Air-Gapped Computer Hacked

An anonymous reader writes: Researchers from Ben Gurion University managed to extract GSM signals from air gapped computers using only a simple cellphone. According to Yuval Elovici, head of the University’s Cyber Security Research Center, the air gap exploit works because of the fundamental way that computers put out low levels of electromagnetic radiation. The attack requires both the targeted computer and the mobile phone to have malware installed on them. Once the malware has been installed on the targeted computer, the attack exploits the natural capabilities of each device to exfiltrate data using electromagnetic radiation.

Old news is so exciting

This just in, TEMPEST is a thing. Again.

Re:Old news is so exciting

[fuzzyfuzzyfungus]

It isn't conceptually novel; but doing a practical TEMPEST attack with nothing but a dumbphone, with a fairly unobtrusive software modification, rather than a relatively classy SDR rig or some antenna-covered fed-van is a nice practical refinement.

Really, how many 'tech news' stories are actually conceptually novel, rather than "Thing you could lease from IBM for the GDP of a small country in the 60s and 70s, or buy from Sun or SGI for somewhere between the price of a new house and the price of a new car in the 80s and early 90s, is now available in a battery powered and pocket sized device that shows ads!" Conceptual novelty has a special place, of course; but one ought not to scorn engineering refinement.

"If you install x on both computers...."

[jafiwam]

This is just a new way to make a very slow, very crappy network connection via unexpected hardware.

"Hacking" has SOME meaning ya dummies. It implies that there isn't a willful participant at one end and the data breech happened anyway.

Whatever this is... it isn't 'hacking'.

Re:"If you install x on both computers...."

[gstoddart]

But so what? If you can get someone inside the secure area where the super secret machines are, and you can put a small amount of malware on them, you can gain access to them.

Yes, you won't do this with a remote exploit, but if you can subvert one person you can get into stuff.

So, like in Ocean's 11 where the guy dressed as the technician hooks into the system and nobody knows it, this is a way in which the bad guys can get your stuff.

And if you know that air gapped computers likely rely on some form of portable media on some form of regular schedule, and you can target that remotely, you really don't need a willing participant on the other end. The portable media might do the job for you without anybody even knowing about it.

If I can compromise your top secret computers by figuring out the weak link of getting this stuff onto them, then from an espionage sense of the word, I'm inside 'yer stuff and I can has cheeseburger.

It sure as hell is hacking by any meaningful sense of the word.

To many of us, 'hack' absolutely includes a clever new way of gaining access to something by exploiting something something unexpected. Doing it over an air gap is pretty unexpected since traditionally we say computers are secure if they're not connected to a network and inside a locked room. With this, not so much.

Once you have the technique, the social engineering or other cheating to get the access is something pretty much well covered by the rest of the espionage playbook. Hell, it's pretty well covered in books and movies.