We thought the day and age for the good old Radio signals were done and dusted, didn’t we?
Long gone are the days, when we had to tune in to find the right frequency on your FM receiver to hear that favourite song or show.
Well, according to research done in Israel, the days of FM radio waves are coming back – with a sinister twist to them. To break it down: Mobile phones (or any other device which has an FM transmitter and receiver in it) can be used to create a bridge of communication to a previously air-gapped system.
Air Gapping (cutting off a computer or system from the rest of the world, simply by using physical distance and an intranet that is in no way connected to the internet) was though to be a safe way to keep files safely stored just on that coputers harddrive.
But research done by Israeli scientists has now revealed a method with which this gap could be breached. They called it BitWhisper and initial research done by them indicated they had found “a method of bridging the air-gap between adjacent compromised computers by using their heat emissions and built-in thermal sensors to create a covert communication channel.” (source)
They essentially developed malware that can create a bidirectional channel of communication between your device and a sealed off network. All you need is actual physical proximity and malware to have infected the target (via a USB drive etc)
The use of mobile phones seems the next logical step: they already fulfil the hardware requirements as they have built in FM transceivers, and they are frequently brought into close proximity of computers or networks. 23 feet is the cutting off distance for standard mobile phones, but if one were to build a stronger transmitter, the gap could be bigger.
Transmission works via frequencies – the good old frequencies that your favourite radio channels used to bring you your favourite music.
The Israeli scientists assigned a letter or number to each frequency, thusly sending an encoding simple textual messages. The transmission rate is quite slow, only 60 bytes per second, so large documents are not a viable target. The focus here lies in short bits of information – passwords come to mind.
This version of intrusion is not being covered by the conventional and mainstream security measures as of yet (physical distance, cut off network, no outside signals etc), and attempts at a strict policy to never bring in private devices die at the hands of the ever more popular BYOD schemes.
Companies and agencies are in dire need to develop a method to prevent this kind of attack. The only thing that seems to be a weapon against this is completely, physically wrapping up your hard drives and cables. But.. seriously, there has to be a more elegant solution to this.