Just a basic low-end mobile phone needed to hack Air-Gapped computer

Security researchers from Israel proved that hacking most secure Air-gapped computers that typically are used in sensitive work environments, is possible just via a low end basic phone.

Mostly nuclear power plants and other sensitive work environments that tend to have strict security, go with making use of the air-gapped computers and preventing their workers from inserting any USB stick into the computers. Workers are often asked to even not carry their smart phones with them, when the work involves sensitive trade-secrets or is classified – as unwitting listening computer devices’ work can easily be performed by smart phones available today.

But, do you want to hack an extremely secure computer device? Well, you might be shocked by yourself that you don’t need any technical skill or equipment to achieve that. To hack into an Air Gapped computing device, all you’d need is just a simple cell phone. And you know what? Even an old fashion, dumb mobile from the past decade should work for you as well.

The Israeli security researchers discovered a new attack with which data can be stolen from a computer device that’s isolated from the web and other devices being connected to the external networks, air-gapped computer with simple know term if you ask.

This latest hack being capable of stealing data from a very secure computer makes use of:

• GSM network
• A basic low end cell phone
• Electromagnetic wave

Moradechai Guri is the lead security researcher behind this research, Gabi Kedma, Yisroel Mirsky, Ofer Hasson, Assaf Kachlon and Yuval Elovici conducted it with him.

The same team of experts have already developed in the past an attack dubbed AirHopper that exploited a smartphone to wirelessly exfiltrate data from Air-Gapped networks. Moreover, few months ago, these team demonstrated a new attack dubbed BitWhisper based on the analysis of the heat emissions of computers in an air-gapped network.

Today, 9-year-old Motorola C123 mobile phone was used in the demonstration by researchers, as one can imagine, the phone lacked modern day smartphone features like a WiFi and mobile data connection functionality.

A particular malware was installed by the researchers on both, the target computer and mobile phone. Data got exfiltrated via computer’s naturally emit electromagnetic waves by researchers, once that specific kind of malware was installed completely.

As per the finding from this research, we can say that the hacker first need to hack the target computer to steal any data as the hack requires malware to be installed on both (the phone and air-gapped computer).

Unlike some other “recent work in this field, [this latest attack] exploits components that are virtually guaranteed to be present on any desktop/server computer and cellular phone,” researchers explain in their research paper.

Below is the video demonstration of the attack being published online:

Written by: Ali Qamar, Founder/Chief Editor at SecurityGladiators.com

Author Bio:
Ali Qamar is an Internet security research enthusiast who enjoys “deep” research to dig out modern discoveries in the security industry. He is the founder and chief editor at Security Gladiators, an ultimate source for cyber security. To be frank and honest, Ali started working online as a freelancer and still shares the knowledge for a living. He is passionate about sharing the knowledge with people, and always try to give only the best. Follow Ali on Twitter @AliQammar57

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Air-Gapped network, hacking)