Abstract
Information is the most critical asset of modern organizations, and accordingly it is one of the resources most coveted by adversaries. When highly sensitive data is involved, an organization may resort to air gap isolation in which there is no networking connection between the inner network and the external world. While infiltrating an air-gapped network has been proven feasible in recent years, data exfiltration from an air-gapped network is still considered one of the most challenging phases of an advanced cyber-Attack. In this article, we present "AirHopper," a bifurcated malware that bridges the air gap between an isolated network and nearby infectedmobile phones using FMsignals.While it is known that software can intentionally create radio emissions from a video card, this is the first time that mobile phones serve as the intended receivers of themaliciously crafted electromagnetic signals.We examine the attack model and its limitations and discuss implementation considerations such as modulation methods, signal collision, and signal reconstruction. We test AirHopper in an existing workplace at a typical office building and demonstrate how valuable data such as keylogging and files can be exfiltrated from physically isolated computers to mobile phones at a distance of 1-7 meters, with an effective bandwidth of 13-60 bytes per second.
Original language | American English |
---|---|
Article number | 2870641 |
Journal | ACM Transactions on Intelligent Systems and Technology |
Volume | 8 |
Issue number | 4 |
DOIs | |
State | Published - 1 May 2017 |
Keywords
- Air-gap
- Apt
- Bridging the air-gap
- Cyberattack
- Data exfiltration
- Emsec
- Fm radio
- Tempest
All Science Journal Classification (ASJC) codes
- Theoretical Computer Science
- Artificial Intelligence