back to article How to quietly slurp sensitive data wirelessly from an air-gapped PC

Israeli academics have demonstrated how feature-phones can use GSM radio frequencies to wirelessly siphon data from infected "air-gapped" computers. Air-gapped computers are those kept physically isolated from other networks as a safeguard against hacking. The work by researchers at the Ben-Gurion University of the Negev (BGU …

  1. Velv Silver badge
    Boffin

    If something is so secure it needs to be air gapped then generally it should probably be in a Faraday cage too.

    Electromagnetic emissions have been known to be a problem since not long after they were discovered.

    1. Charles Manning

      ... and sound proof too...

      In the 1980s I worked on a computer that had a whistling power supply. The ferrites would squeak at different amplitude/frequency depending on the load. You could run a for(...) loop and count the iterations by listening to the warbling of the power supply.

      ... and light proof too... since you can get info out via the screen.

      ... and heat proof too... since you can get info in/out via temperature sensors and CPU load causing increased temperature.

      ... and operate from a battery... since you could also get data in/out by modulating power draw or monitoring voltage on the power cables.

      ... and no doubt tens of other mechanisms.

    2. Anonymous Coward
      Anonymous Coward

      Electromagnetic emissions have been known to be a problem since not long after they were discovered.

      Yup, it's called TEMPEST and I was dealing at the time with researchers that managed to read a calculator across the courtyard of the embassy where it was demonstrated (that was to challenge sensitivity, the then CRT monitors were no challenge at all, and only needed a very basic Yagi to pick up). Scary stuff.

      So, the news is really that an air gapped computer with seriously sensitive material should only be operated in Tempest-proofed surroundings, which is not really news. At least not after Tempest, and that is quite a few years old as a concept.

  2. Snowman

    It seems like places that have gone to the length of implementing an air gap for security would already be restricting having cell phones inside the gap. Since there was already the chance of people taking photos of sensitive items or documents, using the device as storage or sending data through the phone. This seems like just one more reason why phones inside the gap are a known weakness.

    1. Anonymous Coward
      Anonymous Coward

      Strawman science:

      1) Invent a fatuous premise.

      2) Debunk it.

      3) $$$$FUNDING$$$$

  3. Anonymous Coward
    Anonymous Coward

    "GSMem takes the air out of the gap and will force the world to rethink air-gap security,"

    Bollocks.

    "Air gapping" has always been about vector mitigation: Stopping the nasties getting in to stop the good stuff haemorrhaging out. In order to reasonably protect a computer which has not been infected with their malware from remote surveillance, the machine must be enclosed in an opaque soundproof Faraday cage which ideally would be quarantined in the turbine hall of a power station on an unmanned but extremely well defended military base on a remote and inhospitable planet. Compromising emanations have been an old and widely known problem since at least the the electro-mechanical era. No "GSMem" necessary. If your site isn't secure, your equipment isn't secure: "Airgapped" or not. Inevitably. "GSMem" and other malware are superfluous to this.

    Perhaps the researchers should Google "compromising emanations" for a better understanding of the situation and "TEMPEST" for an overview of the Yanks' mitigation strategy.

  4. Anonymous Coward
    Anonymous Coward

    Given the level of paranoia in the security world these days, it may soon become necessary to completely hide airgapped computers within a form of microcosm where nothing ever enters or leaves the confines except meatbags. The airgapped area has opaque, anechoic, thermally-insulated walls, no windows, and is also a Faraday cage. All electrics come from a self-contained power source specific to that room (so no power fluctuations can be read outside). All metal must be left behind before entering, and people with pacemakers, metal skullplates, or other metallic implants probably can't be qualified due to ambiguous trust. That should knock out anything electric, which tends to require metal wires to work properly. Probably also need to make sure none of the employees have an eidetic memory.

  5. Anonymous Coward
    Anonymous Coward

    Or

    Go all out "Paycheck" and do not let the employees leave until they have verified (using evoked potential EEG/etc) that all classified information has been forgotten.

    A neuralizer-like device apparently does exist as it has been tested on Lazar, apparently he did work at S-4 but the information he claims to remember has been implanted intentionally as part of his debriefing process to overwrite what was there already.

  6. Mark Allen

    So they installed a modem?

    So they get long enough at this machine to modify it to add a modem type ability. Which just shows that the airgap isn't a gap if the computer can be modified.

    1. Anonymous Coward
      Anonymous Coward

      Re: So they installed a modem?

      The "airgap" was never a gap anyway, even if the computer hasn't been modified, in the context of emanations... and the article is about emanations.

  7. Anonymous Coward
    Anonymous Coward

    Once the attacker has access to the machine all bets are off. This is just common security practice, only those with the necessary security clearance have access and then are watched from the outside.

    I think the researchers are looking for a problem to fit their solution and are also looking for additional funding to produce the device that will find these rogue transmissions which they can then sell for vast amounts of money.

  8. Charles Manning

    Foil an airgapped computer with an ethernet cable!

    What a bullshit article.

    Any computer that has been physically accessed and has had either nefarious hardware or software installed is no longer air-gapped.

    Got it?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019