This new evasive cyberattack can bypass isolated systems to steal data from the most sensitive networks


Image: Getty/Manuel Breva Colmeiro

Cybersecurity researchers have demonstrated a new cyberattack method that could allow malicious hackers to steal information from some of the best-protected computers.

Isolated systems are isolated from the Internet due to the nature of the information they process. The idea is that by being completely removed from both the public internet and the rest of the network, any information stored and processed within them remains safe from unauthorized access by third parties.

Typically, isolated systems are in sensitive or high-risk environments – which are likely to be tempting targets for malicious hackers – including critical infrastructure, Satellite and military networks.

But a new technique demonstrated by researchers from the Department of Software Engineering and Information Systems at Ben-Gurion University of the Negev shows that it is possible for attackers to break into isolated systems by harnessing low-frequency electromagnetic radiation. generated by the targeted computer.

“The attack is highly evasive as it runs from an ordinary user-level process, does not require root privileges, and is effective even within a virtual machine,” said Mordechai Guri, Head of R&D at Ben-Gurion University Cybersecurity Research Center. written in a recently published research paper.

Also: Cybersecurity: these are the novelties to worry about in 2023

Dubbed COVID-bit, the secret channel attack relies first on an attacker’s ability to physically gain access to the targeted system to crash malware above using a USB flash drive. It may be a secret agent who has gained access to the secure facility in which the isolated machine is located, or a malicious insider could be persuaded, blackmailed or tricked into installing the malware.

It is widely reported that Stuxnet, a malicious worm used to heavily disrupt Iranian uranium and nuclear enrichment facilities in 2010, was planted using USB sticks. So, although physical access is difficult to obtain, it is not impossible.

The malicious code exploits the dynamic power consumption of computers and manipulates momentary loads on processor cores. This approach allows the malware to control internal computer usage and generate low-frequency electromagnetic radiation in the 0-60 kHz band.

According to the researchers, it is possible to exploit this technique to transfer sensitive information from the compromised machine, including files, encryption keys, biometric information and keylogging data, which may include usernames and passwordsas well as private keys for bitcoin wallets.

To do this, an attacker only needs a smartphone or a laptop with a small antenna, which can be bought for only $1, and which must be about two meters from the compromised machine. The attacker does not have to be in the same room as the targeted system, as the electromagnetic radiation generated can penetrate a wall.

Also: The stakes ‘couldn’t be higher’: CISA chief talks about tech challenges ahead

Data transmitted on this frequency is not transferred as quickly as standard methods: the researchers note that transferring a large amount of information, such as keystroke log data from the last hour, can take up to 10 minutes away. But as long as the attacker is not physically ejected from the perimeter, the data will be transmitted secretly.

The best protection against a COVID-bit attack would be to ensure that only authorized personnel are allowed near systems, although this does not solve the problem of a compromised insider with the proper authorization.

The research paper suggests that additional measures to guard against this type of attack on isolated systems include restricting the frequencies that can be used by certain processors, as well as using anti-virus software which can detect unusual CPU models.

“Security systems such as malware protection and detection apps can monitor how running threads are using CPU cores to detect suspicious patterns. In the case of COVID-bit, threads that persistently alter CPU usage would be flagged for further forensic investigation,” Guri said. .

COVID-bit isn’t the first time Guri has found ways to circumvent vacuum systems, as demonstrated in previous research showcasing other techniques, including power hammer, Power supply and Air Fiamong others.


Leave a Comment