'RAMBO' your Air Gapped network | WhatsApp 'view once' flaw
#156 - How to steal data from an air gapped network | View a 'view once' message more than once?
Stealing data from air gapped computers
An attack that uses radio signals emanating from the RAM of an air gapped computer to steal data
Stealing data from an air gapped computer has its own romantic appeal. And there is no dearth of people coming up with novel ideas for it.
Air gapped systems are inherently more secure, but there is also more motivation to hack them. (Think of all the spy movies where the lead protagonist hangs from ceilings to get access to an air gapped computer)
This interesting attack makes use of radio waves emanating from the RAM of a computer to steal data.
Stealing data using electromagnetic emissions, optical signals, acoustics and thermal changes have all been tried on air gapped networks. This new technique too makes use of waves emanating from the computer - this time from the RAM.
This paper explains how the attack works. Here is an excerpt:
When data is transferred through a RAM bus, it involves rapid voltage and current changes, mainly in the Data bus. These voltage transitions create electromagnetic fields, which can radiate electromagnetic energy through electromagnetic interference (EMI) or radio frequency interference (RFI).
As explained above, when data is read from or written to memory, electrical currents flow through the RAM chips and the associated traces on the printed circuit board (PCB). These electrical currents generate electromagnetic fields as a byproduct, which radiates EM energy. To create an EM covert channel, the transmitter needs to modulate memory access patterns in a way that corresponds to binary data.
In this attack, you need physical access first. You also need to be fairly close to pick up the radio signals. That’s two difficult requirements right off the bat. It's not the kind of attack we’re likely to see in spy activities anytime soon.
Take Action:
Unless you work as a top secret spy who has to infiltrate air-gapped nuclear facilities, this piece of information is that just that - a piece of information. Something to be discussed with your cybersecurity friends over a beer after a hard day of work toiling over excel sheets… 😆
Re-view View once messages
A privacy flaw in WhatsApp allows single view messages to be viewed again
Moving from an esoteric exploit that is meant for the James Bond variety of spies (not your garden variety spies) to a flaw that affects almost everyone.
When WhatsApp took on Snapchat and decided to get into the ephemeral message space, they introduced the ‘view once’ feature - a message can be viewed only once, after which it disappears.
But not always.
This bug in the browser version of WhatsApp allows ephemeral messages to be viewed multiple times. It’s not as difficult as it appears. When a message is viewed, a flag is set. All the attacker has to do is to change the status of the flag and voila! the message is viewable again.
The browser version is vulnerable as it does not have strong DRM (Digital Rights Management) features like Android and iOS. There is no fix released for this yet.
Take Action:
Well, first of all, don’t send nude selfies on WhatsApp (or any other messaging platform for that matter)
For software developers, it’s an interesting conundrum. Setting a flag is the only way to know if a message has been viewed or not. It might be a good idea to run a script to permanently delete all messages with a 'view once’ flag that has been set from the database, unless you have other intentions, of course.