This Malware Steals Data From Air Gapped PCs
This Malware Steals Data From Air Gapped PCs

The former National Security Agency contractor Edward Snowden has recently leaked information that NSA knew how to change a USB device to break the security of a computer that is disconnected completely from the network, and issue certain files to a receiver through modifying the USB device.

This Malware Steals Data From Air Gapped PCs

According to the former National Security Agency contractor, Edward Snowden, a very important document was leaked that was actually published in 2013. That document actually illustrated that the NSA knew how to change a USB device to break the security of a computer disconnected completely from the network and issue certain files to a receiver through modifications to the USB device. Some Israeli researchers have gone further, and no longer need to modify the device.

Specifically, this system works with any device that is connected via USB, working better with those who use cable as an external hard drive. NSA-developed USB exfiltrator, known as CottonMouth, basically it forced to change the USB and strain the device on the target computer, while USBee can work with any device connected to a computer. Simply a USB data bus is used.

The system does just the opposite of what they do in radios of the mobile phones. The phones use the headphone cable to act as signal receivers, which are the chip enabled radio through which user listen to Radio stations. The system developed by Israeli researchers do the opposite: use the cable as an antenna to broadcast.

To do this, you first need to have access to the computer and install malware requiring the device to emit the signal. Although as we saw in Mr. Robot, it is as easy as dropping several memories close to the target, and some workers end up inserting it into the computer to see that what it actually contains, and can automatically install malware.

The range of the system is 3 meters for USB memory and 8 meters if the device uses wire. The transfer rate is a bit slow, something about 80 bytes per second, which, oddly enough, yes, sounds pretty weird but, this speed is enough to steal an encryption key of 4096 bits in just less than 10 seconds. The data are transmitted via electromagnetic signals to a receiver that uses radio GNU that demodulates the signal.

The interesting thing is that it allows USBee to obtain information from any computer via the USB 2.0 port, even when the computer is completely disconnected from the Internet, does not have speakers, and both WiFi and Bluetooth are disabled.

This system was probably already known to some of the authorities of the intelligence as the NSA itself, and not, certainly are already contacting investigators, or are directly trying to emulate the system, because in the world of intelligence it can be really useful for stealing information. So, if you want to avoid this type of hacking distance, then you can simply isolate a room.


Please enter your comment!
Please enter your name here