Violate Wi-Fi systems without Wi-Fi

Mordechai Guri, an Israeli researcher in her field s cyberspace focused on covert channel attacks, invented yet another way to breach air gapping – the practice of keeping computers disconnected from any external network for security reasons.

In a recently released document [PDF], “AIR-FI: Generating Covert Wi-Fi Signals from Air-Gapped Computers,” Guri, head and development at Ben-Gurion University of the Negev, an Israeli Cybersecurity Research Center, describes a technique for converting DDR SDRAM buses into transmitters that can send sensitive data.

The technique is part of a complex chain of attacks required to breach highly secure systems that are isolated from .

The first step in this process involves installing malware on the isolated hardware, in the process of building it or sending it to the owner, or adding the malware via an infected peripheral such as a USB.

Without this step, the attack cannot take place. But such espionage efforts, especially in organizations operating critical systems, have been successful in the past: For example, the document mentions the famous Stuxnet worm, which a decade ago breached systems at a uranium enrichment plant in Iran. The malware, it claims, was introduced into the affected systems via a USB.

Once a system disconnected from the network gets the malware, it should start sending data without anyone noticing. It turns out that there are a few ways to carry out an attack known as (Telecommunications Materials Protected from Emanating Spurious Transmissions). This attack involves a covert signaling sent through electromagnetic, acoustic, thermal, optical or vibrational channels.

Guri's paper lists several methods, but AIR-FI is the latest technique he devised. It is a method of sending data via Wi-Fi signals when the destination device does not have Wi-Fi capability.

"The AIR-FI attack presented in this article does not require Wi-Fi-related hardware on air-gapped computers," says Guri. "Instead, we show that an attacker could exploit DDR SDRAM channels to generate electromagnetic emissions in 2,4 GHz Wi-Fi bands and encrypt binary data on them."

AIR-FI works by transferring data to the data bus, which generates electromagnetic emissions. "Since the clock speed of the memory modules is usually around 2,4 GHz, the memory functions generate electromagnetic emissions around the IEEE 802.11b / g / n Wi-Fi bands," the document states.

For memory drives where this is not the case, the malware will have to overclock or cache it memory to produce broadcasts at the frequency of Wi-Fi bands. This should be possible with software or through the BIOS/UEFI configuration. Intel, according to the document, allows modification of the timing parameters of the installed memory using the Extreme Memory Profile (XMP) specification.

Beyond that it is a matter of transmitting data in packets.

Guri's experimental tuning showed that these signals can be received several meters away from air gapped computers, although the transmission rate is quite low: 1-100 bit / sec. You can see it below.

The technique does not require special privileges and operates through a virtual machine. Requires a nearby Wi-Fi enabled camera. It could be done with any properly prepared mobile phone, computer or IoT device.

Guri suggests several possible defenses, such as disallowing network-capable devices near air gapped hardware, to implement Wi-Fi blocking by confusing any possible hidden Wi-Fi signal with a background process that performs random memory/CPU operations and shielding .

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).