Papers
Topics
Authors
Recent
Search
2000 character limit reached

AIR-FI: Generating Covert Wi-Fi Signals from Air-Gapped Computers

Published 12 Dec 2020 in cs.CR | (2012.06884v1)

Abstract: In this paper, we show that attackers can exfiltrate data from air-gapped computers via Wi-Fi signals. Malware in a compromised air-gapped computer can generate signals in the Wi-Fi frequency bands. The signals are generated through the memory buses - no special hardware is required. Sensitive data can be modulated and secretly exfiltrated on top of the signals. We show that nearby Wi-Fi capable devices (e.g., smartphones, laptops, IoT devices) can intercept these signals, decode them, and send them to the attacker over the Internet. To extract the signals, we utilize the physical layer information exposed by the Wi-Fi chips. We implement the transmitter and receiver and discuss design considerations and implementation details. We evaluate this covert channel in terms of bandwidth and distance and present a set of countermeasures. Our evaluation shows that data can be exfiltrated from air-gapped computers to nearby Wi-Fi receivers located a distance of several meters away.

Citations (9)
View on Semantic Scholar

Summary

  • The paper introduces AIR-FI, a novel method to generate covert Wi-Fi signals and exfiltrate data from air-gapped computers by exploiting electromagnetic emissions from DDR SDRAM.
  • The AIR-FI technique exploits DDR SDRAM emissions to transmit data over several meters at rates up to 100 bits per second using standard workstations or VMs.
  • The AIR-FI technique reveals a new air-gap data exfiltration vector, prompting countermeasures like electromagnetic shielding and runtime anomaly detection.

Overview of "AIR-FI: Generating Covert Wi-Fi Signals from Air-Gapped Computers"

The paper "AIR-FI: Generating Covert Wi-Fi Signals from Air-Gapped Computers" presents an intriguing exploration into the capabilities of attackers to exfiltrate data from air-gapped systems via Wi-Fi signals without the presence of dedicated Wi-Fi hardware on the compromised systems. This research builds on the specialized field of air-gap security and covert channels, providing a novel method for data transmission that exploits DDR SDRAM buses to emit electromagnetic signals within the 2.4 GHz Wi-Fi bands.

Key Findings and Methodology

The primary assertion of the study is the exploitation of electromagnetic emissions generated by the DDR SDRAM buses to facilitate data exfiltration. This is achieved without the need for Wi-Fi components by modulating signals through specific memory operations. Notably, the method is robust enough to function on systems running inside virtual machines, significantly broadening its potential applicability.

Experimental Setup and Results

The authors conducted extensive experiments using various workstations to validate the approach. Key performance metrics, such as bandwidth, signal-to-noise ratio (SNR), and bit error rate (BER), were collected and analyzed. The results indicated feasible transmission distances of several meters with bit rates up to 100 bits per second, contingent on the transmission method and receiver capabilities. These findings substantiate the practicality of the AIR-FI channel under typical indoor environments where Wi-Fi devices may be present.

The study utilized software-defined radio (SDR) receivers and more conventional Wi-Fi adapters to decode the covert signals, demonstrating the method's flexibility in adapting to different receiver technologies. The experiments also highlighted that Wi-Fi monitoring features in Atheros chipsets could be employed to capture this form of covert transmission effectively.

Implications and Countermeasures

The paper discusses the potential implications of the AIR-FI technique, emphasizing both theoretical and practical dimensions. Theoretically, it expands our understanding of air-gap covert channels by introducing electromagnetic-based methods that overlap with the regulated Wi-Fi spectrum. Practically, it suggests a new vector for data leaks from highly secure environments, challenging existing assumptions about air-gap security.

The authors propose several countermeasures, including electromagnetic shielding, runtime anomaly detection, and signal jamming. Each countermeasure offers varying levels of efficacy and operational feasibility, depending on the security requirements and the environmental context.

Future Directions

The research opens avenues for deeper exploration into protecting air-gapped systems from electromagnetic emanation-based threats. Future work could explore enhancing detection mechanisms for such covert channels, employing more sophisticated signal analysis techniques, and examining the scalability of countermeasures in different operational environments. Additionally, exploring the applicability of these methods to shielded and separated environments will be crucial in augmenting their security posture against such threats.

In conclusion, the AIR-FI paper presents a significant contribution to the domain of covert communication from isolated systems, demonstrating a viable method for data exfiltration via non-standard means. Its findings urge further scrutiny of air-gapped security measures and highlight the continual arms race between defensive strategies and offensive techniques in cybersecurity.

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Sign Up to Generate

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Authors (1)

  1. Mordechai Guri 

Collections

Sign up for free to add this paper to one or more collections.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up

Tweets

Sign up for free to view the 3 tweets with 19 likes about this paper.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up for Free