• Corpus ID: 2444169

GSMem: Data Exfiltration from Air-Gapped Computers over GSM Frequencies

  title={GSMem: Data Exfiltration from Air-Gapped Computers over GSM Frequencies},
  author={Mordechai Guri and Assaf Kachlon and Ofer Hasson and Gabi Kedma and Yisroel Mirsky and Yuval Elovici},
  booktitle={USENIX Security Symposium},
Air-gapped networks are isolated, separated both logically and physically from public networks. [] Key Method We implement a prototype of GSMem consisting of a transmitter and a receiver and evaluate its performance and limitations. Our current results demonstrate its efficacy and feasibility, achieving an effective transmission distance of 1 - 5.5 meters with a standard mobile phone. When using a dedicated, yet affordable hardware receiver, the effective distance reached over 30 meters.
Data Exfiltration from Air-Gapped Computers based on ARM CPU
An air-gap covert channel for computers based on ARM CPU is proposed, which includes a software algorithm that can effectively cause cache misses and a technique to use NEON instructions and transmit B-ASK modulated data by radio waves radiated from ARM based computer.
LANTENNA: Exfiltrating Data from Air-Gapped Networks via Ethernet Cables Emission
  • Mordechai Guri
  • Computer Science
    2021 IEEE 45th Annual Computers, Software, and Applications Conference (COMPSAC)
  • 2021
The experiments show that with the LANTENNA attack, data can be exfiltrated from air-gapped computers to a distance of several meters away, and a set of of countermeasures are presented.
AIR-FI: Generating Covert Wi-Fi Signals from Air-Gapped Computers
It is shown that attackers can exfiltrate data from air-gapped computers via Wi-Fi signals via a covert channel in terms of bandwidth and distance and a set of countermeasures are presented.
DiskFiltration: Data Exfiltration from Speakerless Air-Gapped Computers via Covert Hard Drive Noise
This paper presents 'DiskFiltration,' a covert channel which facilitates the leakage of data from an air-gapped compute via acoustic signals emitted from its hard disk drive (HDD).
PowerHammer: Exfiltrating Data From Air-Gapped Computers Through Power Lines
An implementation, evaluation, and analysis of PowerHammer - an attack that uses power lines to exfiltrate data from air-gapped computers that fully conforms to civilian and military conductive emission standards is provided.
Exfiltrating data from air-gapped computers via ViBrAtIoNs
AiR-ViBeR: Exfiltrating Data from Air-Gapped Computers via Covert Surface ViBrAtIoNs
The results show that data can be exfiltrated from air-gapped computer to a nearby smartphone on the same table, or even an adjacent table, via vibrations, and a set of countermeasures are proposed for this new type of attack.
MAGNETO: Covert Channel between Air-Gapped Systems and Nearby Smartphones via CPU-Generated Magnetic Fields
LaserShark: Establishing Fast, Bidirectional Communication into Air-Gapped Systems
By aiming lasers at already built-in LEDs and recording their response, this work is the first to enable a long-distance, bidirectional, and fast covert communication channel for air-gapped systems without any additional hardware on-site.
BitJabber: The World’s Fastest Electromagnetic Covert Channel
A new physical covert channel named BitJabber is introduced that is extremely fast and strong enough to even penetrate concrete walls and can enable data exfiltration from an air-gapped computer enclosed in a room with thick concrete walls up to 15 cm.


AirHopper: Bridging the air-gap between isolated networks and mobile phones using radio frequencies
AirHopper is presented, a bifurcated malware that bridges the air-gap between an isolated network and nearby infected mobile phones using FM signals and it is demonstrated how textual and binary data can be exfiltrated from physically isolated computer to mobile phones at a distance of 1-7 meters.
BitWhisper: Covert Signaling Channel between Air-Gapped Computers Using Thermal Manipulations
This paper demonstrates BitWhisper, a method of bridging the air-gap between adjacent compromised computers by using their heat emissions and built-in thermal sensors to create a covert communication channel, which supports bidirectional communication and requires no additional dedicated peripheral hardware.
Compromising emanations: eavesdropping risks of computer displays
A proposal for a civilian radio-frequency emission-security standard is outlined, based on path-loss estimates and published data about radio noise levels, and a new optical eavesdropping technique is demonstrated that reads CRT displays at a distance.
Baseband Attacks: Remote Exploitation of Memory Corruptions in Cellular Protocol Stacks
This paper analyzes two widely deployed baseband stacks and gives exemplary cases of memory corruptions that can be leveraged to inject and execute arbitrary code on the baseband processor.
Anatomy of contemporary GSM cellphone hardware
This paper is an attempt to serve as an introductory text into the hardware architecture of contemporary GSM mobile phone hardware anatomy and is intended to widen the technical background on mobile phones within the IT community.
Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations
Techniques that enable the software on a computer to control the electromagnetic radiation it transmits and a trusted screen driver can display sensitive information using fonts which minimise the energy of these emissions are discussed.
On Covert Acoustical Mesh Networks in Air
It is shown that the concept of a covert acoustical mesh network renders many conventional security concepts useless, as acoustICAL communications are usually not considered.
Current Events: Identifying Webpages by Tapping the Electrical Outlet
This work constructs a classifier that correctly identifies unlabeled power traces of webpage activity from a set of 51 candidates with 99% precision and 99% recall, and identifies the AC power side channel that leaks private information about web browsing to an observer taking measurements at the power outlet.
An impact-aware defense against Stuxnet
This work proposes a novel proactive defense system framework, in which commands from the system operator to the PLC are authenticated using a randomized set of cryptographic keys, and demonstrates that the proposed scheme can achieve arbitrarily low adversary success probability for a sufficiently large number of keys.
Implementation and implications of a stealth hard-drive backdoor
The difficulty of implementing such an attack is not limited to the area of government cyber-warfare; rather, it is well within the reach of moderately funded criminals, botnet herders and academic researchers.