Tomorrow
at MALCON 2014, security researcher Mordechai Guri with guidance of
Prof. Yuval Elovici from the cyber security labs at Ben Gurion
University in Israel will present a breakthrough method (“AirHopper) for
leaking data from an isolated computer to a mobile phone without the
presence of a network. In highly secure facilities the assumption today
is that data can not leak outside of an isolated internal network. It is
called air-gap security. The common policy in such secure organizations
is to leave your mobile phone in some locker when you enter the
facility and then pick it up when you go out. We at the cyber security
labs challenged this assumption and found a way to leak data from a
computer inside the organization to a remote a mobile phone without
using Wifi or Bluetooth. “Such technique can be used potentially by
people and organizations with malicious intentions and we want to start a
discussion on how to mitigate this newly presented risk.” said Dudu
Mimran CTO of the cyber security labs. - See more at:
http://cyber.bgu.ac.il/content/how-leak-sensitive-data-isolated-computer-air-gap-near-mobile-phone-airhopper#sthash.kYL7nazK.dpuf
Tomorrow at MALCON 2014, security researcher Mordechai Guri with guidance of Prof. Yuval Elovici from the cyber security labs at Ben Gurion University in Israel will present a breakthrough method (“AirHopper) for leaking data from an isolated computer to a mobile phone without the presence of a network. In highly secure facilities the assumption today is that data can not leak outside of an isolated internal network. It is called air-gap security. The common policy in such secure organizations is to leave your mobile phone in some locker when you enter the facility and then pick it up when you go out. We at the cyber security labs challenged this assumption and found a way to leak data from a computer inside the organization to a remote a mobile phone without using Wifi or Bluetooth. “Such technique can be used potentially by people and organizations with malicious intentions and we want to start a discussion on how to mitigate this newly presented risk.” said Dudu Mimran CTO of the cyber security labs.
The following video demonstrates AirHopper:
The main idea behind the research is to use radio frequencies in order to transmit the secret data from the computer to the mobile phone. Mobile phones usually come equipped with FM radio receivers and it is already known that software can intentionally create radio emissions from a video display unit. Yes, from the computer screen. Still, this is the first time that a mobile phone is considered in an attack model as the intended receiver of maliciously crafted radio signals emitted from the screen of the isolated computer. AirHopper demonstrates how textual and binary data can be exfiltrated from physically a isolated computer to mobile phones at a distance of 1-7 meters, with effective bandwidth of 13-60 Bps (Bytes per second). Enough to steal a secret password.
The full paper will be published here tomorrow following the conference presentation so stay tuned. Journalists and media can contact cyber-labs@bgu.ac.il for an early peek to the research results and more info. Follow the story on twitter @cyberlabsbgu #airhopper.
The team of cyber security labs @ Ben Gurion University of the Negev in Israe
- See more at: http://cyber.bgu.ac.il/content/how-leak-sensitive-data-isolated-computer-air-gap-near-mobile-phone-airhopper#sthash.kYL7nazK.dpuf
The following video demonstrates AirHopper:The main idea behind the research is to use radio frequencies in order to transmit the secret data from the computer to the mobile phone. Mobile phones usually come equipped with FM radio receivers and it is already known that software can intentionally create radio emissions from a video display unit. Yes, from the computer screen. Still, this is the first time that a mobile phone is considered in an attack model as the intended receiver of maliciously crafted radio signals emitted from the screen of the isolated computer. AirHopper demonstrates how textual and binary data can be exfiltrated from physically a isolated computer to mobile phones at a distance of 1-7 meters, with effective bandwidth of 13-60 Bps (Bytes per second). Enough to steal a secret password.
The full paper will be published here tomorrow following the conference presentation so stay tuned. Journalists and media can contact cyber-labs@bgu.ac.il for an early peek to the research results and more info. Follow the story on twitter @cyberlabsbgu #airhopper.
The team of cyber security labs @ Ben Gurion University of the Negev in Israe
- See more at: http://cyber.bgu.ac.il/content/how-leak-sensitive-data-isolated-computer-air-gap-near-mobile-phone-airhopper#sthash.kYL7nazK.dpuf
http://youtu.be/2OzTWiGl1rM
The main idea behind the research is to use radio frequencies in order to transmit the secret data from the computer to the mobile phone. Mobile phones usually come equipped with FM radio receivers and it is already known that software can intentionally create radio emissions from a video display unit. Yes, from the computer screen. Still, this is the first time that a mobile phone is considered in an attack model as the intended receiver of maliciously crafted radio signals emitted from the screen of the isolated computer. AirHopper demonstrates how textual and binary data can be exfiltrated from physically a isolated computer to mobile phones at a distance of 1-7 meters, with effective bandwidth of 13-60 Bps (Bytes per second). Enough to steal a secret password.
The full paper will be published here tomorrow following the conference presentation so stay tuned. Journalists and media can contact cyber-labs@bgu.ac.il for an early peek to the research results and more info. Follow the story on twitter @cyberlabsbgu #airhopper.
The team of cyber security labs @ Ben Gurion University of the Negev in Israel
Read More >>
