AIR-FI: Generating Covert Wi-Fi Signals from Air-Gapped Computers
@article{Guri2020AIRFIGC, title={AIR-FI: Generating Covert Wi-Fi Signals from Air-Gapped Computers}, author={Mordechai Guri}, journal={ArXiv}, year={2020}, volume={abs/2012.06884} }
In this paper, we show that attackers can exfiltrate data from air-gapped computers via Wi-Fi signals. Malware in a compromised air-gapped computer can generate signals in the Wi-Fi frequency bands. The signals are generated through the memory buses - no special hardware is required. Sensitive data can be modulated and secretly exfiltrated on top of the signals. We show that nearby Wi-Fi capable devices (e.g., smartphones, laptops, IoT devices) can intercept these signals, decode them, and send…
Figures and Tables from this paper
7 Citations
Noise-SDR: Arbitrary Modulation of Electromagnetic Noise from Unprivileged Software and Its Impact on Emission Security
- Computer Science2022 IEEE Symposium on Security and Privacy (SP)
- 2022
It is demonstrated that shaping arbitrary signals out of electromagnetic noise is possible from unprivileged software and is called Noise-SDR because, similarly to a software-defined radio, it can transmit a generic signal synthesized in software.
Private Data Exfiltration from Cyber-Physical Systems Using Channel State Information
- Computer ScienceWPES@CCS
- 2021
This paper presents a novel data exfiltration method using Channel State Information (CSI) from ambient WiFi signals, and finds that even a simple implementation provides robust communication in an office environment.
ScreenInformer: Whispering Secret Information via an LCD Screen
- Physics2022 19th Annual IEEE International Conference on Sensing, Communication, and Networking (SECON)
- 2022
In this paper, we observe an acoustic covert channel by modulating capacitor squeal on the monitor's power supply unit, and then present ScreenInformer to build a covert communication within a…
CTJammer: A Cross-Technology Reactive Jammer towards Unlicensed LTE
- Computer Science2022 IEEE/ACM Seventh International Conference on Internet-of-Things Design and Implementation (IoTDI)
- 2022
To turn a commercial WiFi device into a cross-technology reactive jammer, this paper flexibly leverage WiFi chipsets to detect unlicensed LTE signals and combine multiple considerations to satisfy the real-time demand of reactive jamming.
Reverse Branch Target Buffer Poisoning
- Computer Science
- 2022
A new Spectre v2-based technique for abusing branch predictors to bypass ASLR on Intel CPUs, which abuses the fact that not only can the attacker pollute the branch target buffer such as in a specter-like scenario, but victims can also trigger a branch misprediction in the attacker process, leading the attacker to speculatively jump to the same ASLR-protected address.
Markov Decision Processes with Embedded Agents
- Computer Science
- 2021
This work presents Markov Decision Processes with Embedded Agents (MDPEAs), an extension of multi-agent POMDPs that allow for the modeling of environments that can change the actuators, sensors, and learning function of the agent, e.g., a household robot which could gain and lose hardware from its frame.
Detecting USB Storage Device Behaviors by Exploiting Electromagnetic Emanations
- Computer ScienceICC 2022 - IEEE International Conference on Communications
- 2022
The experimental results show that the proposed method can recognize the behaviors of USB storage devices effectively by analyzing the compromising emanations and illustrated that the CE from USB contains the information of device individuals.
References
SHOWING 1-10 OF 55 REFERENCES
MAGNETO: Covert Channel between Air-Gapped Systems and Nearby Smartphones via CPU-Generated Magnetic Fields
- Computer ScienceFuture Gener. Comput. Syst.
- 2021
HOTSPOT: Crossing the Air-Gap Between Isolated PCs and Nearby Smartphones Using Temperature
- Computer Science, Physics2019 European Intelligence and Security Informatics Conference (EISIC)
- 2019
The results show that it possible to send covert signals from air-gapped PCs to the attacker on the Internet through the thermal pings, and propose countermeasures for this type of covert channel which has thus far been overlooked.
GSMem: Data Exfiltration from Air-Gapped Computers over GSM Frequencies
- Computer ScienceUSENIX Security Symposium
- 2015
GSMem, a malware that can exfiltrate data through an air-gap over cellular frequencies, is presented and its efficacy and feasibility are demonstrated, achieving an effective transmission distance of 1 - 5.5 meters with a standard mobile phone.
USBee: Air-gap covert-channel via electromagnetic emission from USB
- Computer Science2016 14th Annual Conference on Privacy, Security and Trust (PST)
- 2016
It is demonstrated how a software can intentionally generate controlled electromagnetic emissions from the data bus of a USB connector, and it is shown that the emitted RF signals can be controlled and modulated with arbitrary binary data.
CD-LEAK: Leaking Secrets from Audioless Air-Gapped Computers Using Covert Acoustic Signals from CD/DVD Drives
- Computer Science, Physics2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC)
- 2020
This paper presents CD-LEAK - a novel acoustic covert channel that works in constrained environments where loudspeakers are not available to the attacker, and develops a transmitter and receiver for PCs and smartphones.
AiR-ViBeR: Exfiltrating Data from Air-Gapped Computers via Covert Surface ViBrAtIoNs
- Computer ScienceArXiv
- 2020
The results show that data can be exfiltrated from air-gapped computer to a nearby smartphone on the same table, or even an adjacent table, via vibrations, and a set of countermeasures are proposed for this new type of attack.
xLED: Covert Data Exfiltration from Air-Gapped Networks via Switch and Router LEDs
- Computer Science2018 16th Annual Conference on Privacy, Security and Trust (PST)
- 2018
It is shown how attackers can covertly leak sensitive data from air-gapped networks via the row of status LEDs on networking equipment such as LAN switches and routers through different modulation and encoding schemas, along with a transmission protocol.
AirHopper: Bridging the air-gap between isolated networks and mobile phones using radio frequencies
- Computer Science2014 9th International Conference on Malicious and Unwanted Software: The Americas (MALWARE)
- 2014
AirHopper is presented, a bifurcated malware that bridges the air-gap between an isolated network and nearby infected mobile phones using FM signals and it is demonstrated how textual and binary data can be exfiltrated from physically isolated computer to mobile phones at a distance of 1-7 meters.
Air-Gap Covert Channels
- Computer Science
- 2016
It is empirically demonstrated that using physically unmodified, commodity systems, covert-acoustic channels can be used to communicate at data rates of hundreds of bits per second, without being detected by humans in the environment, and data rates when nobody is around to hear the communication.
On Acoustic Covert Channels Between Air-Gapped Systems
- Computer ScienceFPS
- 2014
In this work, we study the ability for malware to leak sensitive information from an air-gapped high-security system to systems on a low-security network, using ultrasonic and audible audio covert…