14 DAY TRIAL // Breaching air-gapped networks is not new, but researchers at Ben Gurion University discovered that an attack can be devised using a mobile phone placed in close proximity to the target system.
An air-gapped system is physically isolated from insecure networks and it has no access to the public Internet, so in theory it cannot send or receive data; such a measure is generally taken in the case of classified military networks, nuclear power plant controls and other sensitive areas.
According to The Times of Israel, Prof. Yuval Elovici, head of BGU’s Cyber Security Lab, demonstrated this technique to President Shimon Peres during his visit at the university last month.
Using malware specifically crafted for mobile phones, data on the infected system can be picked up via the acoustic and electromagnetic emanations generated by its hardware components (monitor, keyboard, network cards and even RAM chips).
Special devices are used by NSA’s Tempest program to capture data from computer systems through leaking emanations (radio or electrical signals, sounds, and vibrations).
The program also includes methods (emission protection - EMSEC) to protect devices against this type of spying. This is done with distance, shielding, filtering and masking.
Electromagnetic waves can be picked up and then decoded based on their frequency, as is the case with keyboard strokes, each being recognizable by their frequency.
Provided with all this information, the attacker could use SMS phishing to lure an employee working in the targeted area of the facility to access a malicious link that installs the threat in the background.
David Shamah of The Times of Israel writes that the malware can scan “for electromagnetic waves which can be manipulated to build a network connection using FM frequencies to install a virus onto a computer or server.”
With the connection between the infected computer system and the phone in place, information can be funnelled through the mobile device’s cellphone network to hackers that could be anywhere in the world.
During Elovici’s demonstration, video cards and computer monitors were used and the team said that the experiments worked with a distance between the system and the receiving phone between one and six meters (3.2 and 19 feet), which means this would be feasible if the phone were on the desk or in the victim’s pocket.
The professor said that the most efficient protection against this sort of information leak is turning off the phone; however, this is not a practical solution nowadays and the risk is growing by the day.