The hackers used the electromagnetic waves from the laptop to access information on an encryption key in just three seconds.
The hack could have implications for computer security as mobiles could easily get into places where sensitive data is being held.
Employees at places such as nuclear power plants are banned from using thumb drives to stop them stealing data, but now they may have to hand in their mobile phones too.
In the experiment, the Israeli researchers carried out the hack using a Samsung Galaxy S3 and a Lenovo 3000 N20 laptop, a model which is commonly used by businesses.
Devices used in this Experiment:
- Experts carried out the hack with a Samsung Galaxy S3 and Lenovo laptop
- Laptop was set up so that it was ‘air gapped’, or not connected to the web
- This technique is supposed to prevent it from being hackable
- However, the computer still emits electromagnetic radiation which can be interpreted by a nearby mobile phone
The laptop was set up so that it was ‘air gapped’, or not connected to the Internet, which is supposed to prevent it from being hackable.
But even then computer still emits electromagnetic radiation, which is something that mobile phones pick up.
During a demonstration the researchers turned on an app on the phone they called the ‘Airhopper decoder app’ and began typing a message on the screen.
In the experiment, the Israeli researchers carried out the hack using the set-up pictured, and a Samsung Galaxy S3 in a nearby room. A Lenovo laptop was then set up so that it was ‘air gapped’, or not connected to the internet, which is supposed to prevent it from being hackable
WHAT IS AN AIR GAPPED MACHINE?
They are among the most secure computers on the planet – isolated from the internet and used only in the highest security settings.
Known as ‘air gapped’ computers, they are used in situations that demand high security because they make siphoning data from them difficult.
Classified military networks, the payment networks that process credit and debit card transactions for retailers, and in industrial control systems that operate critical infrastructure all rely on them.
Once the laptop had been compromised the same message started appearing on its screen.
Both the laptop and the mobile have to have malware installed, but once everything was up and running it took just 3.3 seconds to get the data they wanted.
In their report the researchers said that during the hack they accessed information from a public-key encryption algorithm, which is used in the latest version of GnuPG, the popular encryption software.
The team from Ben Gurion University said that they had achieved what they described as the ‘first physical side-channel attack on elliptic curve cryptography running on a PC’.
The researchers are known as ‘white hat’ hackers, which means they are hackers who look for security flaws so that they can be fixed.
In their new paper they thanked Werner Koch, lead developer of GnuPG, for a ‘prompt response’ to their findings.
The paper says that they worked together to develop ‘suitable countermeasures’ to stop others using their techniques.
The same team from Ben Gurion University has previously shown how they retrieved and sent data between two computers based on heat emissions and a computer’s built-in thermal sensors.
They said that this should serve as a warning to people who work in secure facilities where air gapped computers are often stored next to each other.