Via ars technica
-----
A two-stage attack could allow spies to sneak secrets out of the most
sensitive buildings, even when the targeted computer system is not
connected to any network, researchers from Ben-Gurion University of the
Negev in Israel stated in an academic paper describing the refinement of
an existing attack.
The technique,
called AirHopper, assumes that an attacker has already compromised the
targeted system and desires to occasionally sneak out sensitive or
classified data. Known as exfiltration, such occasional communication is
difficult to maintain, because government technologists frequently
separate the most sensitive systems from the public Internet for
security. Known as an air gap, such a defensive measure makes it much
more difficult for attackers to compromise systems or communicate with
infected systems.
Yet, by using a program to create a radio signal using a computer’s
video card—a technique known for more than a decade—and a smartphone
capable of receiving FM signals, an attacker could collect data from
air-gapped devices, a group of four researchers wrote in a paper
presented last week at the IEEE 9th International Conference on Malicious and Unwanted Software (MALCON).
“Such technique can be used potentially by people and organizations
with malicious intentions and we want to start a discussion on how to
mitigate this newly presented risk,” Dudu Mimran, chief technology
officer for the cyber security labs at Ben-Gurion University, said in a
statement.
For the most part, the attack is a refinement of existing techniques. Intelligence agencies have long known—since at least 1985—that
electromagnetic signals could be intercepted from computer monitors to
reconstitute the information being displayed. Open-source projects have turned monitors into radio-frequency transmitters.
And, from the information leaked by former contractor Edward Snowden,
the National Security Agency appears to use radio-frequency devices implanted in various computer-system components to transmit information and exfiltrate data.
AirHopper uses off-the-shelf components, however, to achieve the same
result. By using a smartphone with an FM receiver, the exfiltration
technique can grab data from nearby systems and send it to a waiting
attacker once the smartphone is again connected to a public network.
“This is the first time that a mobile phone is considered in an
attack model as the intended receiver of maliciously crafted radio
signals emitted from the screen of the isolated computer,” the group
said in its statement on the research.
The technique works at a distance of 1 to 7 meters, but can only send
data at very slow rates—less than 60 bytes per second, according to the
researchers.