Wireless attacks against ‘air gapped’ targets are possible, Israeli team claims

A team of Israeli researchers has demonstrated a way to hack into an ultra-secure air gapped network, install malware, and retrieve information – without adding hardware to the network, according to Bloomberg News.

‘Air gaps’ – purposely leaving a machine without a connection to the internet – have been considered the last bastion of PC security, and the technique is commonly used in military or governmental establishments.

Attacking such machines wirelessly is extremely difficult.

Air gaps: A broken line of defense? 

But the Ben Gurion university team claim to have ‘cracked’ this last defense – using FM radio to transmit and receive from PCs via cables connecting their graphics cards to the displays, according to the Times of Israel.

“The scenario is that you go to a secure facility and leave your cell phone at the entrance,” Dudu Mimran, CTO at Ben-Gurion’s cybersecurity division. “The virus will send the data to your phone.”

The technique has an effective range of around 6 meters, the researchers say.

Criminal groups commonly target ‘air gapped’ machines with malware delivered via USB stick – as described by We Live Security here. ESET’s Joan Calvet writes, “In this blog post, we are sharing knowledge of a tool employed to extract sensitive information from air-gapped networks. ESET detects it as Win32/USBStealer.”

Data transmitted via FM signals

In a demonstration shown earlier this year, the researchers showed how malware could be transmitted via the FM signals – or it could be inserted by ‘traditional’ means such as by an infected USB stick.

A secret technology which relied on radio transmissions has allowed the National Security Agency to spy on computers disconnected from the internet – a security measure known as an ‘air gap’, and commonly used to protect machines containing highly sensitive data, according to a New York Times report.

The agency has used the technology since 2008, according to documents released by Edward Snowden. Rather than access networks, or use malware, the agency inserted tiny components into computers, either using agents or component manufacturers, to create a “covert channel of radio waves that can be transmitted from tiny circuit boards and USB cards.”

The Register’s report notes that the transmitters would relay and receive data from a briefcase-sized array known as Nightstand, and had a range of around eight miles. The components could also alter data on host PCs, the site noted.


Author , We Live Security

  • CO

    You build open a model all can exploit and learn from it to build a secondary model that corrects it !

  • Andrew Amie

    If I’m correct can’t you just braid all the cables together to minimize noise and wrap them in aluminum foil or other radio-reflective material? maybe I’m not understanding properly though, but surely there must be some form of ‘hardening’ to prevent such a thing.

Follow us

Copyright © 2016 ESET, All Rights Reserved.