Slashdot Mirror

← Back to Stories (view on slashdot.org)

Air-Gapped Computer Hacked (Again)

Posted by samzenpus on from the protect-ya-neck dept.

An anonymous reader writes: Researchers from Ben Gurion University managed to extract GSM signals from air gapped computers using only a simple cellphone. According to Yuval Elovici, head of the University’s Cyber Security Research Center, the air gap exploit works because of the fundamental way that computers put out low levels of electromagnetic radiation. The attack requires both the targeted computer and the mobile phone to have malware installed on them. Once the malware has been installed on the targeted computer, the attack exploits the natural capabilities of each device to exfiltrate data using electromagnetic radiation.

16 of 80 comments (clear)

  1. Old news is so exciting by Anonymous Coward · · Score: 5, Insightful

    This just in, TEMPEST is a thing. Again.

    1. Re:Old news is so exciting by dave1791 · · Score: 4, Informative

      Parent beat me to the comment. TEMPEST has been around since at least the 80's folks.

    2. Re:Old news is so exciting by fuzzyfuzzyfungus · · Score: 5, Insightful

      It isn't conceptually novel; but doing a practical TEMPEST attack with nothing but a dumbphone, with a fairly unobtrusive software modification, rather than a relatively classy SDR rig or some antenna-covered fed-van is a nice practical refinement.

      Really, how many 'tech news' stories are actually conceptually novel, rather than "Thing you could lease from IBM for the GDP of a small country in the 60s and 70s, or buy from Sun or SGI for somewhere between the price of a new house and the price of a new car in the 80s and early 90s, is now available in a battery powered and pocket sized device that shows ads!" Conceptual novelty has a special place, of course; but one ought not to scorn engineering refinement.

    3. Re:Old news is so exciting by SuiteSisterMary · · Score: 4, Interesting

      Sure, but it still involves physical access to the machine. Headline should have read something like 'novel new way to get data remotely off of compromised non-networked computers'.

      --
      Vintage computer games and RPG books available. Email me if you're interested.
    4. Re:Old news is so exciting by AHuxley · · Score: 2

      The TEMPEST origins are within the CIA going back to the very early 1950's.
      The UK stumbled on TEMPEST like results thanks to a leaky embassy cypher machine in 1952 that offered up plain text.
      France was the main target going into the 1950's until corrective hardware was added in the early 1960's.
      The US and UK also had success with the new methods in Berlin and Vienna against Soviet communications networks.
      In theory every advanced cryptographic expert should have been fully aware of the issues into the 1960's-70's on any advanced device on the open market.
      The main issue seems to be the use of average PC enclosures in very secure sites. The staff are trusted, the site is kept away from random outsiders, distance and physical security been the focus. The more historical view would be to build a much better enclosure, encrypt and have better site security.
      Learn from France and its total loss of communications security in the 1950's...

      --
      Domestic spying is now "Benign Information Gathering"
    5. Re:Old news is so exciting by Anonymous Coward · · Score: 2, Interesting

      It isn't conceptually novel; but doing a practical TEMPEST attack with nothing but a dumbphone ...

      You obviously did not bother to read the article. Not only does it require malware be installed on the target computer, but it requires malware to be installed on the cellphone as well. Dumb phones (which are not even mentioned in the article) cannot download malware and would require a custom chip installed. While feature phones (also not even mentioned) can download apps, they MAY lack the CPU power necessary to run the decoder malware. It seems like a much ado about nothing to me. The only way to infect an air-gapped computer with the required malware is to have physical access, or control the supply chain that provides software. So not only do you need the security clearance to gain physical access to the machine, but if you can smuggle the thumbdrive with the malware on it IN, you can certainly smuggle the thumbdrive with the desired information on it OUT. This is how Snowden operated.

  2. "If you install x on both computers...." by jafiwam · · Score: 5, Insightful

    This is just a new way to make a very slow, very crappy network connection via unexpected hardware.

    "Hacking" has SOME meaning ya dummies. It implies that there isn't a willful participant at one end and the data breech happened anyway.

    Whatever this is... it isn't 'hacking'.

    1. Re:"If you install x on both computers...." by fuzzyfuzzyfungus · · Score: 4, Insightful

      It isn't a standalone hack, since placing the implant is left as an exercise for the reader; but exfiltration is a necessary ingredient of hacks in situations where a network connection either doesn't exist or can't safely be used.

    2. Re:"If you install x on both computers...." by gstoddart · · Score: 5, Interesting

      But so what? If you can get someone inside the secure area where the super secret machines are, and you can put a small amount of malware on them, you can gain access to them.

      Yes, you won't do this with a remote exploit, but if you can subvert one person you can get into stuff.

      So, like in Ocean's 11 where the guy dressed as the technician hooks into the system and nobody knows it, this is a way in which the bad guys can get your stuff.

      And if you know that air gapped computers likely rely on some form of portable media on some form of regular schedule, and you can target that remotely, you really don't need a willing participant on the other end. The portable media might do the job for you without anybody even knowing about it.

      If I can compromise your top secret computers by figuring out the weak link of getting this stuff onto them, then from an espionage sense of the word, I'm inside 'yer stuff and I can has cheeseburger.

      It sure as hell is hacking by any meaningful sense of the word.

      To many of us, 'hack' absolutely includes a clever new way of gaining access to something by exploiting something something unexpected. Doing it over an air gap is pretty unexpected since traditionally we say computers are secure if they're not connected to a network and inside a locked room. With this, not so much.

      Once you have the technique, the social engineering or other cheating to get the access is something pretty much well covered by the rest of the espionage playbook. Hell, it's pretty well covered in books and movies.

      --
      Lost at C:>. Found at C.
  3. Hacked Computer with air gap not completely secure by cnaumann · · Score: 4, Insightful

    That headline would be a little more accurate but far less sexy.

  4. Meh. by msauve · · Score: 2

    "The attack requires both the targeted computer and the mobile phone to have malware installed on them."

    In other news, data can be exfiltrated from air-gapped computers if others can see the screen or hear the speaker. Even worse if they have WiFi installed on them.

    --
    "National Security is the chief cause of national insecurity." - Celine's First Law
  5. really bad title by bloodhawk · · Score: 4, Insightful

    NO, the air gap computer wasn't hacked. If you require them to install malware on it then it wasn't actually hacked, the air gapping is to prevent any malware from getting in. This is like a heap of other sensational articles from security researchers that claim how weak somethings security is as long as they had physical access or admin access, yeah no shit Sherlock, if you can install software on a computer you can do all sorts of nifty shit.

  6. Motorola C123 = almost SDR by citizenr · · Score: 4, Informative

    Phone shown in the video is a variant of Motorola C123, Calypso Chipset design with leaked firmware source and semi documented dsp
    http://bb.osmocom.org/trac/wik...

    it isnt some dumb phone, its an SDR platform capable of running primitive GSM base station, or sniffing GSM traffic.

    --
    Who logs in to gdm? Not I, said the duck.
  7. Missing the point here...... by dablow · · Score: 2, Interesting

    ...what happens if that "malware" comes installed by default on closed source OS like Windows, OS X, iOS?

    It's been documented that the NSA (could have been another agency) intercepting IT hardware (like Cisco switches) and installing their own custom firmware. Also hard disks have some code running on them curtsey of the NSA.

    Does nobody else see the inherit danger here?

    1. Re:Missing the point here...... by Overzeetop · · Score: 2

      Why does the malware need to be closed source. Can you not write and hide malware in open source software? It's not as if an end user is typically going to be able to audit the entire OS codebase even if it is available. And anyone involved in the setup of the machine would have the opportunity to easily slip in the malware, while the OS appeared to be stock.

      --
      Is it just my observation, or are there way too many stupid people in the world?
  8. Re:If you have physical access... by gstoddart · · Score: 4, Insightful

    It requires someone to have access, but not necessarily you.

    Say I know every Tuesday you need to transfer data to your air gapped computers. Now, assume the source of that data is somehow less secure and I can target that. Now, the person who is supposed to be in there is the only one who ever is, and unknowingly transfers the appropriate code to get into your systems.

    See, the thing about security is that it's only as strong as the weakest link. If there is ever any data transfer in or out of your secure system, that becomes the weak link.

    With some cleverness and patience, it is entirely possible this can be done entirely remotely, with all of the physical access being done by trusted people. And then your assertion about needing physical access becomes provably false.

    Assuming your air-gapped machine periodically needs new inputs, and assuming you don't have people type that in from paper copy ... then however you get stuff on or off that computer is the thing you target.

    Sure, the guys with guns and video cameras won't let me into your secure room. But they do let someone in. And that someone can be made to be unwittingly do your dirty work.

    I don't think my scenario is even remotely implausible. If you have enough motivation, patience, and resources, you can accomplish an awful lot when it comes to bypassing security. And most nation states have all of those things, and lots of people actively working on it.

    --
    Lost at C:>. Found at C.