When governments, utilities and corporations need to protect their most sensitive data, they create what’s called an air-gap network. It involves storing information on computers that are never connected to the Internet, an extreme method of isolation designed to prevent any chance of data leaking out. Reports Bloomberg
Air-gap networks were once considered the “magic bullet” for securing data, but researchers from Ben-Gurion University in Israel have found a way to compromise those machines. Once a computer is infected with a particular kind of virus, hackers can trick the PC into relaying information that can be wirelessly retrieved from a mobile phone located outside of the room.
The technology won’t be used to steal something as innocuous as your Gmail password. This is some Mission Impossible stuff that a cyber-espionage gang or state-sponsored hacker might use to access extremely valuable secrets.
“The scenario is that you go to a secure facility and leave your cell phone at the entrance,” said Dudu Mimran, chief technology officer at Ben-Gurion’s cybersecurity labs. “The virus will send the data to your phone.”
Hackers may be able to sneak into your laptop or smartphone just by analysing the low-power electronic signals your device emits even when it is not connected to the internet, researchers say.
Researchers at the Georgia Institute of Technology are now investigating where these information “leaks” originate so they can help hardware and software designers develop strategies to plug them.
By studying emissions from multiple computers, the researchers have developed a metric for measuring the strength of the leaks – known technically as “side-channel signal” – to help prioritize security efforts.
“People are focused on security for the Internet and on the wireless communication side, but we are concerned with what can be learned from your computer without it intentionally sending anything,” said Alenka Zajic, an assistant professor in Georgia Tech’s school of electrical and computer engineering. “Even if you have the Internet connection disabled, you are still emanating information that somebody could use to attack your computer or smartphone,” said Zajic.
Side-channel emissions can be measured several feet away from an operating computer using a variety of spying methods. For instance, electromagnetic emissions can be received using antennas hidden in a briefcase, for instance.