Forget badBios, NSA turns to pirate radio to target air gapped computers

The New York Times reports that the National Security Agency can actively nab data and install malware on non-networked computers.

In recent months, security researchers have pondered whether craftily designed malware could steal data from a computer using high-frequency signals when a network connection was not present. Take security researcher Dragos Ruiu, who claimed several months ago that a malware dubbed badBios could hijack a PC's microphone and speakers.

But while security pros ponder the theoretical, the National Security Agency is actively nabbing data from PCs and installing malware on non-networked computers, according to The New York Times.

Unlike badBios, however, the NSA's capabilities aren't about using novel software-based methods to retrieve data, but a high-tech approach to good old-fashioned bugging.


Imagine this: an Iranian official has a laptop containing detailed data about the progress of that country's presumed nuclear weapons program. The laptop with top secret materials is a so-called "air gapped" computer that has no connection to the Internet and, therefore, requires physical access to hack.

Unbeknownst to the Iranians, however, the air gapped computer contains a small circuit board with a radio transceiver that communicates over a secret radio frequency.

Eight miles away in a hotel room on the outskirts of Tehran, an NSA agent could use an oversized briefcase to communicate with the transceiver, hack into the air gapped computer, copy the nuclear weapons data, and install malware on the device.

That may sound like the opening sequence for next summer's blockbuster spy thriller, but based on the Times report, it is part of a very real NSA program used to access numerous air gapped computers around the world.

Using special transceivers embedded inside innocuous items like circuit boards and USB cables, the NSA can reportedly communicate with compromised PCs from up to eight miles away. The tech can be used to pilfer documents, observe users, and install malware.

The NSA's technology is used against a wide range of foreign targets, the Times says, and is not in use domestically unlike other NSA activities such as the agency's metadata collection programs.

Listening in

While the NSA's radio tech is apparently a very real way to get at air gapped computers, it's still an open question whether badBios is an actual piece of malware or the product of an overactive imagination. The problem is that no one but Ruiu has yet to fully examine badBios in action.

The concepts behind badBios, however, are very real.

Researchers in Germany recently demonstrated a proof-of-concept malware prototype that could share data between two laptops using nothing more than the computers' microphone and speakers. The researchers were able to share data between the devices up to a range of about 65 feet.

That's far shorter than the NSA's eight-mile limit, and for good reason. Unlike badBios and the proof-of-concept malware, the NSA's spy tech is not software-based and requires actual hardware, albeit incredibly small hardware, to be inserted into a target device before it can communicate over the air.

The presence of that transceiver, in effect, makes any air-gapped computer a networked computer. It's just that the computer's owners have no idea it's connected.

Join the CSO newsletter!

Error: Please check your email address.

Tags National Security Agencysecuritynsamalware

More about National Security AgencyNSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ian Paul

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place