Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×
Security Cellphones Network

Breaching Air-Gap Security With Radio 80

An anonymous reader writes: Security researcher Mordechai Guri with the guidance of Prof. Yuval Elovici from the cyber security labs at Ben-Gurion University in Israel presented at MALCON 2014 a breakthrough method ("AirHopper") for leaking data from an isolated computer to a mobile phone without the presence of a network. In highly secure facilities the assumption today is that data can not leak outside of an isolated internal network. It is called air-gap security. AirHopper demonstrates how the computer display can be used for sending data from the air-gapped computer to a near by smartphone. The published paper and a demonstration video are at the link.
This discussion has been archived. No new comments can be posted.

Breaching Air-Gap Security With Radio

Comments Filter:
  • Meh (Score:2, Insightful)

    by Anonymous Coward

    I would be impressed if it didn't require a malicious payload on the target computer.

    • Re:Meh (Score:5, Insightful)

      by Mr D from 63 ( 3395377 ) on Friday October 31, 2014 @10:54AM (#48278831)
      Your refrigerator is vulnerable once I break into your house. You should consider hiding your beer somewhere safe.
      • Re:Meh (Score:5, Funny)

        by Anonymous Coward on Friday October 31, 2014 @11:01AM (#48278919)

        You should consider hiding your beer somewhere safe.

        Way ahead of you. BURP.

        • You should consider hiding your beer somewhere safe.

          Way ahead of you. BURP.

          You could always give it to him after you're done renting it.

      • by Anonymous Coward

        Sure, but that's the physical world. Just because you broke into one refrigerator, doesn't mean you can suddenly drink the beer from all the other refrigerators on the planet.

        Do you see the difference between the physical world and the information world?

        • Sure, but that's the physical world. Just because you broke into one refrigerator, doesn't mean you can suddenly drink the beer from all the other refrigerators on the planet.

          OK, we need all scientists working on this immediately.

          Some form of generalized quantum entanglement so that I can have a fridge with unlimited beer.

          Unless it's Budweiser, in which case you can keep it. Unless there's no other beer, in which case it'll do. ;-)

          If we can extend this principle so I can have an infinite supply of pizza, t

        • In my information world, I still don't care about your beer, only mine.
    • by AHuxley ( 892839 )
      That is shipped, factory sealed as unpacked and installed.
      Thats why all the spy rocks keep on getting found.
      How many where more than just dead-letter drops?
      Russian 'spy rock' was genuine, former chief of staff admits (19 Jan 2012)
      http://www.telegraph.co.uk/new... [telegraph.co.uk]
    • by hawguy ( 1600213 )

      I would be impressed if it didn't require a malicious payload on the target computer.

      Because it's so hard to get a malicious payload onto a computer? Especially one that you have physical access to?

    • by fibrewire ( 1132953 ) on Friday October 31, 2014 @11:38AM (#48279321) Homepage

      The correct term for this air-gap horseshit is called a Tempest Attack, and we've been doing it for years... 20 years? 30 YEARS???

      http://en.wikipedia.org/wiki/T... [wikipedia.org]

      • Also, this [wikipedia.org].

      • The correct term for this air-gap horseshit is called a Tempest Attack, and we've been doing it for years... 20 years? 30 YEARS???

        No, it isn't. This is something completely different. (Not to mention that Tempest never didn't very well unless you had a boatload of expensive equipment. Amateur rigs sometimes worked, even through a wall... but no more than a couple of feet away.)

        This "air-gap" communication is INTENTIONAL transmission and reception of data. With Tempest, the transmission is unintentional.

        Regardless, before this particular demonstration it was done before at least once with sound.

    • and sites that use an air gap normally ban smart phones if not phones full stop
  • by Primate Pete ( 2773471 ) on Friday October 31, 2014 @10:55AM (#48278851)
    Keeping the classified material more than 7 meters away from the cell phones doesn't seem like that hard a measure to put in place. Maybe you could put a source of interference near the phone lockers if you wanted extra security.
    • by PsiCTO ( 442262 ) on Friday October 31, 2014 @11:01AM (#48278917) Homepage
      Most places have a faraday cage in which the classified material and any electronic device accessing the material is houses. If a device leaves the cage, it is handled appropriately and never turned on. Problem solved. Such measures have been used well before Gene Hackman's cage in Enemy of the State :-) Of course, a human mistake is much more likely to reveal the information...
      • Some flight sim software I worked on in the 1990s was going to be used on the USAF's F-16 simulators for training. I got to visit their setup at Wright Patterson AFB. The simulators (full-size realistic cockpits with multifaceted hemispherical projection displays) were housed inside a large room completely encased in metal + lead. The conductive metal to form a faraday cage, and the lead in case there was anything left over trying to find its way out. There were no windows, and the door had to be closed
    • by khasim ( 1285 ) <brandioch.conner@gmail.com> on Friday October 31, 2014 @11:37AM (#48279311)

      That would work.

      And I think that the summary kind of misses the point of what "air-gapped" means. It does NOT mean that your system is invulnerable. No system is invulnerable.

      It DOES mean that it can ONLY be attacked by someone with physical access to it. Or someone with control of the hardware manufacturing / transportation channels prior to the computer being installed in the secure location. So you're removing potential channels of attack AND reducing the number of potential attackers.

      Now you need metal detectors at the entrances. And "no lone zones" where EVERYONE is accompanied by someone else. Depending upon the level of security that you want.

    • Unless you're going to do cavity searches of everyone that goes into a secured area, you're much better off improving the shielding for air-gapped computers.

      In this whitepaper, they infect the air gapped computer with malware and then use the monitor cable as a transmitting antenna.
      Interestingly, they propose infecting workers' phones with malware, making this a potential external threat, as opposed to an insider one.

      • by bkr1_2k ( 237627 )

        The whole problem with the concept is that in most (every one I've been in the last 20+ years in 4 different countries) secured facilities cell phones or any two way communication device, including 2 way pagers, weren't allowed. Many have electronics detectors mounted on the walls that detect RF emitters in the are. I've personally seen people's cell phones destroyed after forgetting to remove them from pockets.

        The whole thing has been around for over 40 years and been dealt with appropriately throughout

    • yes like having the cell phone storage at a security desk where they make sure the phones go in with no headsets.

  • Tempest (Score:5, Informative)

    by Anonymous Coward on Friday October 31, 2014 @10:56AM (#48278859)

    This is nothing new. They've been doing this for decades with Tempest.

    • Re:Tempest (Score:5, Insightful)

      by PsiCTO ( 442262 ) on Friday October 31, 2014 @11:05AM (#48278977) Homepage
      Indeed, referenced in their paper

      [11] W. van Eck, "Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk?," Computers and Security 4, pp. 269-286, 1985.

    • Ahh, you beat me to the post by an hour at least. Which probably means you van-ecked my /. login info and posted this very comment ;)

    • Re:Tempest (Score:5, Informative)

      by Anonymous Coward on Friday October 31, 2014 @11:52AM (#48279501)

      The 'news' is that they also offer techniques to turn off the screen to avoid detection, they developed a (for this purpose working) data transmission method, offer a variety of signal hiding techniques and use it to exfiltrate not images of the CRT or LCD screen itself but modulate binary or textual data with the VGA cable serving as radio antenna while the screen is turned off. Also where before it would probably take somebody a lot of time and devotion to develop hardware for a receiver, the paper on top explains how to turn a cheap Android based phone into one. They also did a working proof of concept. I guess none of it all is in itself 'news'. But the combination of different techniques is an interesting use-case.

  • Van Eck phreaking (Score:5, Informative)

    by Lilith's Heart-shape ( 1224784 ) on Friday October 31, 2014 @10:58AM (#48278877) Homepage
    This isn't new. Wim Van Eck [wikipedia.org] did it back in 1985, without a smartphone.
    • by gstoddart ( 321705 ) on Friday October 31, 2014 @11:23AM (#48279157) Homepage

      Was coming to say that.

      Though, I suspect most of us only know about it due to reading the Cryptonomicon.

      But, really, this gives stronger evidence for wearing tinfoil hats and living in a Faraday cage.

      I'm also putting the finishing touches on my tinfoil codpiece ... maybe if it can't hear me it won't make me do stupid things. ;-)

      • Though, I suspect most of us only know about it due to reading the Cryptonomicon.

        That's how I first heard of it. I thought Stephenson pulled it out of his ass until I did some research.

        • That was definitely my first reaction when I read the book ... then I found out it was real and that kind of blew my mind.

          • funny how "young" readers have that reaction to many things in that book. Those of us born in early 60s just laugh at the all old tricks that still work

    • This isn't new. Wim Van Eck [wikipedia.org] did it back in 1985

      And the spy agencies well before that. I had a high school computer teacher who worked after school at a computer store that just happened to be down the street from a sigint Army base and they had the Compaq franchise for the area - he probably told us way more about the special Tempest-hardened models he had been selling them, in 1987, than he was supposed to. He couldn't help it - the tech was way cool and he was a card-carrying nerd (RIP).

      • by LDAPMAN ( 930041 )

        I was there in the early 80's. Computer security officer was one of my additional duties at that time. Tempest was a pain in the ass but it was not a secret. There were signs that had to be posted, training that everyone had to have, inspections that had to be done. Power cables had to be separated from data cables and other cables had to only cross at right angles. Lots and lots of paranoia.

  • by ehud42 ( 314607 ) on Friday October 31, 2014 @11:21AM (#48279149) Homepage

    ... tempest in a teapot ...

  • by Anonymous Coward

    If smartphones are allowed, it's not a high-security facility.

    Bringing a smartphone in the secure area should earn you a one-way trip to prison.

  • by Anonymous Coward

    I've developed my own breakthrough method for leaking data from an isolated computer to a mobile phone without the presence of a network.

    It's called "Take a photo of the screen."

  • As a vector its certainly a curiousity; van eck was commonly practiced by the soviets in the 60's and 70s. most DoD secure work rooms require you to explicitly leave your cellular devices in a lockbox outside of the room. To combat van eck, most monitors ordered for this type of work are also emi tape shielded.
  • by Reason58 ( 775044 ) on Friday October 31, 2014 @12:05PM (#48279641)
    In "highly secure facilities" they are TEMPEST certified, and wireless devices such as cell phones are not physically permitted within the boundary. This is a non-issue.
  • Should fix this problem - unless the super-cheaply designed mainborard and graphica card emit the signal via the ground plane/power line

  • I was doing this with my Beepwear Datalink watch (http://en.wikipedia.org/wiki/Timex_Datalink#Wireless_data_transfer_mode) back in the day... the watch had an optical sensor built into it and you ran software on your PC that made the display go wonky with something like barcodes flying off the screen. You started the software, pointed the watch at the screen, and zingo, it sent your contacts, appointments and whatnot to the watch.

  • by iggymanz ( 596061 ) on Friday October 31, 2014 @01:00PM (#48280349)

    done deal in the 1980s and subject of a few major computer magazine at the time.

    live long enough and see the same "new" thing being discovered over and over, about once a decade.

    what's next, article about a "picture phone"?

  • by Bill_the_Engineer ( 772575 ) on Friday October 31, 2014 @01:15PM (#48280501)

    That same smartphone can be used to listen to "Duran, Duran", "Talk, Talk", "Oingo Boingo", and "Wang Chung"

    Relive the 80s and everyone have fun tonight.

  • by terbo ( 307578 )

    AirHopper: Bridging the Air-Gap between Isolated Networks and Mobile Phones using Radio frequencies - https://cdn.anonfiles.com/1414... [anonfiles.com]

    But now theres an app for that ...

  • I think the big elephant in the room is more to be found further upstream, in the area of manufacturing. Worrying about software hacks is one thing - not having the faintest absolute clue exactly *what* is inside the chip package is something else entirely. Think its an accumulator bank? Oh sorry, maybe we forgot to mention the harmonic bundles associated with wave guidance within the interstitial distances of the rapidly blinking transistors .. yeah, those can be read from space. With a satellite (or 1

  • I think the "Top Secret" message on the screen is misleading, as places that handle top-secret data are all Tempest shielded.
    The real issue would be where a malicious employee adds the keylogging code
    to a PC used by an IT staff member, which would then allow anyone using their app
    to read anything typed in, including the superuser password.

    Once you have that, you can do pretty well anything.
  • What, if anything, should those of us with smartphones , laptops etc do when we're out in public? Have air-gap hackings become at all common, yet?

Truth is free, but information costs.

Working...