Hackers are always coming up with new, often ingenious methods of hacking companies around the world. Despite their best efforts, technology professionals have managed to keep up with threats, yet hackers just keep innovating. Most recently, and rather alarmingly, they figured out how to use radio signals to hack into an unconnected device and steal confidential corporate data.
Researchers in Israel have developed a technology that extracts information from a machine using radio frequencies and wireless communications. To make matters worse, these attacks can target isolated machines that have no connection to the Internet or your network.
The researchers in question have proven that these methods can be, and already have been, used to siphon data from disconnected devices. Cyber Security Labs at Ben Gurion University have dubbed this technique “AirHopper.” By using radio frequencies, the researchers succeeded in leaking information from isolated machines via their transceiver. This is one of the methods the United States' NSA has employed to spy on foreign countries.
While the researchers haven’t explicitly stated that they use the same method as the NSA, it is quite clearly a method very similar in nature. They created a malware that can be sent by a mobile phone’s FM transmitter. From there, in theory, it can infect other devices in range. Infected devices then proceed to generate more radio frequencies to infect other devices in range. According to WIRED magazine:
The data can be picked up by a mobile phone up to 23 feet away and then transmitted over WiFi or a cellular network to an attacker’s command-and-control server. The victim’s own mobile phone can be used to receive and transmit the stolen data, or an attacker lurking outside an office or lab can use his own phone to pick up the transmission.
This kind of technique is complex and only the most skilled hackers have any hope of actually executing it. However, it is not any more improbable as any other advanced hacking attack these days. The most likely way this kind of threat can attack a disconnected system is through a USB device or flash drive, which significantly limits the potential for attacks. Only those who have physical access to the machine would have any chance to infect it.
All of this underlines what we feel is a fairly obvious truth: the importance of monitoring your IT infrastructure for discrepancies can’t be emphasised enough. Limiting who has access to mission-critical disconnected and connected technology is the first step toward protecting any information stored on it. Using secure USB devices is another necessary step which can prevent potential hacking attacks from occurring. Data leakage is a primary concern for all businesses, and your business could be held liable if sensitive information is stolen.
BTA's remote monitoring solution is specifically designed so that we keep an eye out for suspicious activity. We will take the necessary precautions and neutralise threats before they cause irreparable damage. Give us a call at 020 8875 7676 to learn more.