Unseen Triggers: Exploiting Wireless Channels to Activate Dormant Malware in Air-gapped Critical Infrastructure

Document Type

Conference Proceeding

Publication Date

2025

Abstract

Critical infrastructure systems, including power grids, maritime navigation, and industrial networks, face growing threats from cyber attacks that do not rely on conventional Internet-based connectivity. While air-gapping and IT/OT segmentation are widely adopted as security measures, adversaries have developed alternative methods for remote malware activation, exploiting vulnerabilities in wireless communication and system firmware. This paper investigates non-internet-based remote activation techniques that leverage wireless technologies such as GPS, AIS, pager, and others to execute pre-installed malware within air-gapped environments. Through an in-depth analysis of these methods, we highlight how attackers manipulate signals to activate dormant threats in critical systems. We present two case studies demonstrating real-world attack scenarios: one targeting maritime vessels via AIS signal spoofing and another exploiting GPS-based time synchronization vulnerabilities in power grid infrastructure. Finally, we propose mitigation strategies, including secure firmware development, signal authentication, and anomaly detection, to enhance the resilience of critical infrastructure against emerging remote activation threats. Our findings emphasize the urgent need for a holistic cybersecurity approach that accounts for evolving attack vectors beyond traditional internet-based threats.

College/Unit

College of Business

Publication or Event Title

2025 10th International Conference on Smart and Sustainable Technologies (SpliTech)

First Page

1

Last Page

6

DOI

10.23919/SpliTech65624.2025.11091686

Link to Full Text

Share

COinS