Slashdot Mirror

← Back to Stories (view on slashdot.org)

Breaching Air-Gap Security With Radio

Posted by Soulskill on from the hitting-you-where-you-live dept.

An anonymous reader writes: Security researcher Mordechai Guri with the guidance of Prof. Yuval Elovici from the cyber security labs at Ben-Gurion University in Israel presented at MALCON 2014 a breakthrough method ("AirHopper") for leaking data from an isolated computer to a mobile phone without the presence of a network. In highly secure facilities the assumption today is that data can not leak outside of an isolated internal network. It is called air-gap security. AirHopper demonstrates how the computer display can be used for sending data from the air-gapped computer to a near by smartphone. The published paper and a demonstration video are at the link.

8 of 80 comments (clear)

  1. Re:Meh by Mr+D+from+63 · · Score: 4, Insightful

    Your refrigerator is vulnerable once I break into your house. You should consider hiding your beer somewhere safe.

  2. Tempest by Anonymous Coward · · Score: 5, Informative

    This is nothing new. They've been doing this for decades with Tempest.

    1. Re:Tempest by PsiCTO · · Score: 5, Insightful
      Indeed, referenced in their paper

      [11] W. van Eck, "Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk?," Computers and Security 4, pp. 269-286, 1985.

    2. Re:Tempest by Anonymous Coward · · Score: 5, Informative

      The 'news' is that they also offer techniques to turn off the screen to avoid detection, they developed a (for this purpose working) data transmission method, offer a variety of signal hiding techniques and use it to exfiltrate not images of the CRT or LCD screen itself but modulate binary or textual data with the VGA cable serving as radio antenna while the screen is turned off. Also where before it would probably take somebody a lot of time and devotion to develop hardware for a receiver, the paper on top explains how to turn a cheap Android based phone into one. They also did a working proof of concept. I guess none of it all is in itself 'news'. But the combination of different techniques is an interesting use-case.

  3. Van Eck phreaking by Lilith's+Heart-shape · · Score: 4, Informative

    This isn't new. Wim Van Eck did it back in 1985, without a smartphone.

    --

    I write sci-fi for metalheads

  4. Re:Not that hard to defeat by PsiCTO · · Score: 4, Interesting

    Most places have a faraday cage in which the classified material and any electronic device accessing the material is houses. If a device leaves the cage, it is handled appropriately and never turned on. Problem solved. Such measures have been used well before Gene Hackman's cage in Enemy of the State :-) Of course, a human mistake is much more likely to reveal the information...

  5. Re:Meh by Anonymous Coward · · Score: 5, Funny

    You should consider hiding your beer somewhere safe.

    Way ahead of you. BURP.

  6. Been doing it for years by fibrewire · · Score: 5, Insightful

    The correct term for this air-gap horseshit is called a Tempest Attack, and we've been doing it for years... 20 years? 30 YEARS???

    http://en.wikipedia.org/wiki/T...