Cell Phones Can Beat an Air Gap

Thursday, July 30, 2015 @ 03:07 PM gHale

While it is hard to believe there are truly air-gapped computers still out there, but if there are still some around then they are in trouble because it is possible to hack them with a cell phone.

The theory is with a true air gap, a bad guy cannot hack a computer over the Internet or within company networks because there is no connection to a network.

Trojan Looks for Sandbox
Malware Delivers Trojan to Enterprises
Government Attacks via APT
‘Air Gapped’ Systems Targeted

Not so fast, said researchers at the Ben-Gurion University of the Negev (BGU) Cyber Security Research Center. They found virtually any cell phone infected with a malicious code can use GSM phone frequencies to steal critical information from infected “air-gapped” computers.

Led by BGU Ph.D. student Mordechai Guri, the research team discovered how to turn an ordinary air-gapped computer into a cellular transmitting antenna using software that modifies the CPU firmware.

GSMem malicious software uses the electromagnetic waves from phones to receive and exfiltrate small bits of data, such as security keys and passwords.

“GSMem takes the air out of the gap and will force the world to rethink air-gap security,” said Dudu Mimran, chief technology officer of BGU’s Cyber Security Research Center. “Our GSMem malicious software on Windows and Linux has a tiny computational footprint, which makes it very hard to detect. Furthermore, with a dedicated receiver, we were successful exfiltrating data as far as 90 ft. in distance from the computer.”

“Many companies already restrict the use of cell phones or limit the capabilities (no camera, video or Wi-Fi on cell phones) around air-gapped computers,” Guri said. “However, phones are often otherwise allowed in the vicinity of air-gapped computers thought to be secure. Since modern computers emit some electromagnetic radiation (EMR) at various wavelengths and strengths, and cellular phones easily receive them, this creates an opportunity for attackers.”

The researchers recommend countermeasures to mitigate the issue use the “Zone” approach: Defined areas or zones around these computers where mobile phones and simple devices are prohibited. Insulation of partition walls may help to mitigate signal reception distance growth if a dedicated hardware receiver ends up used. Additionally, anomaly detection and behavioral dynamic analysis may help.

This is the third threat the BGU cyber team uncovered related to air-gapped computers. Last year, the researchers created a method called Air-Hopper, which utilizes FM waves for data exfiltration. Another research initiative, BitWhisper, demonstrated a covert bi-directional communication channel between two close-by air-gapped computers using heat to communicate.

Click here to watch a video of the latest air gap hack.