At present, air-gapped computers which have been isolated from the internet or other networks , become the most targeted computers however it is is the most secure computers on the planet. A recent studies shows that a team of researchers from Ben-Gurion University in Israel has discovered a way to extract sensitive information from air-gapped computers.
Actually Dubbed USBee, the attack is a most significant improvement over the NSA-made USB exfiltrator called CottonMouth that was mentioned in a document leaked by former NSA employee Edward Snowden. However, the USBee doesn’t require an attacker to smuggle a modified USB device into the facility housing the air-gapped computer being targeted. Furthermore, it doesnot include any implant in USB firmware and drivers to execute the attack.
Though it has to meet many conditions to execute however the researchers stress the attack method of USBee is solely based on Software. They are:
- Any USB device can be plugged into the infected air-gapped computer.
- The attacker has to be near the compromised device, usually at maximum 3-5 meters.
- The protected computer must be infected with the malware, with the help of an insider.
USBee turns the targeted computer’s USB ports into mini RF(Radio Frequency) transmitters by modulating the data fed at high-speed to plugged-in devices. Then after the USBee send a string of “0” bits to a USB port is such a way that would make the device generate detectable emissions between 240MHz and 480 MHz frequencies. USBee transmits data at about 80bytes per second, which is fast enough to steal a 4096-bit decryption key in less 10 seconds.
The reserchers at Ben–Gurion not only target air-gapped computers at this time. They have even done many reseach of hacking air gap computers like:
If you really intersted to know more about this, check out on http://cyber.bgu.ac.il/t/USBee.pdf titled, “USBee: Air-Gap Covert-Channel via Elecromagnetic Emission from USB”.