Stories
Slash Boxes
Comments

SoylentNews is people

posted by LaminatorX on Thursday October 30 2014, @12:00PM   Printer-friendly
from the tempest-in-an-airgap dept.

Security researchers at Ben-Gurion University in Israel have found a way to lift data from closed networks using little more than a standard computer monitor and FM radio waves. It's a pretty clever trick: researchers have created a keylogging app called AirHopper that can transmit radio frequencies by exploiting the PC's display. A companion app on an FM-equipped smartphone can decode those transmissions and record the host machine's keystrokes in real-time.

It's not the first time FM radio waves have been used to smuggle data out of an air gap network, but this method can be done without PC connected speakers and without either device being connected to an outside network. Like previous methods, it has a fairly short range (about 7 meters) and can't transmit more than a few bytes a second, but that's more than enough to nab passwords or other sensitive text data. The group has already released a short video of the exploit in action, and intends to publish a more detailed paper on the subject at Malcon 2014 later this week.

http://cyber.bgu.ac.il/content/how-leak-sensitive-data-isolated-computer-air-gap-near-mobile-phone-airhopper

http://www.engadget.com/2014/10/29/fm-data-leaking/

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by kaszz on Thursday October 30 2014, @01:43PM

    by kaszz (4211) on Thursday October 30 2014, @01:43PM (#111508) Journal

    Perhaps it's time to invest in shielded walls?

    • (Score: 0) by Anonymous Coward on Thursday October 30 2014, @02:11PM

      by Anonymous Coward on Thursday October 30 2014, @02:11PM (#111514)

      "Perhaps it's time to invest in shielded walls?"

      That's only part of the solution. But knowing is 1/2 the battle ------- GI JOE!

    • (Score: 2) by bob_super on Thursday October 30 2014, @03:45PM

      by bob_super (1357) on Thursday October 30 2014, @03:45PM (#111555)

      I can't remember if it was the CIA or the NSA which had their whole building enclosed in a Faraday cage...

      • (Score: 2) by kaszz on Thursday October 30 2014, @04:46PM

        by kaszz (4211) on Thursday October 30 2014, @04:46PM (#111578) Journal

        Just shows what's needed..

      • (Score: 2) by urza9814 on Monday November 03 2014, @04:36PM

        by urza9814 (3954) on Monday November 03 2014, @04:36PM (#112653) Journal

        I can't remember if it was the CIA or the NSA which had their whole building enclosed in a Faraday cage...

        Sounds like that won't really help in this case. It says it has a seven meter range, which means your receiver will need to be inside the same building (and therefore inside the Faraday cage). So you infect the super secure PC, and you infect the FM-capable smartphone of the guy who works on it -- or the guy down the hall or downstairs. Then the worker goes outside and connects the same smartphone to an outside network and you use that to pass the data along.

        Problem number one -- how do you coordinate infecting the right systems?
        Problem two -- who the hell has a smartphone with an FM receiver these days?
        Problem three -- last time I saw an FM receiver on a phone, the headphones were used as the antenna. No headphones, no reception.

  • (Score: 2) by wonkey_monkey on Thursday October 30 2014, @03:18PM

    by wonkey_monkey (279) on Thursday October 30 2014, @03:18PM (#111539) Homepage

    I skimmed both articles but couldn't see how they get the display to generate the signal. Anyone know? Does it affect the visual display?

    --
    systemd is Roko's Basilisk
  • (Score: 0) by Anonymous Coward on Thursday October 30 2014, @03:37PM

    by Anonymous Coward on Thursday October 30 2014, @03:37PM (#111550)

    read the threads in:

    https://www.reddit.com/r/badbios [reddit.com]

    time yourself while reading.

    how long does it take before you feel like you're losing your sanity?

  • (Score: 1, Informative) by Anonymous Coward on Thursday October 30 2014, @04:07PM

    by Anonymous Coward on Thursday October 30 2014, @04:07PM (#111565)

    use your fav search engine and search for:

    tempest site:cryptome.org

  • (Score: 0) by Anonymous Coward on Thursday October 30 2014, @04:26PM

    by Anonymous Coward on Thursday October 30 2014, @04:26PM (#111570)

    I heard about this almost 10 years ago, displays emit rf that can be picked up and read about a block away.

    • (Score: 2) by Grishnakh on Thursday October 30 2014, @09:28PM

      by Grishnakh (2831) on Thursday October 30 2014, @09:28PM (#111681)

      I heard this 20 years ago or so. However, displays then were not like today's displays: back then, they were CRTs, now they're all LCDs. The technology is fundamentally different, so I really wonder how well TEMPEST works on them.

      • (Score: 0) by Anonymous Coward on Thursday October 30 2014, @10:31PM

        by Anonymous Coward on Thursday October 30 2014, @10:31PM (#111698)

        Marcus Kuhn [cam.ac.uk] has done some work on this, e.g. this paper [pdf] [cam.ac.uk]
        (TL;DR: yes it works on LCDs, though the actual radio emission comes from the DVI/LVDS signals, not the display proper.)

        He's also the guy who did the "Optical TEMPEST" research (which of course only affects CRTs) and other interesting stuff.

  • (Score: 1) by jmorris on Thursday October 30 2014, @06:41PM

    by jmorris (4844) on Thursday October 30 2014, @06:41PM (#111630)

    The whole point of an airgap is to keep things from crossing. This method would work to get information out but only after the cybercooties first get in to infect the system to cause it to begin logging keystrokes and emitting them to a nearby smartphone. Once infected there are simply too many ways to leak information to ever plug em all. Put the CPU clock in/out of power saving modes, idle the various busses in detectable patterns, or this one of dropping patterns into the display's stream. The way to stop them all though is not letting the attacker get executable code on your secure systems in the first place. Once you have given em root trying to stop the outbound paths is whack-a-mole(tm).