Information sent from an isolated computer to a distance of 2 m can be intercepted using a phone or laptop.
The COVID-bit mechanism uses malware installed on a computer to generate electromagnetic radiation in the frequency range of 0-60 kHz, which is then picked up by an inconspicuous receiver located at a distance of 2 m. COVID-bit technology was developed this year and is designed to overcome air gaps (Air Gap) and collection of sensitive data.
Air-gapped networks, despite their high level of isolation, can be compromised in a variety of ways, from a compromised USB drive to a supply chain attack. Because the isolated systems are not connected to the Internet, the attacker must develop a special method to deliver the stolen information.
COVID-bit is a covert channel that is used by malware to transmit data using EM radiation from a switched mode power supply (SMPS) and frequency shift keying (FSK) to encode binary data. “By adjusting the CPU workload, you can control its power consumption and therefore control the instantaneous switching frequency of the SMPS component,” explains technology developer Dr. Guri.
EMP can be picked up from a distance using $1 antennas that can be connected to the phone's 3.5mm audio jack to capture low frequency signals with a 1000bps bandwidth. The emissions are then demodulated to extract the data. At the same time, malicious code does not require elevated privileges and can be executed from a virtual machine.
Data rate evaluation shows that keystrokes can be captured in near real time, and exfiltration of IP and MAC addresses takes between 0.1 and 16 seconds, depending on the data rate.
To protect against such an attack, you must:
conduct dynamic analysis of operation codes to identify threats;
initiate random workloads on processors when anomalous activity is detected;
monitor or jam signals in the range of 0-60 kHz.
Comments 0