This post is also available in: עברית (Hebrew)
Researchers from the Ben-Gurion University of the Negev (BGU) Cyber Security Research Center have discovered that virtually any cellphone infected with a malicious code can use GSM phone frequencies to steal critical information from infected “air-gapped” computers. This discovery by the center’s reasearchers is a breakthrough, since these are networks that supposedly function in a network completely separate from the open network, and are thus supposed to be impenetrable to external elements.
The team of researchers, Led by BGU Ph.D. student Mordechai Guri, has discovered how to turn an air-gapped computer into a cellular antenna through which a cellular phone user can steal information which should be inaccessible to them. Guri says that many companies don’t allow their employees to use cellular phone near the air-gapped system, or at least demand them to restrict themselves to the applications allowed, such as cameras with no cameras, video or WiFi connection.
The research showed that classified computer are exposed to penetrations only when cellular phones are nearby, up to a radius of 30 meters, and so the general recommendation for companies that want to keep their information secret is to ban use of cellular phones near the network altogether.
Though the research is considered a breakthrough, it seems that security bodies have realized in advance the danger they face from cellular devices. It’s well-known that the security system, at least the Israeli one but probably in other countries as well, demands participants in classified meetings with high-ranked intelligence officials to leave their cellular devices outside the room, separated from the batteries. It’s now been academically confirmed that there is indeed a reason for this fear of security leaks.