Air-gapped computers are believed to be perfectly safe, but are they really?

Infected mobile phones could hack air-gapped computers

Computers isolated from public networks could be hacked through GSM frequencies via infected mobile phones, Israeli researchers have found. 

The so-called air-gapped computers, protected against conventional cyber-attacks by their physical isolation from the Internet and company networks, could, it has been revealed, be turned into a cellular transmitting antenna using software that modifies the central processing units. 

By doing so, cyber attackers could extract small bits of data including security keys and passwords. The key to such attacks is malicious software that infects both, the eavesdropping mobile phone and the air-gapped computer. The Israeli researchers created such software and called it GSMem.

"GSMem takes the air out of the gap and will force the world to rethink air-gap security," says Dudu Mimran, from the Cyber Security Research Centre of the Ben Gurion University in Israel.

"Our GSMem malicious software on Windows and Linux has a tiny computational footprint, which makes it very hard to detect. Furthermore, with a dedicated receiver, we were successful in exfiltrating data as far as 30 meters in distance from the computer."

Although many companies already restrict the use of mobile phones or their inbuilt features such as cameras and Wi-Fi, in the vicinity of air-gapped computers, the protected machines still could be accessed by attackers through the electromagnetic radiation they emit.

The researchers recommended mobile phones and similar devices to be strictly prohibited around air-gapped computers, especially those responsible for critical infrastructure. The operators could also construct insulating walls around the machines to limit the reception of any signal and run regular behavioural analysis to detect any anomalies.

However, cyber-security firm Tripwire said the situation may not be so dramatic as to conduct a successful attack, the hacker would first have to install the malware on both, the air-gapped computer and the mobile phone, which may be tricky.

“The important point here to me, however, is that we all need to recognize that air-gapped-ness is quickly becoming a thing of the past,” said Lane Thames, Software Development Engineer and Security Researcher at Tripwire.

“Ubiquitous computing and communication technologies and its associated devices, such as those driving the growth of the Internet of Things, will cause many headaches for enterprises who require high-levels of security, and this is especially true for organizations that manage critical infrastructures.”

The new research is the third instance when the Ben Gurion team uncovered threats related to supposedly secure air-gapped computers.

Last year, the researchers created a method called Air-Hopper, which utilizes FM waves for data exfiltration. Another research initiative, BitWhisper, demonstrated a covert bi-directional communication channel between two close-by air-gapped computers using heat to communicate.


Watch a video demonstration of the attack:

Recent articles

Info Message

Our sites use cookies to support some functionality, and to collect anonymous user data.

Learn more about IET cookies and how to control them