How to quietly slurp sensitive data wirelessly from an air-gapped PC

Israeli academics have demonstrated how feature-phones can use GSM radio frequencies to wirelessly siphon data from infected "air-gapped" computers.

Air-gapped computers are those kept physically isolated from other networks as a safeguard against hacking. The work by researchers at the Ben-Gurion University of the Negev (BGU) throws up another way that data might be exfiltrated even from air-gapped systems, in this case using nothing more than an infected feature phone. Smartphones would not be needed to pull off the attack.

The researchers, led by PhD student Mordechai Guri, converted a regular air-gapped computer into a cellular transmitting antenna through software running on the PC that modifies the machine's firmware. This GSMem malicious software extracts and transmits security keys and passwords over a GSM signal and across an air-gap to a mobile phone running matched malicious software.

Yes, that's right: you do need to infect the air-gapped the computer for this to work. The goal is to extract information from the PC over the gap.

"GSMem takes the air out of the gap and will force the world to rethink air-gap security," Dudu Mimran, chief technology officer of BGU's Cyber Security Research Center, in a statement. "Our GSMem malicious software on Windows and Linux has a tiny computational footprint, which makes it very hard to detect. Furthermore, with a dedicated receiver, we were successful exfiltrating data as far as 30 meters in distance from the computer."

The research followed earlier studies by the same BGU group on how it might be possible to siphon off data from supposedly secure, air-gapped computers. The same researchers developed a technique using FM waves after previously coming up with an even more ingenious method using heat to communicate. One possible countermeasure against the latest technique would involve prohibiting the presence of mobile phones anywhere near air-gapped computers.

Exfiltration is only one part of a successful data heist. Any practical attack on an air-gapped computer would also have to work out a way of infecting the target computer in the first place before getting an infected phone in its proximity, another potential hurdle for this sort of Mission Impossible-style hack.

NSA-grade hackers may seek to ship kit pre-infected with zero-day (undetected by commercial scanners) malware to targets. This is not something that most Reg readers are going to need to think about, but it's a factor to consider if you're in charge of network defense at the likes of Belgacom, Petrobras, or the German Bundestag.