BGU Researchers Demonstrate How Data Can Be Stolen From Isolated “Air-Gapped” Computers Through a Typical USB Flash Drive

Above: Illustration of USBee, in which an ordinary, unmodified USB drive (A) transmits information to a nearby receiver (B) through electromagnetic waves emitted from the drive data bus.

Researchers at BGU’s Cyber Security Research Center (CSRC) have demonstrated that an unmodified USB connected to a computer with malicious code can be used to steal data from infected and even “air-gapped” computers.

Air-gapped computers are isolated — separated both logically and physically from public networks — ostensibly to prevent their being hacked over the internet or within company networks.

The research team developed software it calls “USBee” to generate controlled radio frequency (RF) electromagnetic emissions from the data bus of a USB connector. They also reported in a paper that the emitted RF signals can be controlled and modulated with arbitrary binary data.

“Our evaluation shows that USBee can be used for transmitting binary data to a nearby receiver at a bandwidth of 80 bytes-per-second,” the researchers explain. “An RF antenna will capture electromagnetic waves from a USB to receive and exfiltrate small bits of data, such as security keys and passwords, up to 30 feet (10 meters) away from the air-gapped computer.”

“Unlike previous covert channels based on USB, our method doesn’t require firmware or modification of the USB’s hardware that creates an opportunity for attackers,” says Mordechai Guri, head of research and development at the CSRC and chief science officer at Morphisec Endpoint Security Solutions.

The researchers recommend that countermeasures to mitigate the issue use the “zone” approach: defining areas or zones around these computers where RF receivers are prohibited. Insulation of partition walls may help to lower signal reception distance if a dedicated hardware receiver is used.

This is the latest threat the BGU cyber team has uncovered related to what are supposed to be secure, air-gapped computers. Earlier this year, the researchers successfully collected data transmitted via noise from a computer fan as well as from acoustic signals emitted from a computer hard drive.

In addition to Mordechai Guri, other BGU researchers involved in this research include Matan Monitz, a BSc student in computer science and philosophy; and Prof. Yuval Elovici, director of the CSRC, member of BGU’s Department of Software and Information Systems Engineering and director of the Deutsche Telekom Innovation Laboratories at BGU.