How to quietly slurp sensitive data wirelessly from an air-gapped PC Israeli academics have demonstrated how feature-phones can use GSM radio frequencies to wirelessly siphon data from infected "air-gapped" computers. Air-gapped computers are those kept physically isolated from other networks as a safeguard against hacking. The work by researchers at the Ben-Gurion University of the Negev (BGU …
In the 1980s I worked on a computer that had a whistling power supply. The ferrites would squeak at different amplitude/frequency depending on the load. You could run a for(...) loop and count the iterations by listening to the warbling of the power supply.
... and light proof too... since you can get info out via the screen.
... and heat proof too... since you can get info in/out via temperature sensors and CPU load causing increased temperature.
... and operate from a battery... since you could also get data in/out by modulating power draw or monitoring voltage on the power cables.
... and no doubt tens of other mechanisms.
Electromagnetic emissions have been known to be a problem since not long after they were discovered.
Yup, it's called TEMPEST and I was dealing at the time with researchers that managed to read a calculator across the courtyard of the embassy where it was demonstrated (that was to challenge sensitivity, the then CRT monitors were no challenge at all, and only needed a very basic Yagi to pick up). Scary stuff.
So, the news is really that an air gapped computer with seriously sensitive material should only be operated in Tempest-proofed surroundings, which is not really news. At least not after Tempest, and that is quite a few years old as a concept.
It seems like places that have gone to the length of implementing an air gap for security would already be restricting having cell phones inside the gap. Since there was already the chance of people taking photos of sensitive items or documents, using the device as storage or sending data through the phone. This seems like just one more reason why phones inside the gap are a known weakness.
"GSMem takes the air out of the gap and will force the world to rethink air-gap security,"
Bollocks.
"Air gapping" has always been about vector mitigation: Stopping the nasties getting in to stop the good stuff haemorrhaging out. In order to reasonably protect a computer which has not been infected with their malware from remote surveillance, the machine must be enclosed in an opaque soundproof Faraday cage which ideally would be quarantined in the turbine hall of a power station on an unmanned but extremely well defended military base on a remote and inhospitable planet. Compromising emanations have been an old and widely known problem since at least the the electro-mechanical era. No "GSMem" necessary. If your site isn't secure, your equipment isn't secure: "Airgapped" or not. Inevitably. "GSMem" and other malware are superfluous to this.
Perhaps the researchers should Google "compromising emanations" for a better understanding of the situation and "TEMPEST" for an overview of the Yanks' mitigation strategy.
Given the level of paranoia in the security world these days, it may soon become necessary to completely hide airgapped computers within a form of microcosm where nothing ever enters or leaves the confines except meatbags. The airgapped area has opaque, anechoic, thermally-insulated walls, no windows, and is also a Faraday cage. All electrics come from a self-contained power source specific to that room (so no power fluctuations can be read outside). All metal must be left behind before entering, and people with pacemakers, metal skullplates, or other metallic implants probably can't be qualified due to ambiguous trust. That should knock out anything electric, which tends to require metal wires to work properly. Probably also need to make sure none of the employees have an eidetic memory.
Go all out "Paycheck" and do not let the employees leave until they have verified (using evoked potential EEG/etc) that all classified information has been forgotten.
A neuralizer-like device apparently does exist as it has been tested on Lazar, apparently he did work at S-4 but the information he claims to remember has been implanted intentionally as part of his debriefing process to overwrite what was there already.
Once the attacker has access to the machine all bets are off. This is just common security practice, only those with the necessary security clearance have access and then are watched from the outside.
I think the researchers are looking for a problem to fit their solution and are also looking for additional funding to produce the device that will find these rogue transmissions which they can then sell for vast amounts of money.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
