Isolated computer to be hacked with only a cellphone at Denver cybersecurity conference
Security researchers at Ben Gurion University have found a way to infiltrate a closed network to lift data from an isolated computer using little more than a cellphone’s FM radio receiver.
To evade air-gap security measures, keylogging app Airhopper, as its known, uses radio frequencies to transmit data from a computer, all by exploiting the computer's display.
“This is the first time that a mobile phone is considered in an attack model as the intended receiver of maliciously crafted radio signals emitted from the screen of the isolated computer,” according to a release by Ben Gurion University.
“AirHopper demonstrates how textual and binary data can be exfiltrated from physically a (sic) isolated computer to mobile phones at a distance of 1-7 meters, with effective bandwidth of 13-60 (bytes per second). Enough to steal a secret password.”
Researcher Mordechai Guri, along with Professor Yuval Elovici of Ben Gurion University, are to present Airhopper on Thursday at MALCON 2014, an international cybersecurity and malware conference in Denver.
The Airhopper method of data theft, researchers say, was developed by the University in order to protect against potential intrusions of its kind in the future.
"Such technique can be used potentially by people and organizations with malicious intentions and we want to start a discussion on how to mitigate this newly presented risk." said Dudu Mimran, chief technology officer of the Ben Gurion University’s cybersecurity labs.
Previously, researchers at Fraunhofer Institute for Communication developed malware that could communicate with machines no more than 65 feet away using audio and without network connectivity. The findings was published in the Journal of Communications in Nov. 2013.