Cutting off the Internet won’t keep you safe from long-distance hackers, Ben Gurion University researchers discovered. Using a technique called air-gap network hacking, all a hacker has to do is implant the right kind of malware into a cellphone that gets within range of a computer. Hackers on the other side of the world could use cellphone-based malware to remotely access any data they want, using the electromagnetic waves emanating from computer or server hardware, with no need for an Internet connection.
The hack isn’t new, according to Prof. Yuval Elovici, head of BGU’s Cyber Security Lab. The technique was used to attack Iranian servers in the Stuxnet hack attack. What’s new is the use of a cellphone to do it.
The Iranian network targeted by Stuxnet was an air-gapped one, connected only to local computers, with no external connection to the Internet. The virus infected the servers controlling the Iranian nuclear program’s centrifuges, “choking” them until they ground to a halt. It was, many experts believe, physically transferred to the closed network via a USB flash drive. The attack described by Elovici is light-years ahead of Stuxnet, because no physical contact is required to compromise a system.
Even if you don’t think your computer is connected to anything, it sends electromagnetic or acoustic emanations from its hardware. The NSA’s (National Security Agency) TEMPEST program uses special devices to pick up data from computers and servers via leaking emanations, including unintentional radio or electrical signals, sounds, and vibrations from hardware such as video monitors, keyboards, network cards and memory chips.
Each stroke on a keyboard, for example, transmits an electrical signal that runs through a computer’s processor and shows up on the monitor, emitting electromagnetic waves. Since each letter is unique, each key gives off a different frequency wave. If a hacker can capture those waves and reconstruct them, he could figure out what usernames and passwords were used to log onto the network.
How could a mobile phone be used to hack into an air-gapped network? In a take-off of an email phishing attack, a hacker could send an unsuspecting employee in a sensitive installation a text message that looks legitimate, but contains a link to malware that surreptitiously gets installed on their cellphone.
Once the malware is on the phone, it scans for electromagnetic waves which can be manipulated to build a network connection using FM frequencies to install a virus onto a computer or server. Elovici’s team has demonstrated how this is done with computer video cards and monitors. With the virus installed on the system, the phone connects to it via the FM frequency, sucks information out of the server and uses the phone’s cellphone network connection to transmit the data back to hackers. All that’s needed is physical proximity to the system. The team said that one to six meters is enough.
Elovici and his team demonstrated this technique to President Shimon Peres during his visit to BGU’s Cyber Lab last month.
Right now, Elovici said, there’s little that can be done to prevent this kind of cyber-attack other than turning off the phone. As that is not a practical solution in this day and age, his team is searching for other solutions. It’s a major security risk, he said. Until a solution is found, that risk will only increase, as news of the hack spreads in the hacker community.