Overview
Data Exfiltration via WiFi without WiFi Hardware: A security researcher has discovered a novel covert channel attack that lets malicious actors exfiltrate sensitive data from air-gapped devices via WiFi signals, without using WiFi hardware.
The researcher (Dr. Mordechai Gui) from the Israeli’s Ben-Gurion University of the Negev (Cyber-Security Research Center) called this novel covert channel attack as “AIR-FI”.
As described in the published academic paper of the researcher, attackers can exfiltrate data from air-gapped devices by installing a malware that can generate signals in the WiFi frequency without making use of WiFi equipment. Instead, the signals are generated through memory buses of the compromised devices.
How does AIR-FI Attack Work?
The attack (Data Exfiltration via WiFi without WiFi Hardware) first requires deploying a specially crafted malware in a targeted air-gapped device. This could be achieved via numerous methods, such as tampered USB flash drives, social engineering attacks or by the help of malicious insiders.
Essentially, the novelty of this attack lies in the capability of the installed malware to exploit DDR SDRAM buses to generate electromagnetic emissions in the WiFi band (2.4 GHz) in order to transmit data on top of these signals.
Exfiltrated data on the WiFi signals could be intercepted and decoded by a nearby WiFi capable device such as a computer, laptop, smartphone or even an IoT equipment, before sending it to the attackers. For this purpose, the WiFi intercepting device also needs to be infected via a malware to transfer the data to the attackers over the Internet.
The researcher revealed the details of the attack via an academic paper and shared a short video demonstration of the attack on YouTube. Dr. Mordechai Gui also has a research page explaining his previous covert channel attack methods, such as those leverage power supplies, screen brightness, thermal manipulations, acoustics etc.
Evaluation of the Attack
What makes this attack novel and dangerous is that it does not rely on WiFi hardware to generate and transmit electromagnetic signals. Instead, it makes use of the readily available memory buses on the computing devices. The attack also does not require any special privileges such as root or admin to generate and transmit the signals.
The attack is also dangerous in that it fundamentally undermines the security benefits provided by air-gapped devices. Moreover, it is sneaky and hard to detect, since it uses the same frequency with WiFi signals for exfiltration.
History has taught us: never underestimate the amount of money, time, and effort someone will expend to thwart a security system. It’s always better to assume the worst. Assume your adversaries are better than they are. Assume science and technology will soon be able to do things they cannot yet. Give yourself a margin for error. Give yourself more security than you need today. When the unexpected happens, you’ll be glad you did.
Bruce Schneier
Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.
References
You can also read our article How to Secure Your Home WiFi Router in 15 Simple Steps? to learn more about WiFi router security.
