Hacking Computers with Cell Phones
Hacking Computers with Cell Phones
June 13, 2014
Prof. Elovici and his team demonstrated this hacking technique for Israeli President Shimon Peres during his recent visit to BGU.
The Times of Israel — Cyber security researchers at BGU discovered that disconnecting from the Internet won’t keep you safe from long distance hackers.
Using a technique called air-gap network hacking, all a hacker has to do is implant the right kind of malware into a cellphone that gets within range of a computer. Hackers on the other side of the world could use cellphone-based malware to remotely access any data they want, using the electromagnetic waves emanating from computer or server hardware, with no need for an Internet connection.
“The hack isn’t new,” says Prof. Yuval Elovici, head of BGU’s cyber security labs and a member of BGU’s Department of Information Systems Engineering. “What’s new is the use of a cellphone to do it.”
Even if you don’t think your computer is connected to anything, it sends electromagnetic or acoustic emanations from its hardware.
The NSA’s (National Security Agency) TEMPEST program uses special devices to pick up data from computers and servers via leaking emanations, including unintentional radio or electrical signals, sounds, and vibrations from hardware such as video monitors, keyboards, network cards and memory chips.
Each stroke on a keyboard, for example, transmits an electrical signal that runs through a computer’s processor and shows up on the monitor, emitting electromagnetic waves. Since each letter is unique, each key gives off a different frequency wave. If a hacker can capture those waves and reconstruct them, he could figure out what usernames and passwords were used to log onto the network.
How could a mobile phone be used to hack into an air-gapped network? Similar to an e-mail phishing attack, a hacker could send an unsuspecting employee in a sensitive installation a text message that looks legitimate, but contains a link to malware that surreptitiously gets installed on their cellphone.
Once the malware is on the phone, it scans for electromagnetic waves which can be manipulated to build a network connection using FM frequencies to install a virus onto a computer or server.
Prof. Elovici’s team has demonstrated how this is done with computer video cards and monitors. With the virus installed on the system, the phone connects to it via the FM frequency, sucks information out of the server and uses the phone’s cellphone network connection to transmit the data back to hackers.
All that’s needed is physical proximity to the system. The team said that one to six meters is enough.
Read more on The Times of Israel website >>
Stories Like This
