Air-Gapped Computer Hacked

An anonymous reader writes: Researchers from Ben Gurion University managed to extract GSM signals from air gapped computers using only a simple cellphone. According to Yuval Elovici, head of the University’s Cyber Security Research Center, the air gap exploit works because of the fundamental way that computers put out low levels of electromagnetic radiation. The attack requires both the targeted computer and the mobile phone to have malware installed on them. Once the malware has been installed on the targeted computer, the attack exploits the natural capabilities of each device to exfiltrate data using electromagnetic radiation.

Re:"If you install x on both computers...."

[gstoddart]

But so what? If you can get someone inside the secure area where the super secret machines are, and you can put a small amount of malware on them, you can gain access to them.

Yes, you won't do this with a remote exploit, but if you can subvert one person you can get into stuff.

So, like in Ocean's 11 where the guy dressed as the technician hooks into the system and nobody knows it, this is a way in which the bad guys can get your stuff.

And if you know that air gapped computers likely rely on some form of portable media on some form of regular schedule, and you can target that remotely, you really don't need a willing participant on the other end. The portable media might do the job for you without anybody even knowing about it.

If I can compromise your top secret computers by figuring out the weak link of getting this stuff onto them, then from an espionage sense of the word, I'm inside 'yer stuff and I can has cheeseburger.

It sure as hell is hacking by any meaningful sense of the word.

To many of us, 'hack' absolutely includes a clever new way of gaining access to something by exploiting something something unexpected. Doing it over an air gap is pretty unexpected since traditionally we say computers are secure if they're not connected to a network and inside a locked room. With this, not so much.

Once you have the technique, the social engineering or other cheating to get the access is something pretty much well covered by the rest of the espionage playbook. Hell, it's pretty well covered in books and movies.