Simple Cell-Phone Together With Malware Enough for Stealing Info from Air-Gapped PC

Security researchers say that one malware strain along with an ordinary cell-phone can be enough for filching data from a PC that's air-gapped. Securityweek.com reported this, July 28, 2015.

Organizations frequently use air-gap security for safeguarding their highly precious belongings such as assets. In the air-gap methodology, computers, which contain confidential details, are isolated from the internal network of the organization and also taken offline.

While chances are few for quarantined PCs towards becoming contaminated with malware, the occurrence can't be ruled out. An example is of the infamous Stuxnet PC-worm that infiltrated air-gapped computers regulating certain Iranian nuclear plant's centrifuges through tainted USB sticks.

At the soon to be held USENIX Security Symposium at USA's Washington DC, a researchers' group belonging to Israel's Ben-Gurion University with team leader Mordechai Guri is getting ready to demonstrate how an even more advanced technique exists of data exfiltration from air-gapped computers.

This group has created a proof-of-concept named GSMem. The malware would transmit data from a contaminated PC onto one nearby cell-phone with the aid of GSM frequencies.

For successful working of the assault, it's necessary that both the cell-phone and infected PC first have malicious software loaded onto them. Thereafter, the attack would abuse both devices' natural capabilities for exfiltrating data. Now, PCs are natural emitters of electromagnetic radiation while mobile phones agile receivers. These two capabilities together make an invitation to the cyber-criminals wanting to steal information via a clandestine medium, remark the researchers. Wired.com published this, July 27, 2015.

In environments that does not allow even smart-phones to enter, the latest assault easily infiltrates such environments. It works using ordinary utility phones, which many-a-times are let to enter sensitive environments, unlike in the case of smart-phones. That's because, ordinary utility phones have just text-messaging along with voice audible capabilities, while those cannot be converted into eavesdroppers' snooping gadgets.

However, for lessening the effect of such attacks, the researchers tell the sole method as fully prohibiting any sort of mobile-phone to be used in the vicinity of air-gapped systems. Moreover, work places could become strong ambiences if organizations build partitions or insulated walls.

» SPAMfighter News - 8/6/2015