A
team of researchers from Ben-Gurion University in Israel has discovered
a way to extract sensitive information from air-gapped computers – this
time using radio frequency transmissions from USB connectors without
any need of specialized hardware mounted on the USB.
Dubbed USBee, the attack is a significant improvement over the NSA-made USB exfiltrator called CottonMouth that was mentioned in a document leaked by former NSA employee Edward Snowden.
Unlike CottonMouth, USBee doesn't require an attacker to smuggle a modified USB device into the facility housing the air-gapped computer being targeted; rather the technique turns USB devices already inside the facility into an RF transmitter with no hardware modification required.
Figure 1. Illustration of USBee. An ordinary, unmodified USB device (flash drive) (A) is transmitting information to a nearby receiver (B) over an air-gap, via electromagnetic waves emitted from its data bus.
USBee does not involve any implant in USB firmware and drivers to execute the attack.
The researchers stress the attack method of USBee is solely based on software, though it has to met certain conditions to execute. They are:
USBee will then send a string of '0' bits to a USB port in such a way that makes the device generate detectable emissions between 240MHz and 480MHz frequencies, according to Mordechai Guri, one of the researchers.
Now, by writing sequences of '0' and '1', attackers can generate a carrier wave from the rapid voltage changes and then use binary frequency shift keying (B-FSK) to encode useful data.
Since the attack is meant to steal binary data, attackers wouldn’t be able to steal any large files, but could get their hands on keys, passwords, and other small bits of sensitive data stored on the targeted computer.
The researchers' attack method sounds really impressive, but it's still a theoretical attack that can be deployed in real-world scenarios and be effective.
It's not the first time the researchers at Ben-Gurion came up with the technique to target air-gapped computers. Their previous research of hacking air gap computers include:
The USBee malware offers ranges of around 9 feet when data is beamed over a USB thumb drive to 26 feet when the USB device uses a short cable that acts as a transmitting antenna.
Dubbed USBee, the attack is a significant improvement over the NSA-made USB exfiltrator called CottonMouth that was mentioned in a document leaked by former NSA employee Edward Snowden.
Unlike CottonMouth, USBee doesn't require an attacker to smuggle a modified USB device into the facility housing the air-gapped computer being targeted; rather the technique turns USB devices already inside the facility into an RF transmitter with no hardware modification required.
Figure 1. Illustration of USBee. An ordinary, unmodified USB device (flash drive) (A) is transmitting information to a nearby receiver (B) over an air-gap, via electromagnetic waves emitted from its data bus.
USBee does not involve any implant in USB firmware and drivers to execute the attack.
The researchers stress the attack method of USBee is solely based on software, though it has to met certain conditions to execute. They are:
- The protected computer must be infected with the malware, most probably, with the help of an insider.
- Any USB device must be plugged into that infected air-gapped computer.
- The attacker has to be near the compromised device, usually at maximum 3-5 meters.
USBee will then send a string of '0' bits to a USB port in such a way that makes the device generate detectable emissions between 240MHz and 480MHz frequencies, according to Mordechai Guri, one of the researchers.
Now, by writing sequences of '0' and '1', attackers can generate a carrier wave from the rapid voltage changes and then use binary frequency shift keying (B-FSK) to encode useful data.
Since the attack is meant to steal binary data, attackers wouldn’t be able to steal any large files, but could get their hands on keys, passwords, and other small bits of sensitive data stored on the targeted computer.
The researchers' attack method sounds really impressive, but it's still a theoretical attack that can be deployed in real-world scenarios and be effective.
It's not the first time the researchers at Ben-Gurion came up with the technique to target air-gapped computers. Their previous research of hacking air gap computers include:
- DiskFiltration attack that can steal data using sound signals emitted from the hard disk drive (HDD) of the targeted air-gapped computer;
- BitWhisper that relies on heat exchange between two computer systems to stealthily siphon passwords or security keys;
- AirHopper that turns a computer's video card into an FM transmitter to capture keystrokes;
- Fansmitter technique that uses noise emitted by a computer fan to transmit data; and
- GSMem attack that relies on cellular frequencies.
The USBee malware offers ranges of around 9 feet when data is beamed over a USB thumb drive to 26 feet when the USB device uses a short cable that acts as a transmitting antenna.
0 comments:
Post a Comment