TY - GEN
T1 - Air hopper
T2 - 9th IEEE International Conference on Malicious and Unwanted Software, MALCON 2014
AU - Guri, Mordechai
AU - Kedma, Gabi
AU - Kachlon, Assaf
AU - Elovici, Yuval
N1 - Publisher Copyright:
© 2014 IEEE.
PY - 2014/12/29
Y1 - 2014/12/29
N2 - Information is the most critical asset of modern organizations, and accordingly coveted by adversaries. When highly sensitive data is involved, an organization may resort to air-gap isolation, in which there is no networking connection between the inner network and the external world. While infiltrating an air-gapped network has been proven feasible in recent years (e.g., Stuxnet), data exfiltration from an air-gapped network is still considered to be one of the most challenging phases of an advanced cyber-attack. In this paper we present 'AirHopper', a bifurcated malware that bridges the air-gap between an isolated network and nearby infected mobile phones using FM signals. While it is known that software can intentionally create radio emissions from a video display unit, this is the first time that mobile phones are considered in an attack model as the intended receivers of maliciously crafted radio signals. We examine the attack model and its limitations, and discuss implementation considerations such as stealth and modulation methods. Finally, we evaluate AirHopper and demonstrate how textual and binary data can be exfiltrated from physically isolated computer to mobile phones at a distance of 1-7 meters, with effective bandwidth of 13-60 Bps (Bytes per second).
AB - Information is the most critical asset of modern organizations, and accordingly coveted by adversaries. When highly sensitive data is involved, an organization may resort to air-gap isolation, in which there is no networking connection between the inner network and the external world. While infiltrating an air-gapped network has been proven feasible in recent years (e.g., Stuxnet), data exfiltration from an air-gapped network is still considered to be one of the most challenging phases of an advanced cyber-attack. In this paper we present 'AirHopper', a bifurcated malware that bridges the air-gap between an isolated network and nearby infected mobile phones using FM signals. While it is known that software can intentionally create radio emissions from a video display unit, this is the first time that mobile phones are considered in an attack model as the intended receivers of maliciously crafted radio signals. We examine the attack model and its limitations, and discuss implementation considerations such as stealth and modulation methods. Finally, we evaluate AirHopper and demonstrate how textual and binary data can be exfiltrated from physically isolated computer to mobile phones at a distance of 1-7 meters, with effective bandwidth of 13-60 Bps (Bytes per second).
UR - http://www.scopus.com/inward/record.url?scp=84922572939&partnerID=8YFLogxK
U2 - 10.1109/MALWARE.2014.6999418
DO - 10.1109/MALWARE.2014.6999418
M3 - Conference contribution
AN - SCOPUS:84922572939
T3 - Proceedings of the 9th IEEE International Conference on Malicious and Unwanted Software, MALCON 2014
SP - 58
EP - 67
BT - Proceedings of the 9th IEEE International Conference on Malicious and Unwanted Software, MALCON 2014
PB - Institute of Electrical and Electronics Engineers
Y2 - 28 October 2014 through 30 October 2014
ER -