New malware turns your computer into a cellular antenna

Critical data can be collected from a computer using a feature phone

Israeli researchers have figured out how to steal data from an air-gapped computer without hardware modifications.

Israeli researchers have figured out how to steal data from an air-gapped computer without hardware modifications.

A group of Israeli researchers have improved on a way to steal data from air-gapped computers, thought to be safer from attack due to their isolation from the Internet.

They've figured out how to turn the computer into a cellular transmitter, leaking bits of data that can be picked up by a nearby low-end mobile phone.

While other research has shown it possible to steal data this way, some of those methods required some hardware modifications to the computer. This attack uses ordinary computer hardware to send out the cellular signals.

Their research, which will be featured next week at the 24th USENIX Security Symposium in Washington, D.C., is the first to show it's possible to steal data using just specialized malware on the computer and the mobile phone.

"If somebody wanted to get access to somebody's computer at home -- let's say the computer at home wasn't per se connected to the Internet -- you could possibly receive the signal from outside the person's house," said Yisroel Mirsky, a doctoral student at Ben-Gurion University and study co-author.

The air-gapped computer that is targeted does need to have a malware program developed by the researchers installed. That could be accomplished by creating a type of worm that infects a machine when a removable drive is connected. It's believed this method was used to deliver Stuxnet, the malware that sabotaged Iran's uranium centrifuges.

The malware, called GSMem, acts as a transmitter on an infected computer. It creates specific, memory-related instructions that are transmitted between a computer's CPU and memory, generating radio waves at GSM, UMTS and LTE frequencies that can be picked up by a nearby mobile device.

The GSMem component that runs on a computer is tiny. "Because our malware has such a small footprint in the memory, it would be very difficult and can easily evade detection," said Mordechai Guri, also a doctoral student at Ben-Gurion.

Their receiver was a nine-year-old Motorola C123 so-called "feature" phone, which looks downright ancient compared to mobile phones today. But there are a couple of reasons why they chose it.

Most embassies and many companies ban smartphones from being taken inside their premises, to prevent signals intelligence collection. But some companies, including Intel and defense contractor Lockheed Martin, still allow devices that are not smartphones into sensitive areas, Guri said.

The Motorola C123 was also picked because it uses a digital baseband chip that runs the open-source software OsmocomBB (Open Source Mobile Communications -- Baseband). Most of the firmware that runs on baseband chips is closed-source and difficult to modify, and the researchers needed to be able to tamper with it.

The GSMem malware component that runs on the Motorola phone samples the amplitude of the frequency coming off the targeted computer, Mirsky said.

Once both malware components are in place, the data harvesting can begin. The Motorola phone, which can be up to five meters away from the computer, can collect one or two bits per second. That's just a tiny amount, but enough to pilfer data such as passwords or encryption keys.

Using a smartphone with a more powerful antenna and processor could tick up the data transfer speeds and increase the distance from which the attack could be conducted.

Building an even more powerful kind of receiver, such as a software-defined radio, could increase the transfer speeds to as much as 1,000 bits per second and increase the range up to 30 meters. But that kind of device would negate the stealthy benefit of using an older feature phone, particularly when infiltrating an organization, Mirsky said.

Some of the defenses are easy: ban all phones, smartphones or not, from sensitive areas. Other options would be to jam cellular signals or use Faraday cages -- which are enclosures that use metal to dissipate electronic signals -- in certain areas, Mirsky said.

The research paper was also co-authored by Assaf Kachlon, Ofer Hasson, Gabi Kedma, and the project was overseen by Yuval Elovici, head of the cyber labs at Ben-Gurion.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Join the PC World newsletter!

Error: Please check your email address.

Tags USENIXsecuritydata breachExploits / vulnerabilitiesmalwareBen-Gurion University of the Negev

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Essentials

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?