Bridging the Air Gap between Isolated Networks and Mobile Phones in a Practical Cyber-Attack

Research output: Contribution to journalArticlepeer-review

Abstract

Information is the most critical asset of modern organizations, and accordingly it is one of the resources most coveted by adversaries. When highly sensitive data is involved, an organization may resort to air gap isolation in which there is no networking connection between the inner network and the external world. While infiltrating an air-gapped network has been proven feasible in recent years, data exfiltration from an air-gapped network is still considered one of the most challenging phases of an advanced cyber-Attack. In this article, we present "AirHopper," a bifurcated malware that bridges the air gap between an isolated network and nearby infectedmobile phones using FMsignals.While it is known that software can intentionally create radio emissions from a video card, this is the first time that mobile phones serve as the intended receivers of themaliciously crafted electromagnetic signals.We examine the attack model and its limitations and discuss implementation considerations such as modulation methods, signal collision, and signal reconstruction. We test AirHopper in an existing workplace at a typical office building and demonstrate how valuable data such as keylogging and files can be exfiltrated from physically isolated computers to mobile phones at a distance of 1-7 meters, with an effective bandwidth of 13-60 bytes per second.

Original languageAmerican English
Article number2870641
JournalACM Transactions on Intelligent Systems and Technology
Volume8
Issue number4
DOIs
StatePublished - 1 May 2017

Keywords

  • Air-gap
  • Apt
  • Bridging the air-gap
  • Cyberattack
  • Data exfiltration
  • Emsec
  • Fm radio
  • Tempest

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Artificial Intelligence

Fingerprint

Dive into the research topics of 'Bridging the Air Gap between Isolated Networks and Mobile Phones in a Practical Cyber-Attack'. Together they form a unique fingerprint.

Cite this