One defense against malware is locking sensitive data that hackers want to steal from the Internet. That’s done through air-gapped PCs or computers that are not connected to the Internet or any network. Theoretically, one could not retrieve anything from such a device without physical access to it. But researchers have been able to replicate a tool the NSA reportedly uses and improve it, to steal information from an air-gapped computer.
Called USBee, and developed by security researchers at the Ben-Gurion University’s Cyber Security Center, the technology lets attackers move data from a protected computer over the air. Certain conditions have to be met. First, an insider must infect the computer with the malware. Then, any USB stick must be plugged into that computer. Finally, the attacker needs to be near the compromised device.
Once that’s done, USBee will send the USB drive a sequence of “0” in a way that makes the device generate detectable emissions at frequencies between 240Mhz and 480Mhz, Ars Technica explains. That’s enough to steal a 4096-bit decryption key in less 10 seconds at speeds of about 80 bytes per second.
The attacker still has to be up to 9 feet away from the entire thing for USB thumb drives, or at up to 26 feet, when the USB device uses a short cable, which is turned into a transmitting antenna.
The trick sounds cool but seems unrealistic for actual attacks. The NSA has a similar product dating back to at least 2013. The NSA uses a specially modified USB device to siphon data out of air-gapped computers. But USBee works with any off-the-shelf USB stick.
In case the technology sounds familiar, that’s because the researchers at Ben-Gurion came up with all sorts of spy-worthy products recently, including a way to transmit data in hard-drive noise or turn a fan’s sound into transmittable data.
The full research paper on USBee is available at this link, while a video demo follows below.