COVID-bit – A New Secret Channel to Spy Data Over the Air from Air-gapped Systems

Researchers uncovered a new covert channel to steal sensitive information from Air-gapped systems over the air from a distance of 2m.

The ‘air-gap’ computers are physically isolated from a network or device from external networks such as the Internet.

COVID-bit Airgap

The air-gapped computers are maintained in banking, stock exchange networks, critical infrastructure, life-critical systems, and medical equipment.

COVID-bit Secret Channel to Exfiltrate Data

Researchers from Ben-Gurion University of the Negev, Israel, uncovered a new unique covert channel that let attackers leak data from air-gapped systems.

The attack method leverages the malware already planted on the isolated computer with the help of an insider or through other mediums.

In this attack model, the attacker must compromise the targeted system and infect or maintain electronic devices such as radio receivers, microphones, and optical cameras.

The malware on the air-gapped computer generates radio waves by executing crafted code on the target system and exploiting the power consumption of computers the malware is able to generate low-frequency electromagnetic radiation.

Notably, the attack is highly evasive since it executes from an ordinary user-level process, does not require root privileges, and is effective even within a Virtual Machine(VM).

By using the Radio signals sensitive information such as files, encryption keys, biometric data, and keylogging can be modulated and leaked.

Data Exfiltration

“Attack scenario (‘insider’): malware within the infected air-gapped computer (A) transmits the sensitive file via electromagnetic radiation. The file is received by a smartphone of a malicious insider/visitor standing behind the wall

Read more

Explore the site

More from the blog

Latest News