System bus radio transmitter

Some computers are specially isolated from the outside world (air gap or physical isolation) for security reasons. They do not have access to the Internet, there is no local area network, WiFi, Bluetooth, even the USB interface and audio card are disabled. How, then, to transfer information from this computer?

The new System Bus Radio program solves the problem. Even in such a situation, it can be used to transmit a radio signal.

Let's check. The source code is published on Github. We compile (the author checked on Apple MacBook Air).

gcc main.c -Wall -O2 -o main

We start.

./main

In the radio tuned to a frequency of 1580 kHz AM, the song " Mary Had a Little Lamb " will sound in an endless loop.

The author of the program is an American hacker, William Entriken. He says that according to documents that have leaked into open access, the US National Security Agency and the US Department of Defense have long been discussing the possibility of information leakage from protected systems through electromagnetic radiation, there are various ways to remotely remove data. So the System Bus Radio project will be a new argument in this discussion.

By trial and error, the author found out that the frequency of 1580 kHz is best suited for transmitting and receiving data on its equipment (Apple MacBook Air and Sony STR-K670P radio with antenna).

Radiation of radio waves occurs by various electronic components. Here, the memory bus radiation (I / O bus clock) is used during data exchange between the CPU and RAM.


The radio frequency distribution of the motherboard with an I / O bus of 800 MHz using DDR3-1600 RAM. Blue shows the normal operation of a PC, red shows the result of the data transfer algorithm using the multi-channel memory architecture.

In the program, radiation is generated using the instruction _mm_stream_si128or x++, which writes the address to the main memory. This concept was presented in a report at the last USENIX Security 15 conference.

Guri, M., Kachlon, A., Hasson, O., Kedma, G., Mirsky, Y. and Elovici, Y., 2015. GSMem: data exfiltration from air-gapped computers over GSM frequencies. In 24th USENIX Security Symposium (USENIX Security 15) ( pp. 849-864 ).

The transmission speed depends on the quality of the signal, that is, on the quality of the receiver and the distance to the transmitter. The authors of the original report tested the transmitter on a desktop computer, and used the Motorola C123 phone and Lenovo ThinkPad T530 laptop with software-defined radio system (SDR) as the receiver. At a distance of 2.6 meters on the SDR, the transmission speed was about 1000 bps. When using a special optimized directional antenna like LP0410 ($ 53), the transmission distance increases to 30-40 meters from the front of the system unit.



Returning to the System Bus Radio program, it uses rectangular modulation.



The author also provides links to various APIs for working with high-precision time under OS X.