Scientists in Israel have developed a new technique, called COVID-bit, that allows data to be retrieved from an air-gapped (physically isolated) computer.
A new attack method called COVID-bit does not even need the computer or system to be connected to the internet. This new data theft method, targeting physically completely isolated systems, captures the electromagnetic waves emitted by the system through a receiver and performs the transaction.
The head of R&D and head of the Offensive-Defense Cyber Research Laboratory at the Cybersecurity Research Center at Ben Gurion University in the Negev, Israel, behind this method, called COVID-bit. Mordechai Guri says, “Information is spread through the air with a range of at least 2m from the isolated computer and can be picked up by a nearby spy.”
How is it Working?
Air-gapped or isolated computer systems are often used in high-risk environments such as energy infrastructure, government and military areas. For this reason, the systems here are isolated from the public internet or networks as a result of security concerns.
In order to steal data from such systems, the spy/attacker needs to physically access the system or the network used and inject the software. Although these attacks may sound practical or exaggerated, it is known that a similar incident took place at Iran’s uranium enrichment facility in Natanz.
Researchers are using low-frequency (0-48 kHz) bands of power supplies in isolated computers to transmit data in a COVID-bit attack. The researchers note that these frequency waves are generated by the MOSFET components in the conversion from AC-DC and DC-DC. A special software installed on the system can export the targeted information using these very low frequencies. Depending on the strength of the frequency, the data can be spread over a range of at least 2m. The transmitted frequencies are collected by a receiver to obtain the desired data. In the tests performed, a 10 KB file was transmitted in 80 seconds at the maximum transmission speed (1,000 bps) valid for the desktop system.
Protection Against COVID-bit
As a result, it is possible to take precautions, although COVID-bit follows a very different path in data theft. Because in order for the PSU or the electromagnetic waves emitted by the system to be made specifically for data theft, a spyware must be installed on the system beforehand. Thus, the most effective defense would be to strictly restrict access to devices.
At the same time, it is recommended to develop/use tools that monitor CPU core and hence power consumption and detect suspicious behavior. Another precaution could be locking the CPU core frequency. Dr. This study by Mordechai Guri and his team has been published on arxiv.org. However, Guri had previously revealed that data theft can also be done from the vibration created by the cooling fan in computers.