Security Expert Discovered A New Way To Steal Sensitive Data Without Network

Security researcher Mordechai Guri from the cyber security labs at Ben Gurion University(Israel) have found a new way to steal sensitive data from one computer to a mobile phone without the presence of a network.

Researchers said " In highly secure facilities the assumption today is that data can not leak outside of an isolated internal network. It is called air-gap security. The common policy in such secure organizations is to leave your mobile phone in some locker when you enter the facility and then pick it up when you go out. We at the cyber security labs challenged this assumption and found a way to leak data from a computer inside the organization to a remote a mobile phone without using Wifi or Bluetooth."

Researchers have created a keylogging app called AirHopper that can transmit radio frequencies by exploiting the PC's display. A companion app on an FM-equipped smartphone can decode those transmissions and record the host machine's keystrokes in real-time.

This is the first time that a mobile phone is considered in an attack model as the intended receiver of maliciously crafted radio signals emitted from the screen of the isolated computer. AirHopper demonstrates how textual and binary data can be exfiltrated from physically a isolated computer to mobile phones at a distance of 1-7 meters, with effective bandwidth of 13-60 Bps (Bytes per second). Enough to steal a secret password.

Such technique can be used potentially by people and organizations with malicious intentions and we want to start a discussion on how to mitigate this newly presented risk.” said Dudu Mimran CTO of the cyber security labs.

Here is the video of AirHopper in action :

No comments

Powered by Blogger.