SoylentNews is people
SoylentNews
The most sensitive work environments, like nuclear power plants, demand the strictest security. Usually this is achieved by air-gapping computers from the Internet and preventing workers from inserting USB sticks into computers. When the work is classified or involves sensitive trade secrets, companies often also institute strict rules against bringing smartphones into the workspace, as these could easily be turned into unwitting listening devices.
But researchers in Israel have devised a new method for stealing data that bypasses all of these protections—using the GSM network, electromagnetic waves and a basic low-end mobile phone. The researchers are calling the finding a "breakthrough" in extracting data from air-gapped systems and say it serves as a warning to defense companies and others that they need to immediately "change their security guidelines and prohibit employees and visitors from bringing devices capable of intercepting RF signals," says Yuval Elovici, director of the Cyber Security Research Center at Ben-Gurion University of the Negev, where the research was done.
The attack requires both the targeted computer and the mobile phone to have malware installed on them, but once this is done the attack exploits the natural capabilities of each device to exfiltrate data. Computers, for example, naturally emit electromagnetic radiation during their normal operation, and cell phones by their nature are "agile receivers" of such signals. These two factors combined create an "invitation for attackers seeking to exfiltrate data over a covert channel," the researchers write in a paper about their findings.
(Score: 2) by acid andy on Tuesday July 28 2015, @08:49PM
This makes me wonder how feasible it would be for someone to hand craft an executable file without any development environment on the machine. I don't think it's possible to enter every binary value via Windows Notepad for example by using ASCII or Unicode equivalents. Maybe someone would have more luck creating the code in a paint program.
If a cat has kittens, does a rat have rittens, a bat bittens and a mat mittens?
(Score: 0) by Anonymous Coward on Tuesday July 28 2015, @09:58PM
I once saw an x86 .com written for dos that used only 80 columns of ANSI characters.
It generated pretty colors on screen but I can't find it anymore.
(Score: 2) by Ezber Bozmak on Tuesday July 28 2015, @10:22PM
how feasible it would be for someone to hand craft an executable file without any development environment on the machine. I don't think it's possible to enter every binary value via Windows Notepad for example by using ASCII or Unicode equivalents.
That is a solved problem from the early days of PCs.
Back then, when a 300bps modem was bleeding edge, lots of hobbyist magazines published ascii-encoded binaries you could type into your computer. The trick was that they used a loader, a trivial program that was written in machine code that was all ascii. The loader was just smart enough to parse the rest of the file and decode it into raw machine code and then jump to the right address in memory.