
Researchers Hack Air-Gapped Computer with Simple Cell Phone - sergeant3
http://www.wired.com/2015/07/researchers-hack-air-gapped-computer-simple-cell-phone/
======
Gys
'The attack requires both the targeted computer and the mobile phone to have
malware installed on them, but once this is done the attack exploits the
natural capabilities of each device to exfiltrate data.'

So it needs a previous security breach. Challenging, because as the article
mentions, in secure environments the pc is not connected to internet nor are
USB sticks allowed.

~~~
chillingeffect
> The attack requires both the targeted computer and the mobile phone to have
> malware installed

> exploits components that are virtually guaranteed to be present on any
> desktop/server and cellular phone

------
vonmoltke
> It works with simple feature phones that often are allowed into sensitive
> environments where smartphone are not, because they have only voice and
> text-messaging capabilities and presumably can’t be turned into listening
> devices by spies.

I have no idea where they got this information from, because it is absolutely
false in DOD classified environments. _Anything_ that can be used as a
recording device or that can transmit information wirelessly is restricted or
prohibited, and personally-owned examples are strictly prohibited. In very
strict environments, even receive-only electronics may be restricted.

I am not personally aware of any policy that makes a distinction between
"smartphones" and "feature phones". The only thing I have ever seen referenced
is phones with cameras, and even that was only for visitors in the
unclassified areas.

------
diego
If someone installed malware on that computer already, all bets are off. It
might as well be a radio transmitter that's broadcasting every keystroke. The
title is sensationalistic, because the hard part was installing malware. The
"simple cellphone" part is meaningless.

------
kw71
Won't the modulating/transmitting malware increase the system cpu load (run
queue, or whatever)? This could be a detection vector for it.

I have noticed when running a program that does nothing but work the memory
bus, Memtest86+, the computer gets hot and draws a lot of power.

------
kefka
1\. That connector size appears to be a DVI connector. How does TMDS affect
data transmission via TEMPEST leakage?

2a. Would HDMI render this attack void, due to encryption on the data signal
layer?

2b. Since the HDMI master keys are known, would it be possible to modify data
with the now-known key and pass data using this method?

3\. What card is shown on the desktop? That looks like a rather suspicious
card (GSM card?).

~~~
ilurk
AFAICT the video interface is irrelevant. It exploits the data transfer
between the CPU and RAM.

> When data moves between the CPU and RAM of a computer, radio waves get
> emitted as a matter of course. Normally the amplitude of these waves
> wouldn’t be sufficient to transmit messages to a phone, but the researchers
> found that by generating a continuous stream of data over the multi-channel
> memory buses on a computer, they could increase the amplitude and use the
> generated waves to carry binary messages to a receiver.

------
WalterBright
My desktop is in a metal case. Shouldn't that block any RF leaking out of it?

~~~
deutronium
Edit: I've just realised I was reading the AirHopper paper, which isn't the
main paper being discussed, sorry

I've only skimmed the paper but as far as I understand it, the VGA cable is
emitting RF, which the mobile is receiving.

So metal casing wouldn't make much difference.

~~~
WalterBright
I read the article, it seemed to be saying the RF was coming from the system
bus.

~~~
deutronium
Edit: sorry I was looking at the airhopper paper, doh

Yeah in the paper it mentions about cable shielding, "The effective distance
is the maximal distance between the transmitter and the receiver, at which the
transmission quality is still acceptable. As can be seen in Figure 5, the
effective distance when using the receiver antenna is significantly larger
with unshielded cable (extended VGA)"

------
powera
If the attacker has installed malware on the target machine and has physical
access to it, literally nothing will save you.

~~~
zerker2000
I'm still holding out for Homomorphic Encryption.

