Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    New Cellphone Phishing Hack Pulls Data Out Of Computer Over Air

    Ben Gurion UniversityThis is from a few weeks ago, and I only just got to it. Hackers can exfiltrate data via a cellphone and no longer need the Internet to invade and control a system, Ben Gurion University researchers say.

    Using a technique called air-gap network hacking, all a hacker has to do is implant the right kind of malware into a cellphone that gets within range of a computer. Hackers on the other side of the world could use cellphone-based malware to remotely access any data they want, using the electromagnetic waves emanating from computer or server hardware, with no need for an Internet connection.

    The concept is not new, but what’s new is the use of a cellphone to do it. Stuxnet was put on a thumbdrive to infect Iranian servers, and carried in. The new attack is light-years ahead of Stuxnet, because no physical contact is required to compromise a system.

    How could a mobile phone be used to hack into an air-gapped network? In a take-off of an email phishing attack, a hacker could send an unsuspecting employee in a sensitive installation a text message that looks legitimate, but contains a link to malware that surreptitiously gets installed on their cellphone.

    Once the malware is on the phone, it scans for electromagnetic waves which can be manipulated to build a network connection using FM frequencies to install a virus onto a computer or server. The Ben Gurion University team has demonstrated how this is done with computer video cards and monitors. With the virus installed on the system, the phone connects to it via the FM frequency, sucks information out of the server and uses the phone’s cellphone network connection to transmit the data back to hackers. All that’s needed is physical proximity to the system. The team said that one to six meters is enough.

    Right now, there’s little that can be done to prevent this kind of cyber-attack other than turning off the phone. As that is not a practical solution in this day and age, his team is searching for other solutions. It’s a major security risk, he said. Until a solution is found, that risk will only increase, as news of the hack spreads in the hacker community. Link to Times of Israel article with more information:
    http://www.timesofisrael.com/with-new-hack-cellphone-can-get-data-out-of-computers/

     

    Return To KnowBe4 Security Blog

    Topics: Phishing, Cybercrime, Hacking

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews