Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Black Hat

“AirHopper” Malware Uses Radio Signals to Steal Data from Isolated Computers

Bypassing Air Gap Security

Bypassing Air Gap Security: Malware Uses Radio Frequencies to Steal Data from Isolated Computers 

Bypassing Air Gap Security

Bypassing Air Gap Security: Malware Uses Radio Frequencies to Steal Data from Isolated Computers 

A proof-of-concept malware developed by researchers at the Ben Gurion University in Israel shows that an attacker can transmit sensitive information from isolated computers to nearby mobile phones by using radio signals.

Numerous organizations have resorted to what is known as “air gapping” to secure their most sensitive information. This security method can be efficient because the protected devices are isolated from the Internet, which makes them difficult to compromise.

Getting a piece of malware onto isolated computers can be done in various ways, including with removable drives, such as in the case of Stuxnet, and outsourced software or hardware components.  However, the more difficult part is getting that piece of malware to remotely transmit sensitive data from the infected computer.

The researchers have demonstrated that data exfiltration from an isolated device is possible via radio signals captured by a mobile device. The proof-of-concept malware they have created, dubbed “AirHopper,” uses the infected computer’s graphics card to emit electromagnetic signals to a nearby mobile phone that’s set up to capture the data.

“With appropriate software, compatible radio signals can be produced by a compromised computer, utilizing the electromagnetic radiation associated with the video display adapter. This combination, of a transmitter with a widely used mobile receiver, creates a potential covert channel that is not being monitored by ordinary security instrumentation,” the experts wrote in a paper published on Wednesday.

The attack has four main steps: getting the piece of malware onto the isolated computer, installing malicious code on one or more mobile phones, setting up a command and control (C&C) channel with the infected mobile device, and transmitting signals emanated by the isolated computer back to the attacker.

The malware that’s installed on the mobile phone uses the device’s FM radio receiver to pick up signals, which have been modulated with sensitive information, sent by the malware on the isolated computer through the monitor’s cable. Once the data is sent to the phone, it can be forwarded to the attackers via the Internet or SMS messages.

Advertisement. Scroll to continue reading.

With more and more organizations adopting bring-your-own-device (BYOD), personal mobile devices, which are relatively easy to infect with malware, are often carried in and out of the physical perimeter, making such an attack highly plausible.

Experiments conducted with AirHopper have shown that data can be transmitted from the physically isolated device to a mobile phone on a distance of up to 7 meters (23 feet) at 13-60 Bytes per second, which researchers say is enough to steal a secret password.

“The chain of attack is rather complicated, but is not beyond the level of skill and effort employed in modern Advanced Persistent Threats (APTs),” the paper (PDF) said.

Using light to bypass air gap security

At the recent Black Hat security conference in Amsterdam, Adi Shamir, professor of Applied Mathematics at the Weizmann Institute of Science and one of the inventors of the RSA algorithm, presented a different technique that can be used to bypass air gap security. He showed that an attacker can transmit data to an isolated computer by flashing a laser at the scanner lid of a multifunctional printer that’s connected to the targeted device.

This type of attack can work on long distances; it has been tested for up to 0.7 miles by researchers.

Shamir, who worked on this project with some of the Ben Gurion University researchers who developed the AirHopper malware, also demonstrated that the light from the same printer’s scanner can be used to transmit data from the isolated computer to a receiver. In their experiments, the researchers placed a drone at the window of the office in which the printer was located to capture the data. 

 Additional details on the AirHopper malware are available in the research paper. A video demonstrating how the attack works has also been published.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Black Hat

Black Hat 2019 recently wrapped in Las Vegas, where somewhere between 15,000 and 20,000 experts descended to experience the latest developments in the world...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...