Air gap malware
Air gap malware is malware that is designed to defeat air-gap isolation of secure computer systems using different channels. One of the techniques was successfully demonstrated by scientists at the Fraunhofer Society in November 2013.[1]
Operation
Because most modern computers, especially laptops, have built-in microphones and speakers, air-gap malware can be designed to communicate secure information acoustically, at frequencies near or beyond the limit of human hearing. The technique is limited to computers in close physical proximity (about 65 feet (20 m)[2]), and is also limited by the requirement that both the transmitting and receiving machines be infected with the proper malware to form the communication link.[3] The physical proximity limit can be overcome by creating an acoustically linked mesh network, but is only effective if the mesh network ultimately has a traditional ethernet connection to the outside world by which the secure information can be removed from the secure facility. In 2014, researchers introduced ″AirHopper″, a bifurcated attack pattern showing the feasibility of data exfiltration from an isolated computer to a nearby mobile phone, using FM frequency signals.[4][5]
In 2015, "BitWhisper", a Covert Signaling Channel between Air-Gapped Computers using Thermal Manipulations was introduced. "BitWhisper" supports bidirectional communication and requires no additional dedicated peripheral hardware.[6][7]
Later in 2015, researchers introduced "GSMem", a method for exfiltrating data from air-gapped computers over cellular frequencies. The transmission - generated by a standard internal bus - renders the computer into a small cellular transmitter antenna.[8][9]
See also
References
- ↑ Hanspach, Michael; Goetz, Michael (November 2013). "On Covert Acoustical Mesh Networks in Air". Journal of Communications 8 (11): 758. doi:10.12720/jcm.8.11.758-767.
- ↑ Goodin, Dan (2 December 2013). "Scientist-developed malware prototype covertly jumps air gaps using inaudible sound". Ars Technica.
- ↑ Visu, Dr.P; Chakkaravarthy, S.Sibi; Kumar, K.A.Varun; Harish, A; Kanmani, S (October 2014). "Air-Gap Malware" (PDF). Computer Engineers Technical Association – News Letter (Vel Tech University) (1): 2. Retrieved 21 March 2015.
- ↑ Guri, Mordechai; Kedma, Gabi; Kachlon, Assaf; Elovici, Yuval (November 2014). "AirHopper: Bridging the Air-Gap between Isolated Networks and Mobile Phones using Radio Frequencies". arXiv:1411.0237.
- ↑ Guri, Mordechai; Kedma, Gabi; Kachlon, Assaf; Elovici, Yuval (November 2014). "How to leak sensitive data from an isolated computer (air-gap) to a near by mobile phone - AirHopper". BGU Cyber Security Labs.
- ↑ Guri, Mordechai; Monitz, Matan; Mirski, Yisroel; Elovici, Yuval (April 2015). "BitWhisper: Covert Signaling Channel between Air-Gapped Computers using Thermal Manipulations". arXiv:1503.07919.
- ↑ Guri, Mordechai; Monitz, Matan; Mirski, Yisroel; Elovici, Yuval (March 2015). "BitWhisper: The Heat is on the Air-Gap". BGU Cyber Security Labs.
- ↑ Guri, Mordechai; Kachlon, Assaf; Hasson, Ofer; Kedma, Gabi; Mirsky, Yisroel; Elovici, Yuval (August 2015). "GSMem: Data Exfiltration from Air-Gapped Computers over GSM Frequencies". 24th USENIX Security Symposium (USENIX Security 15).
- ↑ Guri, Mordechai; Kachlon, Assaf; Hasson, Ofer; Kedma, Gabi; Mirsky, Yisroel; Monitz, Matan; Elovici, Yuval (July 2015). "GSMem Breaking The Air-Gap". Cyber Security Labs @ Ben Gurion University.
Further reading
- Guri, Mordechai; Kedma, Gabi; Kachlon, Assaf; Elovici, Yuval (2014). "Air Hopper: Bridging the Air-Gap between Isolated Networks and Mobile Phones using Radio Frequencies". arXiv:1411.0237 [cs.CR].
- Do, Quang; Martini, Ben; Choo, Kim-Kwang Raymond (2014). "Exfiltrating data from Android devices". Computers & Security (Elsevier) 48: 74–91. doi:10.1016/j.cose.2014.10.016.
- O'Malley, Samuel Joseph; Choo, Kim-Kwang Raymond (May 1, 2014). Bridging the Air Gap: Inaudible Data Exfiltration by Insiders. 20th Americas Conference on Information Systems. Association for Information Systems.