The GSMem malware component that runs on the Motorola phone samples the amplitude of the frequency coming off the targeted computer, Mirsky said.
Once both malware components are in place, the data harvesting can begin. The Motorola phone, which can be up to five meters away from the computer, can collect one or two bits per second. That's just a tiny amount, but enough to pilfer data such as passwords or encryption keys.
Using a smartphone with a more powerful antenna and processor could tick up the data transfer speeds and increase the distance from which the attack could be conducted.
Building an even more powerful kind of receiver, such as a software-defined radio, could increase the transfer speeds to as much as 1,000 bits per second and increase the range up to 30 meters. But that kind of device would negate the stealthy benefit of using an older feature phone, particularly when infiltrating an organization, Mirsky said.
Some of the defenses are easy: ban all phones, smartphones or not, from sensitive areas. Other options would be to jam cellular signals or use Faraday cages -- which are enclosures that use metal to dissipate electronic signals -- in certain areas, Mirsky said.
The research paper was also co-authored by Assaf Kachlon, Ofer Hasson, Gabi Kedma, and the project was overseen by Yuval Elovici, head of the cyber labs at Ben-Gurion.
Sign up for CIO Asia eNewsletters.