|FROM ||Ruben Safir
|SUBJECT ||Subject: [Hangout - NYLXS] Israeli Uni RAM ->WIFI that steals data
Academics turn RAM into Wi-Fi cards to steal data from air-gapped systems
Image: Harrison Broadbent
Academics from an Israeli university have published new research today
detailing a technique to convert a RAM card into an impromptu wireless
emitter and transmit sensitive data from inside a non-networked
air-gapped computer that has no Wi-Fi card.
Named AIR-FI, the technique is the work of Mordechai Guri, the head of
R&D at the Ben-Gurion University of the Negev, in Israel.
Over the last half-decade, Guri has led tens of research projects that
investigated stealing data through unconventional methods from
Also: Best VPN services
These types of techniques are what security researchers call "covert
data exfiltration channels." They are not techniques to break into
computers, but techniques that can be used to steal data in ways
defenders aren't expecting.
Such data exfiltration channels are not a danger for normal users, but
they are a constant threat for the administrators of air-gapped networks.
Air-gapped systems are computers isolated on local networks with no
external internet access. Air-gapped systems are often used on
government, military, or corporate networks to store sensitive data,
such as classified files or intellectual property.
While AIR-FI would be considered a "stunt hack" in the threat model of
normal users, it is, however, the type of attack that forces many
companies to reconsider the architecture of their air-gapped systems
that store high-value assets.
How AIR-FI works
At the core of the AIR-FI technique is the fact that any electronic
component generates electromagnetic waves as electric current passes
Since Wi-Fi signals are radio waves and radio is basically
electromagnetic waves, Guri argues that malicious code planted on an
air-gapped system by attackers could manipulate the electrical current
inside the RAM card in order to generate electromagnetic waves with the
frequency consistent with the normal Wi-Fi signal spectrum (2,400 GHz).
In his research paper, titled "AIR-FI: Generating Covert WiFi Signals
from Air-Gapped Computers," Guri shows that perfectly timed read-write
operations to a computer's RAM card can make the card's memory bus emit
electromagnetic waves consistent with a weak Wi-Fi signal.
This signal can then be picked up by anything with a Wi-Fi antenna in
the proximity of an air-gapped system, such as smartphones, laptops, IoT
devices, smartwatches, and more.
Guri says he tested the technique with different air-gapped computer
rigs where the Wi-Fi card was removed and was able to leak data at
speeds of up to 100 b/s to devices up to several meters away.
Guri, who has investigated tens of other covert data exfiltration
channels in the past, said the AIR-FI attack is one of the easiest to
pull off as the attacker doesn't need to obtain root/admin privileges
before running an exploit.
"[AIR-FI] can be initiated from an ordinary user-space process," Guri said.
This allows the attack to work across any OS and even from inside
virtual machines (VMs).
Furthermore, while most modern RAM cards will be able to emit signals in
the 2,400 GHz range, Guri says that older RAM cards can be overclocked
to reach the desired output.
In his research paper, shared with ZDNet, Guri suggested various
countermeasures that companies can take to protect air-gapped systems,
such as the deployment of signal jamming to prevent the transmission of
any Wi-Fi signals in an air-gapped network's physical area.
AIR-FI now joins a long list of covert data exfiltration channels
discovered by Guri and his team:
LED-it-Go - exfiltrate data from air-gapped systems via an HDD's
USBee - force a USB connector's data bus give out electromagnetic
emissions that can be used to exfiltrate data
AirHopper - use the local GPU card to emit electromagnetic signals
to a nearby mobile phone, also used to steal data
Fansmitter - steal data from air-gapped PCs using sounds emanated by
a computer's GPU fan
DiskFiltration - use controlled read/write HDD operations to steal
data via sound waves
BitWhisper - exfiltrate data from non-networked computers using heat
Unnamed attack - uses flatbed scanners to relay commands to malware
infested PCs or to exfiltrate data from compromised systems
GSMem - steal data from air-gapped systems using GSM cellular
xLED - use router or switch LEDs to exfiltrate data
aIR-Jumper - use a security camera's infrared capabilities to steal
data from air-gapped networks
HVACKer - use HVAC systems to control malware on air-gapped systems
MAGNETO & ODINI - steal data from Faraday cage-protected systems
MOSQUITO - steal data from PCs using attached speakers and headphones
PowerHammer - steal data from air-gapped systems using power lines
CTRL-ALT-LED - steal data from air-gapped systems using keyboard LEDs
BRIGHTNESS - steal data from air-gapped systems using screen
AiR-ViBeR - steal data using a computer's fan vibrations
POWER-SUPPLaY - steal data by turning the power supply into a speaker
Categorized based on the exfiltration channels, these look like:
So many immigrant groups have swept through our town
that Brooklyn, like Atlantis, reaches mythological
proportions in the mind of the world - RI Safir 1998
DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://www.nylxs.com - Leadership Development in Free Software
Being so tracked is for FARM ANIMALS and extermination camps,
but incompatible with living as a free human being. -RI Safir 2013
Hangout mailing list