There’s a new security threat that could be making its way to an air-gapped system near you. Many companies use air-gapped computers, which are machines that have been purposely isolated from other internet-connected and networked computers, to protect sensitve data from the threats that might come rushing through once the doors to cyberspace are opened. The logic here is simple – you can’t attack what you can’t see. While attacking disconnected machines may be more difficult, it’s not impossible, as you’re about to learn.
Armed with a piece of malware known as AirHopper, hackers can attack those isolated machines over radio frequencies. The malware is planted on the targeted computer through a USB drive and steals data based on the malicious payload. For instance, it may install a keylogger that records passwords and other information as you type it into the system. By compromising the machine’s video display adapter, AirHopper is able to transmit the stolen data to a smartphone with an FM receiver function, which can direct it to an SMS inbox or remote internet server via malicious code.
The attacks are executed over WiFi and individual carrier networks at distances of up to 23 feet. This method is quite versatile in that it can be initiated from the hacker’s device, or from an unsuspecting user’s phone. Pretty scary thought when considering that the attacker could be outside your office picking up the transmission, or sitting across from you. According to the masterminds behind this concept, attackers can operate in stealth-like fashion by waiting until the target computer’s display is turned off or the screensaver fires up to disguise the transmission process.
While a team of researchers at Ben Gurion University coined the term “AirHopper”, the method it employs is strikingly similar to what the NSA has reportedly been using to fuel recent spy operations in China, Iran, and Russia. Origins aside, radio frequency hacking is a calculated practices that requires a set of measured steps to be taken. First, the malware must be manually installed on the target machine, which could prove difficult when the proper physical safeguards in place. Then there’s the speed issue. Ben Gurion researchers reported that the AirHopper is only capable of transmitting data at roughly 60 bytes per second, meaning it’s not exactly the most efficient way to siphon large volumes of data.
Obviously, hackers would have to go to great length to pull something like this off. But while infecting the target system may initially be challenging, the attack itself is straightforward enough for the modern day hacker to handle with relative ease. Researchers have said that mitigating this type of exploit can be difficult, so your best approach is one of protection by prevention. Implement tight access controls with comprehensive technologies and policies that dictate who can use company computers, what applications they are able to install, what devices they are allowed to connect, and so forth.
Hacking Phenomenon Growing in Power and Reach
Hackers have become very sophisticated and adept at devising attacks that work a little to well. WiFi spoofing is one of the easiest to fall prey to. After setting up a rogue hotspot, hackers can purport as Starbucks, McDonald’s, and other legit companies offering free WiFi and cozy up in your list of available networks. Once connected, you expose login credentials, text messages, and all your internet activities. For hackers, this method may be even more appealing than directly targeting a single wireless network when considering the potential to steal data from a large, diverse group of users.
The waterhole attack is another trending threat you want to get familiar with. In this attack, hackers target groups with the goal of victimizing as many users as possible. To accomplish this, they compromise websites, wireless hotspots, and other locations frequented by employees and large groups of people. In 2013, tech giants Apple and Facebook were among at least 40 companies targeted by malware in an elaborate waterhole attack. Hackers embedded malicious code into their respective mobile app development sites, both of which see tons of users on a daily basis.
Technological evolution is making life much easier for the evil hacker. We can’t stop them all, but we can protect ourselves, and it starts with brushing up on as many security threats as possible.
Photo Credit: Alexandre Dulaunoy via Flickr