Researcher Turns RAM into Wi-Fi Card to Hack Isolated Systems
How AIR-FI causes machines without Wi-Fi chips to broadcast their secrets.
With subscription-service doorbells and "smart fridges" with built-in tablets, the internet of things is connecting more and more devices to Wi-Fi, which of course opens them up to new security risks. Maybe you didn’t need to worry about burglars breaking into your phone by hacking the front door in the ‘90s, but it’s a legitimate concern now. But with all these new Wi-Fi hacking opportunities, it’s also tempting to assume that not having a Wi-Fi chip or card means you’re safe. Unfortunately, according to researchers at Israel’s Ben-Gurion University of the Negev, that might not be the case.
In his research paper AIR-FI: Generating Covert Wi-Fi Signals from Air-Gapped Computers, Ben-Gurion head of R&D Mordechai Guri details a malware program he’s developed to turn a computer’s RAM into a type of 2.4 GHz Wi-Fi card, forcing it to send out a signal that hackers can then intercept.
The idea is that anyone with physical access to an air-gapped system, meaning a system that’s isolated on a local network and doesn’t have a Wi-Fi chip or any other external internet access, could install the malware on the system and cause it to broadcast secret information without the user’s knowledge. Air-gapped systems are a favorite of governments, militaries and even corporations to store sensitive data, meaning that the danger here is more in high-level espionage than in someone swiping your credit card info at Starbucks.
According to Guri’s paper, AIR-FI exploits the electromagnetic waves generated by all electronic components to generate radio waves that fall in the 2.4 GHz frequency range used by most normal Wi-Fi cards. This lets systems with the malware installed broadcast data at speeds of up to 100 bits per second up to several meters away.
The process also doesn’t require admin privileges to begin.
“[AIR-FI] can be initiated from an ordinary user-space process,” Guri explains. He also says that while most modern RAM cards can emit 2.4 GHz signals from the get-go, hackers can also overclock older cards to make them AIR-FI compatible as well.
To a degree, this is largely a stunt hack, as it doesn’t apply to standard users and the range is small enough that the hacker might as well just steal the data physically. Also, AIR-FI needs to be installed physically before it can work.
But it’s a great indicator that cyber-security is never as easy as just installing a firewall. Even if you’re technically not supposed to be connected to the internet, you can still be hacked. Which is why it’s always a good idea to control who has access to your systems. And if you’re a government or military engineer, why it might also be a good idea to start investing in some signal jamming equipment.
Whether or not manufacturers will use this to start officially mixing Wi-Fi into their RAM cards, we can’t say. But probably not.
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
Michelle Ehrhardt is an editor at Tom's Hardware. She's been following tech since her family got a Gateway running Windows 95, and is now on her third custom-built system. Her work has been published in publications like Paste, The Atlantic, and Kill Screen, just to name a few. She also holds a master's degree in game design from NYU.
USB-C cable CT scan reveals sinister active electronics — O.MG pen testing cable contains a hidden antenna and another die embedded in the microcontroller
Hackers breach Wi-Fi network of U.S. firm from Russia — daisy chain attack jumps from network to network to gain access from thousands of miles away
-
pjmelect This is a very old idea, back in the day I used to write tunes that were picked up on the radio by altering the speed that I wrote to the memory. This has long been recognized as a way of communicating with an air gapped computer. This is why Tempest computers exist. (Google it)Reply -
FakeMike Nice idea but at 100 bps it's not like you would have to worry about data leak. It would take forever to copy any sizeable amount of data and by that time you would likely be spotted since you have to be close by for that work.Reply