Slashdot Mirror

← Back to Stories (view on slashdot.org)

Breaching Air-Gap Security With Radio

Posted by Soulskill on from the hitting-you-where-you-live dept.

An anonymous reader writes: Security researcher Mordechai Guri with the guidance of Prof. Yuval Elovici from the cyber security labs at Ben-Gurion University in Israel presented at MALCON 2014 a breakthrough method ("AirHopper") for leaking data from an isolated computer to a mobile phone without the presence of a network. In highly secure facilities the assumption today is that data can not leak outside of an isolated internal network. It is called air-gap security. AirHopper demonstrates how the computer display can be used for sending data from the air-gapped computer to a near by smartphone. The published paper and a demonstration video are at the link.

20 of 80 comments (clear)

  1. Meh by Anonymous Coward · · Score: 2, Insightful

    I would be impressed if it didn't require a malicious payload on the target computer.

    1. Re:Meh by Mr+D+from+63 · · Score: 4, Insightful

      Your refrigerator is vulnerable once I break into your house. You should consider hiding your beer somewhere safe.

    2. Re:Meh by Anonymous Coward · · Score: 5, Funny

      You should consider hiding your beer somewhere safe.

      Way ahead of you. BURP.

    3. Re:Meh by gstoddart · · Score: 2

      Sure, but that's the physical world. Just because you broke into one refrigerator, doesn't mean you can suddenly drink the beer from all the other refrigerators on the planet.

      OK, we need all scientists working on this immediately.

      Some form of generalized quantum entanglement so that I can have a fridge with unlimited beer.

      Unless it's Budweiser, in which case you can keep it. Unless there's no other beer, in which case it'll do. ;-)

      If we can extend this principle so I can have an infinite supply of pizza, that would be awesome too.

      Can I have that by, say, 4pm? Kthanksbye.

      --
      Lost at C:>. Found at C.
    4. Re:Meh by Anonymous Coward · · Score: 2, Funny

      Not mine - whenever I have to access a hard drive, I put it in the microwave (don't worry, I cut a hole in the door for the esata cable) and turn it on while the drive is reading or writing data. The background noise from the microwave obscures the relatively quiet noises made by the drive, and the magnetic field generated by the microwave's magnetron creates a magnetic bubble, or "shield" around the drive, ensuring that remote radiomagnetical analysis cannot penetrate the interior of the microwave and thus steal my important personal data (read: porn). The only problem with this setup is the drive usually stops working after a few seconds - I think this is simply due to the esata cable winding around the drive itself, so maybe if I can remove the turntable spindle from inside the microwave I can solve this minor issue.

    5. Re:Meh by K.+S.+Kyosuke · · Score: 2

      Sometimes people are allowed physical access to terminals to do their job but not allowed to take anything away (always administratively, often technically). This is a Snowden-type scenario.

      --
      Ezekiel 23:20
  2. Not that hard to defeat by Primate+Pete · · Score: 3, Insightful

    Keeping the classified material more than 7 meters away from the cell phones doesn't seem like that hard a measure to put in place. Maybe you could put a source of interference near the phone lockers if you wanted extra security.

    1. Re:Not that hard to defeat by PsiCTO · · Score: 4, Interesting

      Most places have a faraday cage in which the classified material and any electronic device accessing the material is houses. If a device leaves the cage, it is handled appropriately and never turned on. Problem solved. Such measures have been used well before Gene Hackman's cage in Enemy of the State :-) Of course, a human mistake is much more likely to reveal the information...

    2. Re:Not that hard to defeat by khasim · · Score: 3, Insightful

      That would work.

      And I think that the summary kind of misses the point of what "air-gapped" means. It does NOT mean that your system is invulnerable. No system is invulnerable.

      It DOES mean that it can ONLY be attacked by someone with physical access to it. Or someone with control of the hardware manufacturing / transportation channels prior to the computer being installed in the secure location. So you're removing potential channels of attack AND reducing the number of potential attackers.

      Now you need metal detectors at the entrances. And "no lone zones" where EVERYONE is accompanied by someone else. Depending upon the level of security that you want.

  3. Tempest by Anonymous Coward · · Score: 5, Informative

    This is nothing new. They've been doing this for decades with Tempest.

    1. Re:Tempest by PsiCTO · · Score: 5, Insightful
      Indeed, referenced in their paper

      [11] W. van Eck, "Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk?," Computers and Security 4, pp. 269-286, 1985.

    2. Re:Tempest by fibrewire · · Score: 2

      Ahh, you beat me to the post by an hour at least. Which probably means you van-ecked my /. login info and posted this very comment ;)

    3. Re:Tempest by Anonymous Coward · · Score: 5, Informative

      The 'news' is that they also offer techniques to turn off the screen to avoid detection, they developed a (for this purpose working) data transmission method, offer a variety of signal hiding techniques and use it to exfiltrate not images of the CRT or LCD screen itself but modulate binary or textual data with the VGA cable serving as radio antenna while the screen is turned off. Also where before it would probably take somebody a lot of time and devotion to develop hardware for a receiver, the paper on top explains how to turn a cheap Android based phone into one. They also did a working proof of concept. I guess none of it all is in itself 'news'. But the combination of different techniques is an interesting use-case.

  4. Van Eck phreaking by Lilith's+Heart-shape · · Score: 4, Informative

    This isn't new. Wim Van Eck did it back in 1985, without a smartphone.

    --

    I write sci-fi for metalheads

    1. Re:Van Eck phreaking by gstoddart · · Score: 3, Insightful

      Was coming to say that.

      Though, I suspect most of us only know about it due to reading the Cryptonomicon.

      But, really, this gives stronger evidence for wearing tinfoil hats and living in a Faraday cage.

      I'm also putting the finishing touches on my tinfoil codpiece ... maybe if it can't hear me it won't make me do stupid things. ;-)

      --
      Lost at C:>. Found at C.
  5. New meaning to older expression... by ehud42 · · Score: 2

    ... tempest in a teapot ...

    --
    I'm in my right mind and I have the answer to everything!
  6. Been doing it for years by fibrewire · · Score: 5, Insightful

    The correct term for this air-gap horseshit is called a Tempest Attack, and we've been doing it for years... 20 years? 30 YEARS???

    http://en.wikipedia.org/wiki/T...

  7. Yawn by Reason58 · · Score: 2

    In "highly secure facilities" they are TEMPEST certified, and wireless devices such as cell phones are not physically permitted within the boundary. This is a non-issue.

  8. good god this is old technique by iggymanz · · Score: 2

    done deal in the 1980s and subject of a few major computer magazine at the time.

    live long enough and see the same "new" thing being discovered over and over, about once a decade.

    what's next, article about a "picture phone"?

  9. This just in... by Bill_the_Engineer · · Score: 2

    That same smartphone can be used to listen to "Duran, Duran", "Talk, Talk", "Oingo Boingo", and "Wang Chung"

    Relive the 80s and everyone have fun tonight.

    --
    These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...