• Corpus ID: 229152889

AIR-FI: Generating Covert Wi-Fi Signals from Air-Gapped Computers

  title={AIR-FI: Generating Covert Wi-Fi Signals from Air-Gapped Computers},
  author={Mordechai Guri},
In this paper, we show that attackers can exfiltrate data from air-gapped computers via Wi-Fi signals. Malware in a compromised air-gapped computer can generate signals in the Wi-Fi frequency bands. The signals are generated through the memory buses - no special hardware is required. Sensitive data can be modulated and secretly exfiltrated on top of the signals. We show that nearby Wi-Fi capable devices (e.g., smartphones, laptops, IoT devices) can intercept these signals, decode them, and send… 

Noise-SDR: Arbitrary Modulation of Electromagnetic Noise from Unprivileged Software and Its Impact on Emission Security

It is demonstrated that shaping arbitrary signals out of electromagnetic noise is possible from unprivileged software and is called Noise-SDR because, similarly to a software-defined radio, it can transmit a generic signal synthesized in software.

Private Data Exfiltration from Cyber-Physical Systems Using Channel State Information

This paper presents a novel data exfiltration method using Channel State Information (CSI) from ambient WiFi signals, and finds that even a simple implementation provides robust communication in an office environment.

ScreenInformer: Whispering Secret Information via an LCD Screen

In this paper, we observe an acoustic covert channel by modulating capacitor squeal on the monitor's power supply unit, and then present ScreenInformer to build a covert communication within a

CTJammer: A Cross-Technology Reactive Jammer towards Unlicensed LTE

To turn a commercial WiFi device into a cross-technology reactive jammer, this paper flexibly leverage WiFi chipsets to detect unlicensed LTE signals and combine multiple considerations to satisfy the real-time demand of reactive jamming.

Reverse Branch Target Buffer Poisoning

A new Spectre v2-based technique for abusing branch predictors to bypass ASLR on Intel CPUs, which abuses the fact that not only can the attacker pollute the branch target buffer such as in a specter-like scenario, but victims can also trigger a branch misprediction in the attacker process, leading the attacker to speculatively jump to the same ASLR-protected address.

Markov Decision Processes with Embedded Agents

This work presents Markov Decision Processes with Embedded Agents (MDPEAs), an extension of multi-agent POMDPs that allow for the modeling of environments that can change the actuators, sensors, and learning function of the agent, e.g., a household robot which could gain and lose hardware from its frame.

Detecting USB Storage Device Behaviors by Exploiting Electromagnetic Emanations

The experimental results show that the proposed method can recognize the behaviors of USB storage devices effectively by analyzing the compromising emanations and illustrated that the CE from USB contains the information of device individuals.



HOTSPOT: Crossing the Air-Gap Between Isolated PCs and Nearby Smartphones Using Temperature

  • Mordechai Guri
  • Computer Science, Physics
    2019 European Intelligence and Security Informatics Conference (EISIC)
  • 2019
The results show that it possible to send covert signals from air-gapped PCs to the attacker on the Internet through the thermal pings, and propose countermeasures for this type of covert channel which has thus far been overlooked.

GSMem: Data Exfiltration from Air-Gapped Computers over GSM Frequencies

GSMem, a malware that can exfiltrate data through an air-gap over cellular frequencies, is presented and its efficacy and feasibility are demonstrated, achieving an effective transmission distance of 1 - 5.5 meters with a standard mobile phone.

USBee: Air-gap covert-channel via electromagnetic emission from USB

It is demonstrated how a software can intentionally generate controlled electromagnetic emissions from the data bus of a USB connector, and it is shown that the emitted RF signals can be controlled and modulated with arbitrary binary data.

CD-LEAK: Leaking Secrets from Audioless Air-Gapped Computers Using Covert Acoustic Signals from CD/DVD Drives

  • Mordechai Guri
  • Computer Science, Physics
    2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC)
  • 2020
This paper presents CD-LEAK - a novel acoustic covert channel that works in constrained environments where loudspeakers are not available to the attacker, and develops a transmitter and receiver for PCs and smartphones.

AiR-ViBeR: Exfiltrating Data from Air-Gapped Computers via Covert Surface ViBrAtIoNs

The results show that data can be exfiltrated from air-gapped computer to a nearby smartphone on the same table, or even an adjacent table, via vibrations, and a set of countermeasures are proposed for this new type of attack.

xLED: Covert Data Exfiltration from Air-Gapped Networks via Switch and Router LEDs

It is shown how attackers can covertly leak sensitive data from air-gapped networks via the row of status LEDs on networking equipment such as LAN switches and routers through different modulation and encoding schemas, along with a transmission protocol.

AirHopper: Bridging the air-gap between isolated networks and mobile phones using radio frequencies

AirHopper is presented, a bifurcated malware that bridges the air-gap between an isolated network and nearby infected mobile phones using FM signals and it is demonstrated how textual and binary data can be exfiltrated from physically isolated computer to mobile phones at a distance of 1-7 meters.

Air-Gap Covert Channels

It is empirically demonstrated that using physically unmodified, commodity systems, covert-acoustic channels can be used to communicate at data rates of hundreds of bits per second, without being detected by humans in the environment, and data rates when nobody is around to hear the communication.

On Acoustic Covert Channels Between Air-Gapped Systems

In this work, we study the ability for malware to leak sensitive information from an air-gapped high-security system to systems on a low-security network, using ultrasonic and audible audio covert