Air-gapped computers – meaning those that are disconnected from the internet – are supposed to be immune to hacking attacks. Security researchers have therefore focused their attention on cracking such targets.
Cybersecurity white-hat researchers at Ben Gurion University and the Technion have found a way to steal data from those machines using less than $3,000 worth of equipment.
“We present the first physical side-channel attack on elliptic curve cryptography running on a PC,” researchers Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer wrote in the paper they are presenting. “The attack targets the ECDH public-key encryption algorithm, as implemented in the latest version of GnuPG. By measuring the target’s electromagnetic emanations, the attack extracts the secret decryption key within seconds, from a target located in an adjacent room across a wall. The attack utilizes a single carefully chosen ciphertext, and tailored time-frequency signal analysis techniques, to achieve full key extraction.”
Main video: Ben Gurion University’s Cybersecurity Labs:
GSMem: Data Exfiltration from Air-Gapped Computers over GSM Frequencies by Lead Researcher Mordechai Guri alongside Assaf Kachlon, Ofer Hasson, Gabi Kedma, Yisroel Mirski, Matan Monitz and Prof. Yuval Elovici of Ben-Gurion University of the Negev – To be presented on Usenix https://www.usenix.org/conference/use…