How to leak sensitive data from an isolated computer (air-gap) to a near by mobile phone

How to leak sensitive data from an isolated computer (air-gap) to a near by mobile phone

Tomorrow at MALCON 2014, security researcher Mordechai Guri with guidance of Prof. Yuval Elovici from the cyber security labs at Ben Gurion University in Israel will present a breakthrough method ("AirHopper) for leaking data from an isolated computer to a mobile phone without the presence of a network.

In highly secure facilities the assumption today is that data can not leak outside of an isolated internal network. It is called air-gap . The common policy in such secure organizations is to leave your in some locker when you enter the facility and then pick it up when you go out. We at the cyber security labs challenged this assumption and found a way to leak data from a computer inside the organization to a remote a mobile phone without using Wifi or Bluetooth.

"Such technique can be used potentially by people and organizations with malicious intentions and we want to start a discussion on how to mitigate this newly presented risk." said Dudu Mimran CTO of the cyber security labs.

The main idea behind the research is to use radio frequencies in order to transmit the secret data from the computer to the mobile phone. Mobile phones usually come equipped with FM radio receivers and it is already known that software can intentionally create radio emissions from a video display unit. Yes, from the computer screen. Still, this is the first time that a mobile phone is considered in an attack model as the intended receiver of maliciously crafted radio signals emitted from the screen of the isolated computer. AirHopper demonstrates how textual and binary data can be exfiltrated from physically a isolated computer to mobile phones at a distance of 1-7 meters, with effective bandwidth of 13-60 Bps (Bytes per second). Enough to steal a secret password.

The following video demonstrates AirHopper

The full paper will be published tomorrow following the conference presentation.


Explore further

BGU security team says vulnerability found in Samsung Knox

Provided by Ben Gurion University
Citation: How to leak sensitive data from an isolated computer (air-gap) to a near by mobile phone (2014, October 29) retrieved 21 July 2019 from https://phys.org/news/2014-10-leak-sensitive-isolated-air-gap-mobile.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.
0 shares

Feedback to editors

User comments

Oct 29, 2014
Big Brother will use this. I helped put together, test and prove, deploy and operate the Electronic Battlefield in the Vietnam War. I no longer trust Big Brother.

Oct 29, 2014
Good job gkam, want a cookie for helping the system?

Oct 29, 2014
Peanut butter, please.

You will like the fact I stood up in the middle of the war and screamed we were all Nazis for killing the Vietnamese in their own country.

It was unappreciated.

Oct 29, 2014
I helped put together, test and prove, deploy and operate the Electronic Battlefield in the Vietnam War. I no longer trust Big Brother.


I'm beginning to believe that you're a compulsive liar. According to your words, you're a retired soldier, nuclear engineer, grid engineer, power systems consultant... etc. and every other day the number of job titles seems to grow.

Oct 29, 2014
"I'm beginning to believe that you're a compulsive liar. According to your words, you're a retired soldier, nuclear engineer, grid engineer, power systems consultant... etc. and every other day the number of job titles seems to grow."
-----------------------------------------------------

See the post below yours? I also have a Crypto clearance, now out of date, from my participation in Igloo White, the electronic battlefield. Go to our web page (1stwave), and you can see my picture. I did other stuff, too, Dear, such as working for Test Pilot School at Edwards AFB, and helping to send people into space in rocket planes. Smithsonian Air and Space Magazine bought one of my stories for eventual publication. Want me to send it to you, with their permission?

I got to do interesting stuff.

It is all true, and let's discuss it, shall we? Sorry you had such a meaningless life.

Oct 29, 2014
I want Eikka to ask me specific questions about for whom Iwo4rked and what I did, so he/she can look it up.

Oct 29, 2014
Come on, Eikka. I want to tell you about what happened the first time we had a man fly Mach 6, hypersonic. About how one goober did what the entire Soviet General Staff could not. About how things really work.

You seem to be well-educated, much better than most. This is real stuff, crazy as it sounds.

Oct 29, 2014
Forget it, gkam... There is no fighting with with people in our country to get them to deal with reality.

If it didn't happen on TV or I didn't get an email, it didn't happen.

p.s. My father tested LSD on serviceman at Edgewood Arsenal. I got on some fringy facebook forum and people accused ME of being a disinfo agent when they were spreading the stupidest rumors I have even read. wherever, you know...

Oct 29, 2014
If it didn't happen on TV or I didn't get an email, it didn't happen.


Rather, it's easy to pretend to have done something you didn't and be someone you aren't when online.

Especially when the intent is to appeal to your own authority, which is what gkam constantly does when he claims to have worked just about everywhere from skunkworks to scientific study about vitrification of nuclear waste.

There might be A person who has done all the things, but in all likelyhood we have someone who's simply posing, having read parts of someone else's biography.

Oct 29, 2014
Well i think ensuring a seven meter airgap probably isn't going to cause too much trouble for anyone security conscious enough to be confiscating phones already.

And i say that in my full capacity as a former stuntman and porn star. No, scratch that - i mean stunt-porn star. And Lunar-rover racing driver.

Oh and sock-puppet talent scout (black belt, 11th dan).


Oct 29, 2014
Eikka look me up: 6515 EMS Edwards AFB, 553d Recon Wing, Korat Royal Thai AFB, Nahkon Ratchashima, Thailand.

Wow, I never even talked about working on industrial lasers and electron beams at Raychem. Or making Integrated Circuits for National Semiconductor, nor the other stuff, such as my three years in primary metals as plant engineer of an iron foundry. Or saving American Industry from the effects of nuclear weapons at Scientific Service, where we did the GE Mark I & II tests.

But you choose to accept it because of political prejudice, not facts.

Oct 29, 2014
This and similar 'tech' exploits is why you should have a Faraday cage around sensitive stuff. Some acoustic cladding would prevent ultrasonic chit-chat...

FWIW, our old house has a 'built in' Faraday cage due to weird, locally-thrown bricks that swallow RF. Cell-phones struggle to get any bars on their signal. I have two (2) subsidiary WAPs because the cable modem's WAP signal is restricted to 'line of sight'.

More pertinent, given UK's recent 'Spring forwards, Fall back' clocks change, our radio-synchronised clocks had to be moved to window-sills to snag a 'full' signal...

Oct 29, 2014
If you type your password in a totally white screen using 72 pt font with no other sources of video emissions then you might want to be concerned.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more