Presented at
DeepSec 2015 „DeepSec No. 9“,
Nov. 19, 2015, noon
(50 minutes).
Air-gapped networks are isolated, separated both logically and physically from public networks. Although the feasibility of invading such systems has been demonstrated in recent years, exfiltration of data from air-gapped networks is still a challenging task. In this talk we present GSMem, a malware that can exfiltrate data through an air-gap over cellular frequencies. Rogue software on an infected target computer modulates and transmits electromagnetic signals at cellular frequencies by invoking specific memory-related instructions and utilizing the multichannel memory architecture to amplify the transmission. Furthermore, we show that the transmitted signals can be received and demodulated by a rootkit placed in the baseband firmware of a nearby cellular phone. We present crucial design issues such as signal generation and reception, data modulation, and transmission detection. We implement a prototype of GSMem consisting of a transmitter and a receiver and evaluate its performance and limitations. Our current results demonstrate its efficacy and feasibility, achieving an effective transmission distance of 1-5.5 meters with a standard mobile phone. When using a dedicated, yet affordable hardware receiver, the effective distance reached over 30 meters.
Presenters:
-
Mordechai Guri
- Ben-Gurion University of the Negev
Mordechai Guri is an accomplished computer scientist and security expert with over 20 years of practical research experience. He earned his Bsc and Msc, Suma Cum Laude, from the computer science department at the Hebrew University of Jerusalem. Guri is a lead researcher and lab manager at the Ben Gurion Cyber Security Research Center and has been awarded with the prestigious IBM PhD International Fellowship (2015-2016). In the past few years Mordechai has led a number of breakthrough research projects in cyber-security, some of them have been published worldwide. His research topics include OS security, advanced malware, Moving Target Defense (MTD), mobile security and embedded systems. Mordechai is also the Chief Scientific Officer and Co-Founder of Morphisec start-up company. Yisroel Mirsky received his B.Sc. in Communication Systems Engineering
from the Jerusalem College of Technology in 2013. He is now a Ph.D. student
at Ben-Gurion University in the Department of Information Systems
Engineering. He is doing his Ph.D. under the supervision of Prof. Bracha
Shapira and Prof. Yuval Elovici. His research interests include smartphone
security, context-aware data leakage prevention, and covert channels. He is
currently managing a research project at the BGU Cyber Security Research Center.
-
Yisroel Mirsky
- Ben-Gurion University of the Negev
Mordechai Guri is an accomplished computer scientist and security expert with over 20 years of practical research experience. He earned his Bsc and Msc, Suma Cum Laude, from the computer science department at the Hebrew University of Jerusalem. Guri is a lead researcher and lab manager at the Ben Gurion Cyber Security Research Center and has been awarded with the prestigious IBM PhD International Fellowship (2015-2016). In the past few years Mordechai has led a number of breakthrough research projects in cyber-security, some of them have been published worldwide. His research topics include OS security, advanced malware, Moving Target Defense (MTD), mobile security and embedded systems. Mordechai is also the Chief Scientific Officer and Co-Founder of Morphisec start-up company. Yisroel Mirsky received his B.Sc. in Communication Systems Engineering
from the Jerusalem College of Technology in 2013. He is now a Ph.D. student
at Ben-Gurion University in the Department of Information Systems
Engineering. He is doing his Ph.D. under the supervision of Prof. Bracha
Shapira and Prof. Yuval Elovici. His research interests include smartphone
security, context-aware data leakage prevention, and covert channels. He is
currently managing a research project at the BGU Cyber Security Research Center.
Links:
Similar Presentations: