DOI: 10.14569/IJACSA.2018.090125

Data Exfiltration from Air-Gapped Computers based on ARM CPU

Author 1: Kenta Yamamoto
Author 2: Miyuki Hirose
Author 3: Taiichi Saito

International Journal of Advanced Computer Science and Applications(IJACSA), Volume 9 Issue 1, 2018.

Abstract: Air-gapped Network is a network isolated from public networks. Several techniques of data exfiltration from air-gapped networks have been recently proposed. Air-gap malware is a malware that breaks the isolation of an air-gapped computer using air-gap covert channels, which extract information from air-gapped computers running on air-gap networks. Guri et al. presented an air-gap malware “GSMem”, which can exfiltrate data from air-gapped computers over GSM frequencies, 850 MHz to 900MHz. GSMem makes it possible to send data using the radio waves leaked out from the system bus between CPU and RAM. It generates binary amplitude shift keying (B-ASK) modulated waves with x86 SIMD instruction. In order to efficiently emit electromagnetic waves from the system-bus, it is necessary to access the RAM without being affected by the CPU caches. GSMem adopts an instruction that writes data without accessing CPU cache in Intel CPU. This paper proposes an air-gap covert channel for computers based on ARM CPU, which includes a software algorithm that can effectively cause cache misses. It is also a technique to use NEON instructions and transmit B-ASK modulated data by radio waves radiated from ARM based computer (e.g. Raspberry Pi 3). The experiment shows that the proposed program sends binary data using radio waves (about 1000kHz ~ 1700kHz) leaked out from system-bus between ARM CPU and RAM. The program can also run on Android machines based on ARM CPU (e.g. ASUS Zenpad 3S 10 and OnePlus 3).

Keywords: Air-Gapped Network; ARM CPU; data exfiltration; SIMD; NEON; GSMem

Kenta Yamamoto, Miyuki Hirose and Taiichi Saito, “Data Exfiltration from Air-Gapped Computers based on ARM CPU” International Journal of Advanced Computer Science and Applications(IJACSA), 9(1), 2018. http://dx.doi.org/10.14569/IJACSA.2018.090125

@article{Yamamoto2018,
title = {Data Exfiltration from Air-Gapped Computers based on ARM CPU},
journal = {International Journal of Advanced Computer Science and Applications},
doi = {10.14569/IJACSA.2018.090125},
url = {http://dx.doi.org/10.14569/IJACSA.2018.090125},
year = {2018},
publisher = {The Science and Information Organization},
volume = {9},
number = {1},
author = {Kenta Yamamoto and Miyuki Hirose and Taiichi Saito}
}


Copyright Statement: This is an open access article licensed under a Creative Commons Attribution 4.0 International License, which permits unrestricted use, distribution, and reproduction in any medium, even commercially as long as the original work is properly cited.

IJACSA

Upcoming Conferences

Future of Information and Communication Conference (FICC) 2024

4-5 April 2024

Computing Conference 2024

11-12 July 2024

IntelliSys 2024

5-6 September 2024

Future Technologies Conference (FTC) 2023

2-3 November 2023