You should never assume that your data is safe from a hacking attack. Just like how the technology industry is working toward new ways to protect the public from hacks, those who lurk in the gutters of the Internet are trying to undermine these developments by any means possible. Some security professionals believe that even radio signals can undermine network security.
For example, researchers in Israel are developing a method for extracting information from a machine using radio frequency signals and wireless communication. What’s really unnerving about these techniques is that they can get past isolated machines; those which are isolated from the Internet, unconnected from other connected devices, with even Bluetooth disabled. In fact, these machines are often protected to the extent that workers cannot bring mobile phones anywhere near the device. All of these measures are taken to prevent a remote hacking incident, but what happens when these measures no longer affect the hacker’s ability to steal sensitive information?
This threat is very real, and researchers have already proven that the method can potentially be exploited to siphon data from unconnected devices. This concept has been dubbed “AirHopper” by the researchers at Cyber Security Labs at Ben Gurion University. The method uses radio frequencies to leak information from isolated machines via transceiver, and has been confirmed to have been used by the NSA to spy on foreign countries.
The researchers don’t claim to use the same methods as the NSA, but it’s similar nonetheless. They’ve created malware which can potentially be exploited through a mobile phone’s FM transmitter. The idea is to infect a system with this malware, which then causes the device to generate radio frequencies. These FM signals then proceed to target other devices within their reach. According to WIRED magazine:
The data can be picked up by a mobile phone up to 23 feet away and then transmitted over Wi-Fi or a cellular network to an attacker’s command-and-control server. The victim’s own mobile phone can be used to receive and transmit the stolen data, or an attacker lurking outside an office or lab can use his own phone to pick up the transmission.
These researchers note that the attack is rather complex, and it would take extraordinarily talented hackers to take advantage of this method. They do, however, note that it’s not beyond the scope of those who have developed equally-as-complex mediums of hacking. Additionally, the most likely method of transmitting this malware to infect a disconnected system is through an infected USB device or flash drive, limiting potential attacks to those who have physical access to these disconnected systems. Still, even if these attacks aren’t the most viable scenario, the fact remains that radio frequency attacks could become something to be concerned about under the right circumstances.
This is why closely monitoring your assets and networks is a valuable investment. Even if this valuable information is on a disconnected system, you need to take steps toward limiting who has access to it and what devices are used with it. Only use secure USB devices and restrict access to only authorized personnel.
If this information were to leak from a supposedly secure database without you being aware, your business could potentially be held liable, not to mention the catastrophe that could follow if Social Security numbers or credit card information were compromised. You need to know what’s happening on your network at any given moment in order to prevent these worst-case scenarios.
With a remote monitoring solution from Tektonic, we can keep an eye on your servers for any suspicious activity. You’ll be the first to know if something strange is happening in your network, and we can take steps to put a stop to hacking attacks before any irreparable damage is done. Just give us a call at (416) 256-9928 to see how we can improve the continuity of your business.