The ‘AirHopper’ Malware
The traditional means of malware package transmission has always been done using the Internet. After all, in just a matter of seconds, hundreds of thousands of computers and servers which are connected, interlinked, and networked together, can become affected worldwide, from a very covert attack origin.
To protect against Internet based malware threats and hacks, the concept of ‘Air Gapping’ has been utilized. This simply means that the most sensitive pieces of information and data reside in a computer which is 100 % isolated from other computers or networks.
The logic behind this is that the isolated computer (also known as the ‘Air Gapped’ computer) is safe from the wrath of a spreading malware, as well as the lateral movement of a hacker. But today, this logic has now been defied.
The Malware
Researchers at the Ben-Gurion University in Israel have now created a new piece of keystroke based malware called the ‘AirHopper’. This malware makes use of the FM radio receivers found in smartphones, and the radio signals sent from the video card of an ‘Air Gapped’ computer. The ‘AirHopper’ does not require the support of a Wi-Fi network connection, or a Bluetooth.
In order to launch this particular attack, both the smartphone and the ‘Air Gapped’ computer have to be comprised with the ‘AirHopper’ malware. From this point, the smartphone then literally becomes a control channel from which it can sniff out and detect the streaming FM radio signals coming from the video card of the ‘Air Gapped’ computer.
These particular signals are then forwarded onto the hacker, from where they can decode and decipher the keystroke pattern from either the ‘Air Gapped’ computer, or the smartphone.
The protégé for creating the ‘AirHopper’ was Stuxnet, which became another prime example of a security breach on an ‘Air Gapped’ computing infrastructure. But however, the ‘AirHopper’ malware is still in the Proof of Concept stage.
It was intentionally designed by the researchers to show that the techniques of ‘Air Gapping’ are just as vulnerable (if not more) to malware attacks and threats which are equally prevalent on the Internet.
Limitations of the ‘AirHopper’ Malware
At this point, the ‘AirHopper’ does have some serious limitations, which include the following:
1) The distance between the smartphone and the ‘AirGapped’ computer has to be no less than 23 feet in order for the FM radio signals to be captured (thus making a long range attack virtually impossible);
2) It can only operate in a bandwidth environment of 13-60 bps (bytes per second), thus making it a slow moving malware;
3) At the present time, the only data which at most can be hijacked is a simple, ordinary password.
But despite these limitations, the simplicity of the ‘AirHopper’ malware code could also prove to be its greatest strength. For example, it takes less than 40 distinct FM audio frequencies in order to capture and decipher short string keystroke patterns, which include both alphabetical and numerical messages (such as a password).
But, given time, it is expected that the malware could be designed to capture longer messages, and as a result, more sensitive information and data could be easily compromised, such as credit card numbers, bank account information, etc.
Of course there are things that we can do as organizations to limit the issues with BYOD. Please feel free to call me if you would like to discuss this matter and how it could effect your orgnization as well.
Albert E. Whale is the President and Chief Security Officer for IT Security, Inc, a security consulting company focused on the Security of the Applications, Cloud, Internet & Network based resources. IT Security, Inc. works with organizations to assess and resolve issues with their enterprises, focusing on getting security done right.
View my LinkedIn Profile or contact IT Security, Inc. directly at 412-515-3010 or http://www.IT-Security-inc.com.
