Academics turn RAM into Wi-Fi cards to steal data from air-gapped systems:
Academics from an Israeli university have published new research today detailing a technique to convert a RAM card into an impromptu wireless emitter and transmit sensitive data from inside a non-networked air-gapped computer that has no Wi-Fi card.
Named AIR-FI, the technique is the work of Mordechai Guri, the head of R&D at the Ben-Gurion University of the Negev, in Israel.
Over the last half-decade, Guri has led tens of research projects that investigated stealing data through unconventional methods from air-gapped systems.
[...] In his research paper, titled "AIR-FI: Generating Covert WiFi Signals from Air-Gapped Computers," Guri shows that perfectly timed read-write operations to a computer's RAM card can make the card's memory bus emit electromagnetic waves consistent with a weak Wi-Fi signal.
This signal can then be picked up by anything with a Wi-Fi antenna in the proximity of an air-gapped system, such as smartphones, laptops, IoT devices, smartwatches, and more.
Journal Reference:
Guri, Mordechai. AIR-FI: Generating Covert Wi-Fi Signals from Air-Gapped Computers, (DOI: https://arxiv.org/abs/2012.06884)
(Score: 1, Touché) by Anonymous Coward on Wednesday December 16 2020, @01:51PM (1 child)
There will be cellular modems placed into the air gapped systems for convenience.
(Score: 2) by DannyB on Wednesday December 16 2020, @02:35PM
This could infringe Intel's patent on integrating cellular modems into the Management Engine.
The anti vax hysteria didn't stop, it just died down.
(Score: 2) by looorg on Wednesday December 16 2020, @02:23PM (8 children)
So this is the same Israeli university that keeps pumping out one, or two, of these things a year. They subvert some part of the system to do something which is a horribly slow transfer rate (less then 100 bytes per second) to transfer data out in some unconventional way -- blinking LED:s, spinning fans, turning some components on and off to measure electricity etc.
I guess it's time to wonder what they'll do next time, spin the floppy motor really fast to generate noise that can be picked up by a microphone ... Right nobody has floppies anymore unless the system is antique or just really old.
If you air-gap a system none of those other things are supposed to be within proximity of it. It would be the height of stupidity to air-gap a, or some, machines and then put a wi-fi router next to it. But I guess once should never underestimate human stupidity or laziness.
(Score: 1, Interesting) by Anonymous Coward on Wednesday December 16 2020, @02:44PM (1 child)
"air gap" means "no network cable".
I guess over time it grew into "no network connection".
their point is that employees who have physical access to an air-gapped system can extract data from it other than with pen and paper or photographic memory.
at 100 bytes per second, you could still extract a fair bit of information (encryption keys or smth).
(Score: 3, Informative) by Anonymous Coward on Wednesday December 16 2020, @05:25PM
My recollection is the opposite where air gap means no network access. That phrase came out of discussions of network security where an air gapped system was presented as a very strong security system for data exfiltration because one would have to sneaker net data across. If air gapping allows wireless access, that whole point is moot.
(Score: 5, Insightful) by DannyB on Wednesday December 16 2020, @02:51PM
I would not be one to complain about the transfer rate. The keys to the kingdom might be well under a megabyte. I would just keep my mouth shut and be happy with 100 bytes per second, just like Comcast users already do every day. It's better than the 300 baud modems of the 1970s. After waiting patiently, I would be rewarded with some supremely important private key. Maybe the ability to issue my own Windows Updates. Or generate new decryption credentials for decrypting Blu Ray disks. Or issue "genuine" Microsoft.com (or other domain) certificates that might be enough to subvert something. Or domain controller credentials. Or
heaventhe other place only knows what kind of mischief.Cause the green LED on the ethernet port to blink in a pattern that forms a visual signal.
Make the speakers emit ultrasonic sounds detectable by a smartphone's microphone.
Gradually dim and brighten the monitor's overall brightness in a way that slowly conveys a signal. Any quick sharp changes in brightness can be ignored as operation of the user interface. It is the gradual change in brightness slope which represents the signal. Maybe 1/100 byte per second. But good things come to
hewhatever gender who is patient.Big organizations tend toward incompetence.
The anti vax hysteria didn't stop, it just died down.
(Score: 0) by Anonymous Coward on Wednesday December 16 2020, @03:27PM (1 child)
If it works in an Iranian nuclear facility...
(Score: 1, Funny) by Anonymous Coward on Wednesday December 16 2020, @04:42PM
I thought they developed a method to transmit data via the spin rate of centrifuges?
(Score: 2) by sjames on Wednesday December 16 2020, @03:29PM
A device that can pick up and relay WiFi can be very small and low power. Such a device may not be authorized. It may also not be noticed, particularly if there is no awareness that the air gapped system could be made to transmit WiFi.
(Score: 0) by Anonymous Coward on Wednesday December 16 2020, @04:59PM
Do they ever get published in a peer-reviewed journal? If so, which one?
(Score: 0) by Anonymous Coward on Wednesday December 16 2020, @07:55PM
Right on. All of these techniques are worthless since they presume some initial physical access to the system in order to install the malware that makes the data transmission path possible. If you have physical access to the system, you have access to the file system, I/O ports, etc.
Also, the mere fact that you can manipulate memory accesses in a way that generates power in the Wifi band hardly means that any off-the-shelf wifi receiver is going to understand it. Is 100 b/s typically supported? Will the necessary protocols be in place? Come on.
(Score: -1, Troll) by Anonymous Coward on Wednesday December 16 2020, @02:51PM (1 child)
Subject says it all
(Score: -1, Offtopic) by Anonymous Coward on Wednesday December 16 2020, @03:33PM
Jews in Israel are obsessed with spying.
This is how they operate: spying, assassination, pre-emptive bombing missions on strategic targets. This is because they have been at war with their neighbors in either hot or cold form since Israel's inception. Not judging.
(Score: 5, Informative) by crunchy_one on Wednesday December 16 2020, @04:04PM (4 children)
Back in the day, we kept a radio on top of our college's IBM 1130 "mini" computer. It was easy to identify how far along a FORTRAN compilation was from completion by the radio noise the machine emitted. There were also some sharp fellows who wrote programs to play music of a sort through the radio. My point is that computers are a wonderful source of noise up and down the electromagnetic spectrum, and that this noise can modulated to carry information. Any air-gapped machine can be made vulnerable this type of attack. A malicious operator with physical access to an air-gapped machine can exfiltrate data through any number of means. Fan speed controls, DRAM controllers, bus attached devices, monitors, keyboard, you name it.
(Score: 2) by SomeGuy on Wednesday December 16 2020, @05:53PM (1 child)
Similar was true of early home oriented microcomputers. It was usually a massive fight just to keep the RF emissions FROM interfering with TVs connected to the machines by RF-modulators. Run a particular program and certain kinds of wavy lines would appear on the screen or certain kinds of buzzing from the speaker. Sometimes that would even vary with key presses, giving some indication what was typed. Also fun when a nearby TV not directly connected would pick up the RF modulated video so you could even sort of see the screen itself.
Modern computers (if one can even still call them that any more) are so cheap and homogeneous, it is not too surprising someone was able to come up with a reliable way to do something like this.
(Score: 1) by zugedneb on Wednesday December 16 2020, @06:43PM
Well, as long as 2 sources draw from the same power source or are in other ways connected by a physical phenomenon, there will be crosstalk.
The impressive thing is encoding of information to be covertly transmitted, the sensor design and postprocessing.
Here is some fun stuff: oscilloscope music - you can encode text and graphics in music...
https://www.youtube.com/watch?v=qnL40CbuodU [youtube.com]
https://www.youtube.com/watch?v=J2YQD8Go_Hc [youtube.com]
old saying: "a troll is a window into the soul of humanity" + also: https://en.wikipedia.org/wiki/Operation_Ajax
(Score: 0) by Anonymous Coward on Wednesday December 16 2020, @07:51PM
"Back in the day, we kept a radio on top of our college's IBM 1130 "mini" computer. "
"Back in the day" RFI shielding of computers was shit. The FCC changed that in the 80's
(Score: 2) by jb on Thursday December 17 2020, @04:04AM
It goes back even further than that -- pretty sure I once heard about a similar technique being used to determine program progress on the LEO I.
(Score: 0, Funny) by Anonymous Coward on Wednesday December 16 2020, @05:05PM
Why that's almost a 20th of a Century and 1/16000th a library of congress per football field.
(Score: 3, Interesting) by Barenflimski on Wednesday December 16 2020, @06:54PM (1 child)
When its otherwise quiet I can hear the power supply for my laptop making noises when I press keys on the keyboard.
The power unit emits a faint hum when its on. When you press any key, the noise changes. As I type away, it sounds sorta like Morse-code.
(Score: 3, Informative) by RamiK on Wednesday December 16 2020, @07:32PM
https://en.wikipedia.org/wiki/Acoustic_cryptanalysis [wikipedia.org]
You don't even need the power supply: https://github.com/shoyo/acoustic-keylogger [github.com]
compiling...
(Score: 1, Insightful) by Anonymous Coward on Wednesday December 16 2020, @06:58PM (3 children)
So one who desires even better air-gap security ought to consider Faraday caging perhaps...
(Score: 0) by Anonymous Coward on Wednesday December 16 2020, @07:02PM
And sound proofing, even against inaudible frequencies. And block out all light transmission--again, even non-visible frequencies. And don't forget power system buffering and filtering.
Now if neutrino generation and modulation, and easy detection were available... Hehehe!
(Score: 0) by Anonymous Coward on Thursday December 17 2020, @12:03AM
We already put them in a Faraday cage, have noise generators, sound dampening, dark painted walls, no direct line of sight to the door, power supply filters, access controls of different types, and more. Many of these neat tricks to get data out wouldn't work in real life because they already try to block other similar enough techniques that happen to mitigate these too.
(Score: 0) by Anonymous Coward on Thursday December 17 2020, @02:35PM
Faraday cages protect the insides from outside interference.
You can't stop stuff going out though --- you can in principle shield the outside from electrostatic fields, but electromagnetic waves will leak.
(Score: 2) by PinkyGigglebrain on Wednesday December 16 2020, @07:37PM (1 child)
So, you have to have physical access to the system to load/run the software. Plus the ability to load said software
And you need to have a really sensitive receiver nearby, probably in the same room. Thus, probably physical access to the system.
Yeah, not going to loose sleep over this one either.
"Beware those who would deny you Knowledge, For in their hearts they dream themselves your Master."
(Score: 0) by Anonymous Coward on Wednesday December 16 2020, @09:23PM
That describes everything in this vein emanating from "Ben Gurion University of the Negev".