Advertisement

Israeli researchers compromise isolated network with dumbphones

Without a doubt, storing highly sensitive data on an internet-disconnected, "air-gapped" computer network is one of the best security measures an organization can take -- but nothing is foolproof. Researchers at Ben-Gurion University in Isreal have figured out how to discreetly siphon data from a isolated computer with no wireless radios, no external connectivity and no connection whatsoever to any other computer. All it takes is a little malware and an old, non-smart mobile phone.

Researchers found that if they could deploy a tiny piece of malware to a target computer, the machine's memory could be used to transmit low-power radio emissions. The signal isn't strong enough to carry data natively, but researchers used it to send out a sort of morse-code of 0s and 1s that could be interpreted by a nearby cell phone with companion malware. The trick isn't easy to pull off, but it's discreet enough to subvert common security protocols for air-gapped networks -- which often ban smartphones, but allow mobile phones that only make and receive calls and text messages.

Obviously the system has limitations, and can only smuggle out tiny portions of data at a time -- but that's enough to nab a password or an important GPS location that could wreak more havoc later on. This kind of attack isn't likely to affect most networks, but can be a nightmare for secure networks in government or nuclear power facilities. Work for one of those places? Check out the paper at the source link below to familiarize yourself with the issue.

[Image Credit: Sergio Azenha / Alamy]