Researchers at the Ben-Gurion University of the Negev (BGU) Cyber Security Research Center have discovered that virtually any cellphone infected with a malicious code can use GSM phone frequencies to steal critical information from infected “air-gapped” computers.
Air-gapped computers are isolated — separated both logically and physically from public networks — ostensibly so that they cannot be hacked over the Internet or within company networks.
Led by BGU Ph.D. student Mordechai Guri, the research team discovered how to turn an ordinary air-gapped computer into a cellular transmitting antenna using software that modifies the CPU firmware. GSMem malicious software uses the electromagnetic waves from phones to receive and exfiltrate small bits of data, such as security keys and passwords.
Click here to watch a video of the demonstration.
“GSMem takes the air out of the gap and will force the world to rethink air-gap security,” says
Dudu Mimran, chief technology officer of BGU’s Cyber Security Research Center. “Our GSMem malicious software on Windows and Linux has a tiny computational footprint, which makes it very hard to detect. Furthermore, with a dedicated receiver, we were successful exfiltrating data as far as 90 ft. (30 meters) in distance from the computer.”
According to Guri, “Many companies already restrict the use of cell phones or limit the capabilities (no camera, video or Wi-Fi on cell phones) around air-gapped computers. However, phones are often otherwise allowed in the vicinity of air-gapped computers thought to be secure. Since modern computers emit some electromagnetic radiation (EMR) at various wavelengths and strengths, and cellular phones easily receive them, this creates an opportunity for attackers.”
The researchers recommend that countermeasures to mitigate the issue use the “Zone” approach: defined areas or zones around these computers where mobile phones and simple devices are prohibited. Insulation of partition walls may help to mitigate signal reception distance growth if a dedicated hardware receiver is used. Additionally, anomaly detection and behavioral dynamic analysis may help.
Read more: Cellphones Can Steal Data from Computers
The Latest on: Air gapped computers
via Google News
The Latest on: Air gapped computers
- Computer modeling brings simple, efficient rocket engine closer to realityon February 24, 2020 at 10:43 pm
In operation, air would come in through the slats, mix with fuel ... “It’s made of concentric cylinders. Propellant flows in the gap between the cylinders, and, after ignition, the rapid heat release ...
- When the air gap is the space between the ears: A natural gas plant let ransomware spread from office IT to opson February 19, 2020 at 2:15 pm
It did, however, spread from an office computer through the plant's IT network to the operational network of PCs that monitor the plant, overwriting documents and other data as it went. "A cyber ...
- Apple’s iPad Air starts at $400 with a return to all-time lows ($99 off)on February 19, 2020 at 11:51 am
All of which is powered by the new A12 64-bit SoC processor. iPad Air beautifully bridges the gap between affordability and a larger display. For additional Apple deals, make sure you check out this ...
- How the Army and Air Force Integrate AI Learning Into Combat Trainingon February 14, 2020 at 1:13 pm
U.S. Air Force basic military training trainees are issued personal computers during in-processing as part of a pilot test under a Cooperative ... really tailoring the experience in a learner-centric ...
- 2020 Global Forecast & Outlook for Dust Collection & Other Air Purification Equipment for Industrial Gas Cleaning Systems - ResearchAndMarkets.comon February 14, 2020 at 9:42 am
DUBLIN--(BUSINESS WIRE)--The "2020 Global Forecast for Dust collection and other air purification equipment for industrial gas cleaning systems ... such as expenditures on buildings, machinery, ...
- Researchers Steal Data From Computer Using Monitor Brightnesson February 7, 2020 at 1:39 pm
The conventional wisdom of computer security holds that the most sensitive data should live exclusively in “air-gapped” systems without a network connection. Still, no security protocol is com ...
- air-gappedon February 7, 2020 at 8:38 am
Researchers from Ben Gurion University have devised a way to leak data from a computer via changes in display brightness. Researchers Steal Data From Air-Gapped Computer Over Power Lines April ...
- Academics steal data from air-gapped systems using screen brightness variationson February 5, 2020 at 11:59 pm
Academics from Israel have detailed and demoed a new method for stealing data from air-gapped computers. The method relies on making small tweaks to an LCD screen's brightness settings.
- LCD pwn System: How to modulate screen brightness to covertly transmit data from an air-gapped computer... slowlyon February 5, 2020 at 10:20 pm
So get patching all nine of you using it on the desktop Boffins from Ben-Gurion University of the Negev and Shamoon College of Engineering in Israel have come up with yet another TEMPEST-style attack ...
- Researchers can 'steal' data by tracking a PC monitor's brightnesson February 5, 2020 at 8:38 pm
Researchers have found a way to steal data from "air-gapped" computers (that is, no way to connect to other devices) using an LCD's brightness. The approach has a compromised computer relay ...
via Bing News