New malware turns your computer into a cellular antenna

New malware turns your computer into a cellular antenna

Critical data can be collected from a computer using a feature phone

Israeli researchers have figured out how to steal data from an air-gapped computer without hardware modifications.

Israeli researchers have figured out how to steal data from an air-gapped computer without hardware modifications.

A group of Israeli researchers have improved on a way to steal data from air-gapped computers, thought to be safer from attack due to their isolation from the Internet.

They've figured out how to turn the computer into a cellular transmitter, leaking bits of data that can be picked up by a nearby low-end mobile phone.

While other research has shown it possible to steal data this way, some of those methods required some hardware modifications to the computer. This attack uses ordinary computer hardware to send out the cellular signals.

Their research, which will be featured next week at the 24th USENIX Security Symposium in Washington, D.C., is the first to show it's possible to steal data using just specialized malware on the computer and the mobile phone.

"If somebody wanted to get access to somebody's computer at home -- let's say the computer at home wasn't per se connected to the Internet -- you could possibly receive the signal from outside the person's house," said Yisroel Mirsky, a doctoral student at Ben-Gurion University and study co-author.

The air-gapped computer that is targeted does need to have a malware program developed by the researchers installed. That could be accomplished by creating a type of worm that infects a machine when a removable drive is connected. It's believed this method was used to deliver Stuxnet, the malware that sabotaged Iran's uranium centrifuges.

The malware, called GSMem, acts as a transmitter on an infected computer. It creates specific, memory-related instructions that are transmitted between a computer's CPU and memory, generating radio waves at GSM, UMTS and LTE frequencies that can be picked up by a nearby mobile device.

The GSMem component that runs on a computer is tiny. "Because our malware has such a small footprint in the memory, it would be very difficult and can easily evade detection," said Mordechai Guri, also a doctoral student at Ben-Gurion.

Their receiver was a nine-year-old Motorola C123 so-called "feature" phone, which looks downright ancient compared to mobile phones today. But there are a couple of reasons why they chose it.

Most embassies and many companies ban smartphones from being taken inside their premises, to prevent signals intelligence collection. But some companies, including Intel and defense contractor Lockheed Martin, still allow devices that are not smartphones into sensitive areas, Guri said.

The Motorola C123 was also picked because it uses a digital baseband chip that runs the open-source software OsmocomBB (Open Source Mobile Communications -- Baseband). Most of the firmware that runs on baseband chips is closed-source and difficult to modify, and the researchers needed to be able to tamper with it.

The GSMem malware component that runs on the Motorola phone samples the amplitude of the frequency coming off the targeted computer, Mirsky said.

Once both malware components are in place, the data harvesting can begin. The Motorola phone, which can be up to five meters away from the computer, can collect one or two bits per second. That's just a tiny amount, but enough to pilfer data such as passwords or encryption keys.

Using a smartphone with a more powerful antenna and processor could tick up the data transfer speeds and increase the distance from which the attack could be conducted.

Building an even more powerful kind of receiver, such as a software-defined radio, could increase the transfer speeds to as much as 1,000 bits per second and increase the range up to 30 meters. But that kind of device would negate the stealthy benefit of using an older feature phone, particularly when infiltrating an organization, Mirsky said.

Some of the defenses are easy: ban all phones, smartphones or not, from sensitive areas. Other options would be to jam cellular signals or use Faraday cages -- which are enclosures that use metal to dissipate electronic signals -- in certain areas, Mirsky said.

The research paper was also co-authored by Assaf Kachlon, Ofer Hasson, Gabi Kedma, and the project was overseen by Yuval Elovici, head of the cyber labs at Ben-Gurion.

Send news tips and comments to Follow me on Twitter: @jeremy_kirk

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags malwareUSENIXExploits / vulnerabilitiesBen-Gurion University of the Negev



How MSPs can capitalise on integrating AI into existing services

How MSPs can capitalise on integrating AI into existing services

​Given the pace of change, scale of digitalisation and evolution of generative AI, partners must get ahead of the trends to capture the best use of innovative AI solutions to develop new service opportunities. For MSPs, integrating AI capabilities into existing service portfolios can unlock enhancements in key areas including managed hosting, cloud computing and data centre management. This exclusive Reseller News roundtable in association with rhipe, a Crayon company and VMware, focused on how partners can integrate generative AI solutions into existing service offerings and unlocking new revenue streams.

How MSPs can capitalise on integrating AI into existing services
Access4 holds inaugural A/NZ Annual Conference

Access4 holds inaugural A/NZ Annual Conference

​Access4 held its inaugural Annual Conference in Port Douglass, Queensland, for Australia and New Zealand from 9-11 October, hosting partners from across the region with presentations on Access4 product updates, its 2023 Partner of the Year awards and more.

Access4 holds inaugural A/NZ Annual Conference
Show Comments