Breaching Air-Gap Security With Radio

← Back to Stories (view on slashdot.org)

Breaching Air-Gap Security With Radio

Posted by Soulskill on Friday October 31, 2014 @02:49AM from the hitting-you-where-you-live dept.

An anonymous reader writes: Security researcher Mordechai Guri with the guidance of Prof. Yuval Elovici from the cyber security labs at Ben-Gurion University in Israel presented at MALCON 2014 a breakthrough method ("AirHopper") for leaking data from an isolated computer to a mobile phone without the presence of a network. In highly secure facilities the assumption today is that data can not leak outside of an isolated internal network. It is called air-gap security. AirHopper demonstrates how the computer display can be used for sending data from the air-gapped computer to a near by smartphone. The published paper and a demonstration video are at the link.

7 of 80 comments (clear)

Min score:

Reason:

Sort:

Meh by Anonymous Coward · 2014-10-31 02:50 · Score: 2, Insightful

I would be impressed if it didn't require a malicious payload on the target computer.
1. Re:Meh by Mr+D+from+63 · 2014-10-31 02:54 · Score: 4, Insightful
  
  Your refrigerator is vulnerable once I break into your house. You should consider hiding your beer somewhere safe.
Not that hard to defeat by Primate+Pete · 2014-10-31 02:55 · Score: 3, Insightful

Keeping the classified material more than 7 meters away from the cell phones doesn't seem like that hard a measure to put in place. Maybe you could put a source of interference near the phone lockers if you wanted extra security.
1. Re:Not that hard to defeat by khasim · 2014-10-31 03:37 · Score: 3, Insightful
  
  That would work.
  And I think that the summary kind of misses the point of what "air-gapped" means. It does NOT mean that your system is invulnerable. No system is invulnerable.
  It DOES mean that it can ONLY be attacked by someone with physical access to it. Or someone with control of the hardware manufacturing / transportation channels prior to the computer being installed in the secure location. So you're removing potential channels of attack AND reducing the number of potential attackers.
  Now you need metal detectors at the entrances. And "no lone zones" where EVERYONE is accompanied by someone else. Depending upon the level of security that you want.
Re:Tempest by PsiCTO · 2014-10-31 03:05 · Score: 5, Insightful

Indeed, referenced in their paper
[11] W. van Eck, "Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk?," Computers and Security 4, pp. 269-286, 1985.
Re:Van Eck phreaking by gstoddart · 2014-10-31 03:23 · Score: 3, Insightful

Was coming to say that.
Though, I suspect most of us only know about it due to reading the Cryptonomicon.
But, really, this gives stronger evidence for wearing tinfoil hats and living in a Faraday cage.
I'm also putting the finishing touches on my tinfoil codpiece ... maybe if it can't hear me it won't make me do stupid things. ;-)

--
Lost at C:>. Found at C.
Been doing it for years by fibrewire · 2014-10-31 03:38 · Score: 5, Insightful

The correct term for this air-gap horseshit is called a Tempest Attack, and we've been doing it for years... 20 years? 30 YEARS???
http://en.wikipedia.org/wiki/T...