Computer Memory Can Be Made to Speak in Wifi, Researcher Discovers

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.

Illustration for article titled Computer Memory Can Be Made to Speak in Wifi, Researcher Discovers

Photo: KIRILL KUDRYAVTSEV / Staff (Getty Images)

A new theoretical exploit called Air-Fi can turn a secure, air-gapped computer into a wifi transmitter that can help a hacker exfiltrate secure data.

An air-gapped computer is a computer that is completely disconnected from any network. Many air-gapped machines have every possible network feature removed, from wifi to Bluetooth, but this exploit shows that hackers can use DDR SDRAM buses “to generate electromagnetic emissions in the 2.4 GHz Wi-Fi bands and encode binary data on top of it,” according to the researcher Mordechai Guri of the Ben-Gurion University of the Negev, Israel.

“This technique required high levels of skills from the attacker, in both design and implementation,” said Guri in an email. “However, there are simpler covert exfiltration channels for conventional IT environments in the wild. This one is focusing on leaking data from air-gapped computers where the traditional network-based covert channels fail.”

“Using the Wi-Fi medium in such a non-conventional way is something that I’ve been examining during the last year,” he said.

The transmissions are invisible to other devices and only the hacker can only pick them up with specially-prepared software and hardware.

He writes:

As a part of the exfiltration phase, the attacker might collect data from the compromised computers. The data can be documents, key logging, credentials, encryption keys, etc. Once the data is collected, the malware initiates the AIR-FI covert channel. It encodes the data and transmits it to the air (in the Wi-Fi band at 2.4 GHz) using the electromagnetic emissions generated from the DDR SDRAM buses.

Guri is well-known in security circles for figuring out how to attack air-gapped machines. In 2019 he used screen brightness and power lines to transmit data from secure computers and in 2018 he was also able to transmit data via ultrasonic audio files using a simple computer speaker.

In this exploit, Guri was able to force the DDR SDRAM busses to transmit to compromised wifi-capable devices like laptops and smartphones. He hacked four workstations with the exploit, each outfitted with similar 4GB DIMM DDR4…


Jason Biggs on His Son’s Sex Pistols Name & The Real Reason His Kids Speak German

We talked shop — parenting shop, that is — from Octonauts to kid travel to Dictator Lunches to his Heluva Good dip mac ‘n’ cheese hack. It was also perhaps the most reverse-interviewed I’ve ever been …
mac hacker – read more

Hear me speak at “Conversations from the Vault” in London

You may already be going to be there without realising it, as the event is happening at the same place as IDC’s Identity & Privacy Conference.

Graham Cluley

Hear me speak about how to make a billion dollars through cybercrime

Hear me speak about how to make a billion dollars through cybercrime

How did a cybercrime gang steal a billion dollars from banks and financial institutions?

Come to the talk I’m giving in London, and find out.

Graham Cluley