-control server. The victim’s own mobile phone can be used to receive and transmit the stolen data, or an attacker lurking outside an office or lab can use his own phone to pick up the transmission.
“With appropriate software, compatible radio signals can be produced by a compromised computer, utilizing the electromagnetic radiation associated with the video display adapter,” the researchers write. “This combination, of a transmitter with a widely used mobile receiver, creates a potential covert channel that is not being monitored by ordinary security instrumentation.”
No comments:
Post a Comment