How Ebola Healthcare Workers Get Dressed

Thelma Kaime, age 36, gets ready to suit up and go into an isolation ward for Ebola patients in Monrovia, Liberia. She says loves working there because she saves lives. Glenna Gordon/Wall Street Journal

Thelma Kaime, age 36, gets ready to suit up and go into an isolation ward for Ebola patients in Monrovia, Liberia. She says loves working there because she saves lives.

Glenna Gordon/Wall Street Journal

Kaime puts on rubber gloves as the first step. Glenna Gordon/Wall Street Journal

Kaime puts on rubber gloves as the first step.

Glenna Gordon/Wall Street Journal

Next, Kaime puts on the pants of a Tyvek suit. Glenna Gordon/Wall Street Journal

Next, Kaime puts on the pants of a Tyvek suit.

Glenna Gordon/Wall Street Journal

Next Kaime puts on rubber boots. Glenna Gordon/Wall Street Journal

Next Kaime puts on rubber boots.

Glenna Gordon/Wall Street Journal

Kaime used to work at a hospital in a rural area of a country before taking a job as a health promoter at an NGO and then coming to work in an Ebola ward in Monrovia. Glenna Gordon/Wall Street Journal

Kaime used to work at a hospital in a rural area of a country before taking a job as a health promoter at an NGO and then coming to work in an Ebola ward in Monrovia.

Glenna Gordon/Wall Street Journal

Kaime lives in Paynseville, an area of Monrovia that has many cases of Ebola. She worries for her children and tells them that they need to play alone right now. Glenna Gordon/Wall Street Journal

Kaime lives in Paynseville, an area of Monrovia that has many cases of Ebola. She worries for her children and tells them that they need to play alone right now.

Glenna Gordon/Wall Street Journal

Kaime wears a face mask, goggles, and hair net. Glenna Gordon/Wall Street Journal

Kaime wears a face mask, goggles, and hair net.

Glenna Gordon/Wall Street Journal

The hood of the suit goes up next. Glenna Gordon/Wall Street Journal

The hood of the suit goes up next.

Glenna Gordon/Wall Street Journal

Kaime then puts on an additional, larger hood on top. Glenna Gordon/Wall Street Journal

Kaime then puts on an additional, larger hood on top.

Glenna Gordon/Wall Street Journal

As the final step, Kaime puts on an apron and an extra pair of gloves. Glenna Gordon/Wall Street Journal

As the final step, Kaime puts on an apron and an extra pair of gloves.

Glenna Gordon/Wall Street Journal

Mark Nyenti, a member of a burial team prepares to collect a body in New Kru Town, a suburb of Monrovia. Glenna Gordon/Wall Street Journal

Mark Nyenti, a member of a burial team prepares to collect a body in New Kru Town, a suburb of Monrovia.

Glenna Gordon/Wall Street Journal

Nyenti puts on gloves and boots as a first step. Glenna Gordon/Wall Street Journal

Nyenti puts on gloves and boots as a first step.

Glenna Gordon/Wall Street Journal

Then Nyenti puts on his mask. Glenna Gordon/Wall Street Journal

Then Nyenti puts on his mask.

Glenna Gordon/Wall Street Journal

A full-body Tyvek goes over Nyenti's scrubs. Glenna Gordon/Wall Street Journal

A full-body Tyvek goes over Nyenti's scrubs.

Glenna Gordon/Wall Street Journal

Next he puts on a pair of goggles and an apron. Glenna Gordon/Wall Street Journal

Next he puts on a pair of goggles and an apron.

Glenna Gordon/Wall Street Journal

The final step is a second pair of gloves. Glenna Gordon/Wall Street Journal

The final step is a second pair of gloves.

Glenna Gordon/Wall Street Journal

Sonnie Ville, a former office clerk at the Ministry of Foreign Affairs, was out of work when all non-essential staff were sent home because of Ebola. She took a job at MSF as a health promoter. Glenna Gordon/Wall Street Journal

Sonnie Ville, a former office clerk at the Ministry of Foreign Affairs, was out of work when all non-essential staff were sent home because of Ebola. She took a job at MSF as a health promoter.

Glenna Gordon/Wall Street Journal

Ville has been engaged for a year now, and says she will get married "after Ebola." As the first step to get ready to go talk to patients in an Ebola ward, Ville puts on rubber gloves. Glenna Gordon/Wall Street Journal

Ville has been engaged for a year now, and says she will get married "after Ebola." As the first step to get ready to go talk to patients in an Ebola ward, Ville puts on rubber gloves.

Glenna Gordon/Wall Street Journal

Next, Ville puts on a giant Tyvek suit. For three weeks, Ville lied to her mother, keeping her new job a secret. Glenna Gordon/Wall Street Journal

Next, Ville puts on a giant Tyvek suit. For three weeks, Ville lied to her mother, keeping her new job a secret.

Glenna Gordon/Wall Street Journal

Ville, who is 34 and has two children named Thomas and Solomon, worries about Ebola but does her work anyway. Here, she puts on a face mask. Glenna Gordon/Wall Street Journal

Ville, who is 34 and has two children named Thomas and Solomon, worries about Ebola but does her work anyway. Here, she puts on a face mask.

Glenna Gordon/Wall Street Journal

Ville explains how the disease works to patients and their family members, but most are too stressed to listen carefully. "You take it step by step and explain to them." Over her face mask and suit, Ville wears a giant white hood with cut outs for the eyes. Glenna Gordon/Wall Street Journal

Ville explains how the disease works to patients and their family members, but most are too stressed to listen carefully. "You take it step by step and explain to them." Over her face mask and suit, Ville wears a giant white hood with cut outs for the eyes.

Glenna Gordon/Wall Street Journal

The first day, Ville nearly quit. "I was so afraid," she says. "But I encouraged myself that I can make it." The next step is putting on a rubber apron. Glenna Gordon/Wall Street Journal

The first day, Ville nearly quit. "I was so afraid," she says. "But I encouraged myself that I can make it." The next step is putting on a rubber apron.

Glenna Gordon/Wall Street Journal

Finally, Ville puts on goggles and another pair of rubber gloves. Many elements of her outfit are secured with duct tape for an extra seal. "My people are dying, and if I go back home, more people will die." Glenna Gordon/Wall Street Journal

Finally, Ville puts on goggles and another pair of rubber gloves. Many elements of her outfit are secured with duct tape for an extra seal. "My people are dying, and if I go back home, more people will die."

Glenna Gordon/Wall Street Journal

Glenna Gordon‘s revealing portraits of African healthcare workers suiting up to combat Ebola are more than instructional. They are touching. By showing us the brave men and women beneath all that protective gear, she’s humanized the people risking their lives under trying conditions so others might live.

The photos, taken in Liberia and Sierra Leone, show the laborious process of donning the suits that must be worn while tending to the sick, the dying and the dead. Seeing volunteers add one layer of protection after another until only their eyes are visible underscores the risk they are taking. And by starting each series with a portrait of the person wearing only hospital scrubs, Gordon literally puts a face to the bravery.

“I think sometimes we become desensitized to stories like this,” the photographer says. “If you’ve seen one person in a hazmat suit, it’s like you’ve you seen 10. I wanted to make sure we remembered these are normal people who are volunteering to help. No one is being forced to go.”

Gordon spent September and early October in western Africa for the The Wall Street Journal . Her main assignment was photographing clinics and following burial teams, but it wasn’t long before she started shooting these portraits. Each photo in her series documents a step in the suiting up process. Workers start with gloves, then don Tyvek suits, boots, masks, eye protection, aprons, and another pair of gloves.

According to the World Health Organization, there have been 13,703 cases of Ebola and 4,920 deaths worldwide. Sierra Leone and Liberia have been hit hardest. Those fighting the epidemic have not been spared; the WHO reports 521 healthcare workers have been infected and 272 have died. Gordon said many of the people she photographed spoke honestly about their fear of contracting the disease. Sonnie Ville, a 34-year-old former office clerk with two children, says she almost quit after the first day. She waited three weeks before telling her mother she was working around Ebola.

“I was so afraid,” Ville told Gordon. “But I encouraged myself that I can make it. My people are dying, and if I go back home, more people will die.”

It was scary for Gordon too. She never went into containment areas and stayed out of houses where people were sick so she didn’t have to wear full protection. But the assignment still required the utmost caution. Every time she got out of the car she wore rubber boots and when she was out making pictures she never touched anything. And she was forever washing her hands and gear.

It was hard being afraid, she says, but it was even worse being unable to interact closely with people; caution required documenting things from a safe distance. She’s spent years working in Africa and says her photography has focused on telling personal stories. This time, she says, she felt completely removed and dehumanized.

“The things I love most about being a photographer are things like greeting people and ingratiating myself,” she says. “I never want to stand six feet away and scream questions at people.”

Ingenious Tap System Serves the Perfect Beer Every Time

Nathaniel Wood

Most Big-City Bars have a reasonable selection of artisanal beers, but the delivery mechanisms are still off-the-shelf: A typical draft system delivers a fixed blend of gases that does little more than keep the brew carbonated and push it from the walk-in fridge to the tap. “But those systems were built for Bud, Miller, and Coors,” Los Angeles brewpub owner Gabe Gordon says. And different beers want different gas levels. So Gordon built his own setup.

He started by making separate regulators for each of the 22 taps at his bar, all hooked up to a board that has bright red dials for pressure control and switches for choosing a gas mixture. Bar managers running the system—called the Flux Capacitor—can then send more carbon dioxide to a sour ale, say, or a 60/40 mixture of CO2 and nitrogen to a hoppy IPA. Those regulators also help Gordon keep his kegs at the right conditions—he has a colder walk-in for lagers and a warmer one for brews like stouts. “It's my job to present the beer exactly how the brewer intended it to be,” Gordon says. One Stone Smoked Porter at 52 degrees, 90 percent CO2, and pressurized to 25 psi, coming up.

An Unprecedented Look at Stuxnet, the World’s First Digital Weapon

This recent undated satellite image provided by Space Imaging/Inta SpaceTurk shows the once-secret Natanz nuclear complex in Natanz, Iran, about 150 miles south of Tehran. AP Photo/Space Imaging/Inta SpaceTurk, HO

In January 2010, inspectors with the International Atomic Energy Agency visiting the Natanz uranium enrichment plant in Iran noticed that centrifuges used to enrich uranium gas were failing at an unprecedented rate. The cause was a complete mystery—apparently as much to the Iranian technicians replacing the centrifuges as to the inspectors observing them.

Five months later a seemingly unrelated event occurred. A computer security firm in Belarus was called in to troubleshoot a series of computers in Iran that were crashing and rebooting repeatedly. Again, the cause of the problem was a mystery. That is, until the researchers found a handful of malicious files on one of the systems and discovered the world’s first digital weapon.

Stuxnet, as it came to be known, was unlike any other virus or worm that came before. Rather than simply hijacking targeted computers or stealing information from them, it escaped the digital realm to wreak physical destruction on equipment the computers controlled.

Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon , written by WIRED senior staff writer Kim Zetter, tells the story behind Stuxnet’s planning, execution and discovery. In this excerpt from the book, which will be released November 11, Stuxnet has already been at work silently sabotaging centrifuges at the Natanz plant for about a year. An early version of the attack weapon manipulated valves on the centrifuges to increase the pressure inside them and damage the devices as well as the enrichment process. Centrifuges are large cylindrical tubes—connected by pipes in a configuration known as a “cascade”—that spin at supersonic speed to separate isotopes in uranium gas for use in nuclear power plants and weapons. At the time of the attacks, each cascade at Natanz held 164 centrifuges. Uranium gas flows through the pipes into the centrifuges in a series of stages, becoming further “enriched” at each stage of the cascade as isotopes needed for a nuclear reaction are separated from other isotopes and become concentrated in the gas.

Excerpted from Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon

As the excerpt begins, it’s June 2009—a year or so since Stuxnet was first released, but still a year before the covert operation will be discovered and exposed. As Iran prepares for its presidential elections, the attackers behind Stuxnet are also preparing their next assault on the enrichment plant with a new version of the malware. They unleash it just as the enrichment plant is beginning to recover from the effects of the previous attack. Their weapon this time is designed to manipulate computer systems made by the German firm Siemens that control and monitor the speed of the centrifuges. Because the computers are air-gapped from the internet, however, they cannot be reached directly by the remote attackers. So the attackers have designed their weapon to spread via infected USB flash drives. To get Stuxnet to its target machines, the attackers first infect computers belonging to five outside companies that are believed to be connected in some way to the nuclear program. The aim is to make each “patient zero” an unwitting carrier who will help spread and transport the weapon on flash drives into the protected facility and the Siemens computers. Although the five companies have been referenced in previous news reports, they’ve never been identified. Four of them are identified in this excerpt.

The Lead-Up to the 2009 Attack

The two weeks leading up to the release of the next attack were tumultuous ones in Iran. On June 12, 2009, the presidential elections between incumbent Mahmoud Ahmadinejad and challenger Mir-Hossein Mousavi didn’t turn out the way most expected. The race was supposed to be close, but when the results were announced—two hours after the polls closed—Ahmadinejad had won with 63 percent of the vote over Mousavi’s 34 percent. The electorate cried foul, and the next day crowds of angry protesters poured into the streets of Tehran to register their outrage and disbelief. According to media reports, it was the largest civil protest the country had seen since the 1979 revolution ousted the shah and it wasn’t long before it became violent. Protesters vandalized stores and set fire to trash bins, while police and Basijis, government-loyal militias in plainclothes, tried to disperse them with batons, electric prods, and bullets.

That Sunday, Ahmadinejad gave a defiant victory speech, declaring a new era for Iran and dismissing the protesters as nothing more than soccer hooligans soured by the loss of their team. The protests continued throughout the week, though, and on June 19, in an attempt to calm the crowds, the Ayatollah Ali Khamenei sanctioned the election results, insisting that the margin of victory—11 million votes—was too large to have been achieved through fraud. The crowds, however, were not assuaged.

The next day, a twenty-six-year-old woman named Neda Agha-Soltan got caught in a traffic jam caused by protesters and was shot in the chest by a sniper’s bullet after she and her music teacher stepped out of their car to observe.

Two days later on June 22, a Monday, the Guardian Council, which oversees elections in Iran, officially declared Ahmadinejad the winner, and after nearly two weeks of protests, Tehran became eerily quiet. Police had used tear gas and live ammunition to disperse the demonstrators, and most of them were now gone from the streets. That afternoon, at around 4:30 p.m. local time, as Iranians nursed their shock and grief over events of the previous days, a new version of Stuxnet was being compiled and unleashed.

Recovery From Previous Attack

While the streets of Tehran had been in turmoil, technicians at Natanz had been experiencing a period of relative calm. Around the first of the year, they had begun installing new centrifuges again, and by the end of February they had about 5,400 of them in place, close to the 6,000 that Ahmadinejad had promised the previous year. Not all of the centrifuges were enriching uranium yet, but at least there was forward movement again, and by June the number had jumped to 7,052, with 4,092 of these enriching gas. In addition to the eighteen cascades enriching gas in unit A24, there were now twelve cascades in A26 enriching gas. An additional seven cascades had even been installed in A28 and were under vacuum, being prepared to receive gas.

Iranian President Mahmoud Ahmadinejad during a tour of centrifuges at Natanz in 2008. Office of the Presidency of the Islamic Republic of Iran

The performance of the centrifuges was improving too. Iran’s daily production of low-enriched uranium was up 20 percent and would remain consistent throughout the summer of 2009. Despite the previous problems, Iran had crossed a technical milestone and had succeeded in producing 839 kilograms of low-enriched uranium—enough to achieve nuclear-weapons breakout capability. If it continued at this rate, Iran would have enough enriched uranium to make two nuclear weapons within a year. This estimate, however, was based on the capacity of the IR-1 centrifuges currently installed at Natanz. But Iran had already installed IR-2 centrifuges in a small cascade in the pilot plant, and once testing on these was complete and technicians began installing them in the underground hall, the estimate would have to be revised. The more advanced IR-2 centrifuges were more efficient. It took 3,000 IR-1s to produce enough uranium for a nuclear weapon in one year, but it would take just 1,200 IR-2 centrifuges to do the same.

Cue Stuxnet 1.001, which showed up in late June.

The Next Assault

To get their weapon into the plant, the attackers launched an offensive against computers owned by four companies. All of the companies were involved in industrial control and processing of some sort, either manufacturing products and assembling components or installing industrial control systems. They were all likely chosen because they had some connection to Natanz as contractors and provided a gateway through which to pass Stuxnet to Natanz through infected employees.

To ensure greater success at getting the code where it needed to go, this version of Stuxnet had two more ways to spread than the previous one. Stuxnet 0.5 could spread only by infecting Step 7 project files—the files used to program Siemens PLCs. This version, however, could spread via USB flash drives using the Windows Autorun feature or through a victim’s local network using the print-spooler zero-day exploit that Kaspersky Lab, the antivirus firm based in Russia, and Symantec later found in the code.

Based on the log files in Stuxnet, a company called Foolad Technic was the first victim. It was infected at 4:40 a.m. on June 23, a Tuesday. But then it was almost a week before the next company was hit.

The following Monday, about five thousand marchers walked silently through the streets of Tehran to the Qoba Mosque to honor victims killed during the recent election protests. Late that evening, around 11:20 p.m., Stuxnet struck machines belonging to its second victim—a company called Behpajooh.

It was easy to see why Behpajooh was a target. It was an engineering firm based in Esfahan—the site of Iran’s new uranium conversion plant, built to turn milled uranium ore into gas for enriching at Natanz, and was also the location of Iran’s Nuclear Technology Center, which was believed to be the base for Iran’s nuclear weapons development program. Behpajooh had also been named in US federal court documents in connection with Iran’s illegal procurement activities.

Behpajooh was in the business of installing and programming industrial control and automation systems, including Siemens systems. The company’s website made no mention of Natanz, but it did mention that the company had installed Siemens S7-400 PLCs, as well as the Step 7 and WinCC software and Profibus communication modules at a steel plant in Esfahan. This was, of course, all of the same equipment Stuxnet targeted at Natanz.

At 5:00 a.m. on July 7, nine days after Behpajooh was hit, Stuxnet struck computers at Neda Industrial Group, as well as a company identified in the logs only as CGJ, believed to be Control Gostar Jahed. Both companies designed or installed industrial control systems.

Iranian President Mahmoud Ahmadinejad observes computer monitors at the Natanz uranium enrichment plant in central Iran, where Stuxnet was believed to have infected PCs and damaged centrifuges. Office of the Presidency of the Islamic Republic of Iran

Neda designed and installed control systems, precision instrumentation, and electrical systems for the oil and gas industry in Iran, as well as for power plants and mining and process facilities. In 2000 and 2001 the company had installed Siemens S7 PLCs in several gas pipeline operations in Iran and had also installed Siemens S7 systems at the Esfahan Steel Complex. Like Behpajooh, Neda had been identified on a proliferation watch list for its alleged involvement in illicit procurement activity and was named in a US indictment for receiving smuggled microcontrollers and other components.

About two weeks after it struck Neda, a control engineer who worked for the company popped up on a Siemens user forum on July 22 complaining about a problem that workers at his company were having with their machines. The engineer, who posted a note under the user name Behrooz, indicated that all PCs at his company were having an identical problem with a Siemens Step 7 .DLL file that kept producing an error message. He suspected the problem was a virus that spread via flash drives.

When he used a DVD or CD to transfer files from an infected system to a clean one, everything was fine, he wrote. But when he used a flash drive to transfer files, the new PC started having the same problems the other machine had. A USB flash drive, of course, was Stuxnet’s primary method of spreading. Although Behrooz and his colleagues scanned for viruses, they found no malware on their machines. There was no sign in the discussion thread that they ever resolved the problem at the time.

It’s not clear how long it took Stuxnet to reach its target after infecting machines at Neda and the other companies, but between June and August the number of centrifuges enriching uranium gas at Natanz began to drop. Whether this was the result solely of the new version of Stuxnet or the lingering effects of the previous version is unknown. But by August that year, only 4,592 centrifuges were enriching at the plant, a decrease of 328 centrifuges since June. By November, that number had dropped even further to 3,936, a difference of 984 in five months. What’s more, although new machines were still being installed, none of them were being fed gas.

Clearly there were problems with the cascades, and technicians had no idea what they were. The changes mapped precisely, however, to what Stuxnet was designed to do.

Reprinted from Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon Copyright © 2014 by Kim Zetter. Published by Crown Publishers, an imprint of Random House LLC.

Why iOS 8 Represents a New Kind of Challenge for Developers

Apple CEO Tim Cook discusses the operating system update during an event at Apple headquarters on Thursday, Oct. 16, 2014 in Cupertino, Calif. Marcio Jose Sanchez / AP

As Apple’s mobile operating system matures, each year’s version brings new capabilities and challenges for developers. Last year’s iOS 7 launch meant app makers had to redesign their apps to fit Apple’s new aesthetic, a hefty undertaking for some. But with iOS 8, the challenge is centered more around functionality. Apple introduced 4,000 new APIs developers can take advantage of, and to implement some of them, developers are having to rethink their app’s identity within the iOS realm.

“Apple is enabling this Jetsons-esque future where everything talks to everything,” Matt Johnston, chief strategy officer of app analytics company Applause, told WIRED. “It’s not only a bigger challenge for Apple, it’s an order of magnitude more complex for app companies.”

Apps used to be siloed on a specific device, functioning in their own protected little bubble. But things are now far less straightforward. With features like Handoff and Continuity, developers now have to worry about an app working from iPhone to iPad to Mac. If an app has an OS X and iOS version, users will grow to expect that, like with Safari or Mail, this app too will let you leave and pick up where you left off, no matter what device you’re on.

Apps also now have to share data and functionality with one another in an intricate web of interdependencies. iOS 8′s share extension is a specific example of this: This feature makes custom capabilities of your app available to users while they’re in other apps via iOS’s share button. For the team at popular note-sharing app Evernote, this caused numerous headaches.

“The share extension called for the team to work within an entirely new set of constraints, different from those in the main app, using technologies that they don’t work with on a daily basis,” Evernote’s VP of mobile products Jamie Hull told WIRED via email. “We couldn’t just take what we had done for desktop browser extensions and apply it to the iOS app without severely compromising both performance and usability, so the team had to build and test several approaches in parallel until we found something that worked.”

With additional iOS 8 functionalities on the way, Evernote currently includes several iOS 8-specific features, including a “Today” widget for adding new notes, the aforementioned share extension for clipping content to your account, and Touch ID to unlock the app instead of using a passcode. Dealing with the larger iPhone 6 Plus form factor has also been difficult.

“While the new phone screen sizes were actually relatively straightforward to support, the larger form factors open up a lot of questions about the ideal UX for the app,” Hull said. The team had to decide whether the largest-size phone would operate more like a tablet, and whether some onscreen items should be given greater emphasis now that the iPhone keyboard has built-in formatting buttons.

For Flexibits’ premiere title, Fantastical 2, co-founder Michael Simmons said getting the widget right was his team’s biggest obstacle.

“We were a month late to the party and that was because of the widget,” Simmons told WIRED. “We could have made a simple list, but we really wanted it done right.”

Widgets in Notification Center’s “Today View” have to follow a set of specifications, including a maximum height. For a calendar app, the team had to solve problems like: How do you make something helpful and beautiful in such a compressed view? What is most beneficial to app users, a list of to-do items, or a calendar view of the month ahead? What does a user most want to see when they swipe Notification Center down from the top of their device’s screen?

Taking their time to get it right paid off though: Fantastical 2 is now the number one app in the App Store’s Productivity category and among the top 50 in paid apps.

For Flipboard, which also recently updated its iOS app, iOS 8 introduced another new concern for the team: version support. Android has an app compatibility library that makes it easy for apps to get newer APIs on older system versions. On iOS, Flipboard co-founder Evan Doll said, they had to decide how far back to support: Just iOS 7 and iOS 8? iOS 6? iOS 5? That’s pretty old in iPhone years. (Flexibits got around this particular issue by deciding that Fantastical 2 would be an iOS 8 exclusive.)

But it’s important to note that the added complexity of a new OS isn’t always a negative for developers—many are excited about taking advantage of new technology in their apps, even if it requires a few all nighters.

“With new features like the Today widget, interactive notifications, and app sharing extensions, iOS 8 adds a lot of functionality that makes an app much more productive,” Flexibits’ Simmons said. And as Fantastical’s current perfect five star rating shows, if you get it right, all that extra work pays off.

How Attackers Can Use Radio Signals and Mobile Phones to Steal Protected Data

Getty Images

Computers housing the world’s most sensitive data are usually “air-gapped” or isolated from the internet. They’re also not connected to other systems that are internet-connected, and their Bluetooth feature is disabled, too. Sometimes, workers are not even allowed to bring mobile phones within range of the computers. All of this is done to keep important data out of the hands of remote hackers.

But these security measures may be futile in the face of a new technique researchers in Israel have developed for stealthily extracting sensitive data from isolated machines—using radio frequency signals and a mobile phone.

The attack recalls a method the NSA has been secretly using for at least six years to siphon data in a similar manner. An NSA catalogue of spy tools leaked online last year describes systems that use radio frequency signals to remotely siphon data from air-gapped machines using transceivers—a combination receiver and transmitter—attached to or embedded in the computer instead of a mobile phone. The spy agency has reportedly used the method in China, Russia and even Iran. But the exact technique for doing this has never been revealed.

The researchers in Israel make no claims that theirs is the method used by the NSA, but Dudu Mimran, chief technology officer at the Israeli lab behind the research, acknowledges that if student researchers have discovered a method for using radio signals to extract data from hard-to-reach systems, professionals with more experience and resources likely have discovered it, too.

“We are doing research way behind people [like that],” he told WIRED. “The people who are doing that are getting a lot of money and are doing that [full time].”

Dubbed “AirHopper” by the researchers at Cyber Security Labs at Ben Gurion University, the proof-of-concept technique allows hackers and spies to surreptitiously siphon passwords and other data from an infected computer using radio signals generated and transmitted by the computer and received by a mobile phone. The research was conducted by Mordechai Guri, Gabi Kedma, Assaf Kachlon, and overseen by their advisor Yuval Elovici.

The attack borrows in part from previous research showing how radio signals (.pdf) can be generated by a computer’s video card (.pdf). The researchers in Israel have developed malware that exploits this vulnerability by generating radio signals that can transmit modulated data that is then received and decoded by the FM radio receiver built into mobile phones. FM receivers come installed in many mobile phones as an emergency backup, in part, for receiving radio transmissions when the internet and cell networks are down. Using this function, however, attackers can turn a ubiquitous and seemingly innocuous device into an ingenious spy tool. Though a company or agency may think it has protected its air-gapped network by detaching it from the outside world, the mobile phones on employee desktops and in their pockets still provide attackers with a vector to reach classified and other sensitive data.

The researchers tested two methods for transmitting digital data over audio signals but Audio Frequency-Shift Keying (A-FSK) turned out to be the most effective.

“[E]ach letter or character was keyed with different audio frequency,” they note in a paper released last week (.pdf) that describes their technique. “Using less than 40 distinct audio frequencies, we were able to encode simple textual data—both alphabetical and numerical. This method is very effective for transmitting short textual massages such as identifiers, key-stroking, keep-alive messages and notifications.”

The data can be picked up by a mobile phone up to 23 feet away and then transmitted over Wi-Fi or a cellular network to an attacker’s command-and-control server. The victim’s own mobile phone can be used to receive and transmit the stolen data, or an attacker lurking outside an office or lab can use his own phone to pick up the transmission.

“With appropriate software, compatible radio signals can be produced by a compromised computer, utilizing the electromagnetic radiation associated with the video display adapter,” the researchers write. “This combination, of a transmitter with a widely used mobile receiver, creates a potential covert channel that is not being monitored by ordinary security instrumentation.”