Hacking a Secure Air-Gapped Computer – EEJournal

/in


Some security weaknesses would be hilarious if they weren’t so serious. And one man and his crack research team have found dozens of surprising ways to crack seemingly impenetrable computers. You’ve got to give them points for originality. 

There are a lot of ways to secure a computer, depending on what you’re trying to prevent. Do you want to keep secure information inside? Do you want to prevent outside malware from getting in? Do you want to limit access to only the right people? The list goes on. 

“Air gapping” is the gold standard for trapping sensitive information inside a computer and making sure it can’t be shared, transmitted, or go walkabout. An air-gapped computer has no CD-ROM burner, no floppy disk drive, no SD card interface, no USB slots, and no network interface of any kind. That means no Ethernet, no Wi-Fi, no Bluetooth – nothing that could potentially be used to send data outside the machine. 

Seems pretty secure, right? With no network and no place to stick removable media, there is physically no way to get data off of the computer. Or so you’d think. But Mordechai Guri and his merry band of helpers at Ben-Gurion University of the Negev in Israel has found a way. Many ways, in fact, and some are truly surprising. Or demoralizing, depending on your job description. 

The latest installment in their oeuvre is nicknamed Air-Fi, and it MacGyvers a Wi-Fi interface out of hardware that’s already in your PC. It relies on the underlying electromagnetic radiation that results from any signal transmitted over a wire. Specifically, it subverts your computer’s DRAM into wiggling the memory bus at 2.4 GHz – exactly the frequency range of the 802.11b/g/n Wi-Fi standards. And, since most computers today use standard DIMMs, the hardware is readily available, and you’re pretty much hosed. 

If you want to know how it works, or even to try it out for yourself, the detailed description is in his research paper. It even provides pseudocode. 

Since Air-Fi mimics Wi-Fi, anything in the area with a Wi-Fi interface can pick up the exfiltrated data, including cellphones, wireless routers, access points, harmless IoT gadgets, or other computers. 

If…

Source…