DeepSec Video: Bridging the Air-Gap – Data Exfiltration from Air-Gap Networks

René Pfeiffer/ January 25, 2016/ Conference, Security

Isolation is a prime ingredient of information security. The air-gap is the best way to isolate systems. Only wireless communication can transport data across these gaps. Apart from Wi-Fi the signals of mobile radio communication are very common. At DeepSec we have seen a lot of hacking when it comes to mobile phones and their networks. Mordechai Guri and Yisroel Mirsky (both of Ben-Gurion University of the Negev) held a talk about how to overcome the air-gap barrier by means of cellular frequencies.

Their presentation addresses the way of exfiltrating data across the air-gap: „Although the feasibility of invading such systems has been demonstrated in recent years, exfiltration of data from air-gapped networks is still a challenging task. In this talk we present GSMem, a malware that can exfiltrate data through an air-gap over cellular frequencies. Rogue software on an infected target computer modulates and transmits electromagnetic signals at cellular frequencies by invoking specific memory-related instructions and utilizing the multichannel memory architecture to amplify the transmission. Furthermore, we show that the transmitted signals can be received and demodulated by a rootkit placed in the baseband firmware of a nearby cellular phone. We present crucial design issues such as signal generation and reception, data modulation, and transmission detection. We implement a prototype of GSMem consisting of a transmitter and a receiver and evaluate its performance and limitations. Our current results demonstrate its efficacy and feasibility, achieving an effective transmission distance of 1-5.5 meters with a standard mobile phone. When using a dedicated, yet affordable hardware receiver, the effective distance reached over 30 meters.“

Wireless communication is all over the place and extremely common. It’s time to re-evaluate what air-gap really means.

Share this Post

About René Pfeiffer

System administrator, lecturer, hacker, security consultant, technical writer and DeepSec organisation team member. Has done some particle physics, too. Prefers encrypted messages for the sake of admiring the mathematical algorithms at work.