Forget badBios, NSA turns to pirate radio to target air gapped computers
In recent months, security researchers have pondered whether craftily designed malware could steal data from a computer using high-frequency signals when a network connection was not present. Take security researcher Dragos Ruiu, who claimed several months ago that a malware dubbed badBios could hijack a PC’s microphone and speakers.
But while security pros ponder the theoretical, the National Security Agency is actively nabbing data from PCs and installing malware on non-networked computers, according to The New York Times.
Unlike badBios, however, the NSA’s capabilities aren’t about using novel software-based methods to retrieve data, but a high-tech approach to good old-fashioned bugging.
Imagine this: an Iranian official has a laptop containing detailed data about the progress of that country’s presumed nuclear weapons program. The laptop with top secret materials is a so-called “air gapped” computer that has no connection to the Internet and, therefore, requires physical access to hack.
Unbeknownst to the Iranians, however, the air gapped computer contains a small circuit board with a radio transceiver that communicates over a secret radio frequency.
Eight miles away in a hotel room on the outskirts of Tehran, an NSA agent could use an oversized briefcase to communicate with the transceiver, hack into the air gapped computer, copy the nuclear weapons data, and install malware on the device.
That may sound like the opening sequence for next summer’s blockbuster spy thriller, but based on the Times report, it is part of a very real NSA program used to access numerous air gapped computers around the world.
Using special transceivers embedded inside innocuous items like circuit boards and USB cables, the NSA can reportedly communicate with compromised PCs from up to eight miles away. The tech can be used to pilfer documents, observe users, and install malware.
The NSA’s technology is used against a wide range of foreign targets, the Times says, and is not in use domestically unlike other NSA activities such as the agency’s metadata collection programs.
While the NSA’s radio tech is apparently a very real way to get at air gapped computers, it’s still an open question whether badBios is an actual piece of malware or the product of an overactive imagination. The problem is that no one but Ruiu has yet to fully examine badBios in action.
The concepts behind badBios, however, are very real.
Researchers in Germany recently demonstrated a proof-of-concept malware prototype that could share data between two laptops using nothing more than the computers’ microphone and speakers. The researchers were able to share data between the devices up to a range of about 65 feet.
That’s far shorter than the NSA’s eight-mile limit, and for good reason. Unlike badBios and the proof-of-concept malware, the NSA’s spy tech is not software-based and requires actual hardware, albeit incredibly small hardware, to be inserted into a target device before it can communicate over the air.
The presence of that transceiver, in effect, makes any air-gapped computer a networked computer. It’s just that the computer’s owners have no idea it’s connected.