Security researchers at Ben Gurion University have found a way to
infiltrate a closed network to lift data from an isolated computer using
little more than a cellphone’s FM radio receiver.
To evade air-gap security measures, keylogging app Airhopper, as
its known, uses radio frequencies to transmit data from a
computer, all by exploiting the computer's display.
“This is the first time that a mobile phone is considered in
an attack model as the intended receiver of maliciously crafted
radio signals emitted from the screen of the isolated
computer,”
according to a release by Ben Gurion University.
“AirHopper demonstrates how textual and binary data can be
exfiltrated from physically a (sic) isolated computer to mobile
phones at a distance of 1-7 meters, with effective bandwidth of
13-60 (bytes per second). Enough to steal a secret
password.”
Researcher Mordechai Guri, along with Professor Yuval Elovici of
Ben Gurion University, are to present Airhopper on Thursday at
MALCON 2014, an international cybersecurity and malware
conference in Denver.
The Airhopper method of data theft, researchers say, was
developed by the University in order to protect against potential
intrusions of its kind in the future.
"Such technique can be used potentially by people and
organizations with malicious intentions and we want to start a
discussion on how to mitigate this newly presented risk."
said Dudu Mimran, chief technology officer of the Ben Gurion
University’s cybersecurity labs.
Previously, researchers at Fraunhofer Institute for Communication
developed malware that could communicate with machines no more
than 65 feet away using audio and without network connectivity.
The
findings was published in the Journal of Communications in
Nov. 2013.
more here
