February 4, 2023

A new attack strategy named COVID-bit that uses electromagnetic waves breaching air-gapped computers has been discovered, and it has a data transmission range of at least two meters.

The transmitted data can be received by a nearby smartphone or laptop, even when the two devices are separated by a wall.

Air-gapped computers are isolated from the Internet or any other network for security reasons. These are typically used in energy infrastructures, government agencies, military sites, and other sensitive environments.

Advertisements

To abuse these systems, physical access to the air-gapped device or network is first needed. An intruder can plant malware on the targeted computers.

In case of COVID-bit attack, researchers designed a software that regulates CPU load and core frequency in a particular manner to make the power supplies on air-gapped computers emanate electromagnetic radiation on a low-frequency band (0 – 48 kHz), these waves can transmit raw data to a receiver which can be a laptop or a smartphone.

The receiver device needs a loop antenna connected to the 3.5mm audio jack for the transmission to be captured. Then, a noise reduction filter is applied, raw data is demodulated, and the content is decoded.

The COVID-bit method was tested with three types of systems:

  • PC workstations – Zero-Bit error rate 200 bps.
  • Laptops – Zero-Bit error rate 100 bps.
  • Embedded devices – Zero-Bit error rate 200 bps.

Desktop PCs had the best transmission rate, up to 500bps for a bit error rate between 0.01% and 0.8%, laptops performed worse because of their energy-saving profiles and not strong enough signals, and the embedded devices had a limited distance caused by their weak power supply.

Advertisements

To keep your devices and network safe from COVID-Bit Attack, below are some of the recommendations.

  • Restriction of access to the devices to prevent the installation of any malware, even if this does not clear the inside threats.
  • Monitoring the CPU core usage and the computer’s behavior for any suspicious patterns.
  • Lock the CPU core frequency at a certain level, with the goal of making the creation of the data-carrying signal more difficult. On the other end, it makes degraded performance.

This attack method has been discovered by Mordechai Guri, a researcher at Ben-Gurion University.

Leave a Reply

%d bloggers like this: