Researchers at Ben Gurion University presented a study on the hacking technique dubbed air-gap network hacking which allows an attacker to inoculate a specific type of malware into a cellphone and use the mobile device as an attack vector to hit computer in the vicinity. The news was spread by the Time of Israel website, the attack scenario proposed is disconcerting, a hackers from any place on the planet could use cellphone-based malware to remotely access any data stored in a targeted system, this is possible exploiting the electromagnetic waves emanating from computers even is it is isolated from the Internet.
This attack scenario to air-gap networks has been debated many times as explained the Prof. Yuval Elovici, head of BGU’s Cyber Security Lab, the element of innovation in the air-gap network hacking is the use of cellphone.
Also the computer systems within the Iranian plant of Nataz infected by Stuxnet were isolated from the internet, in that case source of intelligence referred the use of USB as an attack vector. Let’s try to image an attack to a critical infrastructure based on the air-gap network hacking technique, it’s clear that it could have devastating effects.
The attack described by Elovici is based on the use of electromagnetic or acoustic emanations from targeted hardware.
US intelligence has already explored this attack technique, the NSA program known as TEMPEST makes use of special devices to syphon data from computers and servers via leaking emanations, including unintentional radio or electrical signals and vibrations from targeted hardware (e.g. Monitors, memory chips, keyboards, network cards and connection cables).
In my article published on the Infosec Institute, titled How the NSA Monitors Target Computers with Radar Wave Devices, it is referred the presentation made by the popular cryptographer and activist Jacob Appelbaum at the 30th Chaos Communication Congress on the militarization of the internet. Appelbaum took to Der Speigel the pages of a catalog of backdoors, monitoring programs and many other spying tool-kits used by the NSA.
The document refers a set of components designed by the NSA to spy on computer screens, fax/printers, audio devices and keyboards, by not even having to install an agent on the target machine, the systems are based on continuous wave irradiation. The tools belong to the ANGRYNEIGHBOR family of bugs. The series of bugs implemented as RF retro reflectors communicate with the use of an external radar wave generator such as CTX4000 or PHOTOANGLO. Appelbaum at the Chaos Communication Congress confirmed the existence of the device (CTX4000 or PHOTOANGLO), described as a portable continuous wave generator. He added that it’s remote controllable and works in combination with tiny electronic implants to bounce waves of energy off monitors, keyboards and printers to analyze what has been respectively viewed, typed and printed.
The ANGRYNEIGHBOR family of bugs is considerably revolutionary, because it works even if the target device isn’t online, enlarging the possibility of an attack for NSA agents.
How could a mobile phone be used to hack into an air-gapped network? How does work the air-gap network hacking technique?
The attacker has to send a text message that looks legitimate and harmless to the mobile device of an unsuspecting employee in a sensitive installation, in reality the message hides a link to a malware specifically developed to implement the air-gap network technique. In this way the malware is installed on a targeted cellphone.
Once the malicious code is installed in the phone, it scans for electromagnetic waves which can be manipulated to build a network connection using FM frequencies to install a virus onto a computer or server.
“Elovici’s team has demonstrated how this is done with computer video cards and monitors. With the virus installed on the system, the phone connects to it via the FM frequency, sucks information out of the server and uses the phone’s cellphone network connection to transmit the data back to hackers. All that’s needed is physical proximity to the system. The team said that one to six meters is enough.” reports the Times of Israel.
Elovici and his team of researchers have presented the air-gap network technique to the President Shimon Peres during his visit to BGU’s Cyber Lab last month.
Elovici confirmed that is impossible to prevent this kind of cyber-attack is a cellphone is turned on in the vicinity of a target, his team is searching for a defensive solution to this type of attacks.
“It’s a major security risk, he said. Until a solution is found, that risk will only increase, as news of the hack spreads in the hacker community.” reported the post on the consideration made by Elovici.
(Security Affairs – air-gap network hacking technique, hacking)