This website uses cookies primarily for visitor analytics. Certain pages will ask you to fill in contact details to receive additional information. On these pages you have the option of having the site log your details for future visits. Indicating you want the site to remember your details will place a cookie on your device. To view our full cookie policy, please click here. You can also view it at any time by going to our Contact Us page.

Researchers uncover vulnerability of isolated computers

29 July 2015

Researchers have discovered that virtually any mobile phone infected with a malicious code can use GSM phone frequencies to steal critical information from infected 'air-gapped' computers.

A basic mobile phone extracting data from an air-gapped computer (photo courtesy of Ben-Gurion University of the Negev Cyber Security Research Centre)

Air-gapped computers are isolated — separated both logically and physically from public networks — ostensibly so that they cannot be hacked over the Internet or within company networks.

Led by Ben-Gurion University of the Negev (BGU) PhD student Mordechai Guri, the research team discovered how to turn an ordinary air-gapped computer into a cellular transmitting antenna using software that modifies the CPU firmware. GSMem malicious software uses the electromagnetic waves from phones to receive and exfiltrate small bits of data, such as security keys and passwords.

“GSMem takes the air out of the gap and will force the world to rethink air-gap security,” says Dudu Mimran, chief technology officer of BGU’s Cyber Security Research Centre. “Our GSMem malicious software on Windows and Linux has a tiny computational footprint, which makes it very hard to detect. Furthermore, with a dedicated receiver, we were successful exfiltrating data as far as 30 metres in distance from the computer.”

According to Guri, many companies already restrict the use of cell phones or limit the capabilities (no camera, video or Wi-Fi on cell phones) around air-gapped computers. "However, phones are often otherwise allowed in the vicinity of air-gapped computers thought to be secure," he says. "Since modern computers emit some electromagnetic radiation at various wavelengths and strengths, and cellular phones easily receive them, this creates an opportunity for attackers.”

The researchers recommend that counter-measures to mitigate the issue use the 'Zone' approach: defined areas or zones around these computers where mobile phones and simple devices are prohibited. Insulation of partition walls may help to mitigate signal reception distance growth if a dedicated hardware receiver is used. Additionally, anomaly detection and behavioural dynamic analysis may help.

This is the third threat the BGU cyber team has uncovered related to what are supposed to be secure, air-gapped computers. Last year, the researchers created a method called Air-Hopper, which utilises FM waves for data exfiltration. Another research initiative, BitWhisper, demonstrated a covert bi-directional communication channel between two close-by air-gapped computers using heat to communicate.


Print this page | E-mail this page