Researchers Jump the Security Air Gap With a Feature Phone

Israeli security researchers have discovered a way to steal sensitive information from a supposedly secure “air gapped” PC using just a lightweight piece of malware and a cheap GSM feature phone.

In research set to be released in August, a team at the Ben-Gurion University of the Negev (BGU) Cyber Security Research Center claimed the ‘hack’ requires malware dubbed GSMem to be installed onto the computer.

Its malicious code works to modify the CPU firmware, forcing it to transmit data to the phone over the cellular network.

The attack effectively increases the amplitude of the naturally occurring radio waves that are emitted when data moves between a computer’s CPU and RAM so that they can be picked up by a receiver.

The phone itself is required to have installed a rootkit dubbed ReceiverHandler embedded in its firmware, according to Wired.

The pieces of data that can be transmitted may be small, but that’s enough to grab passwords and encryption keys in a short space of time, the researchers claimed.

Dudu Mimran, chief technology officer of BGU’s Cyber Security Research Center, claimed GSMem would force the world to re-think air-gap security.

“Our GSMem malicious software on Windows and Linux has a tiny computational footprint, which makes it very hard to detect. Furthermore, with a dedicated receiver, we were successful exfiltrating data as far as 90ft in distance from the computer,” he said in a statement.

Project lead, Mordechai Guri, added that many high security firms restrict the use of mobile phones or limit their capabilities around air-gapped machines.

“However, phones are often otherwise allowed in the vicinity of air-gapped computers thought to be secure,” he argued in a statement. “Since modern computers emit some electromagnetic radiation (EMR) at various wavelengths and strengths, and cellular phones easily receive them, this creates an opportunity for attackers.”

One way to mitigate the risk of an attack as described above would be to create ‘zones’ around air-gapped machines where devices are prohibited, build partition walls, or implement “anomaly detection and behavioral dynamic analysis” capabilities.

“Air gapped computers are regarded as unimpeachable by some, because they are kept separate from other unclean networks – it’s like keeping a computer in a sterile bubble, essentially,” commented David Flower, European managing director for Bit9 + Carbon Black.

“This really shows why a network-only security approach is no longer viable; endpoints themselves are increasingly the target of bold hackers intent on exfiltrating data.”

video of the hack can be seen here.

The research follows on from a previous paper released by the same team earlier this year in which they demonstrated how two air-gapped computers could communicate with each other via heat emissions. 

What’s Hot on Infosecurity Magazine?