Stories
Slash Boxes
Comments

SoylentNews is people

Using Heat to Defeat Air-Gapping

posted by janrinok on Thursday March 26 2015, @09:12AM   Printer-friendly
from the data-transfer-rate-of-the-worst-ISPs dept.

Phoenix666 writes:

Israeli researchers have demonstrated a proof of concept for defeating air-gapping through heat:

[...] [S]ecurity researchers at Ben Gurion University in Israel have found a way to retrieve data from an air-gapped computer using only heat emissions and a computer’s built-in thermal sensors. The method would allow attackers to surreptitiously siphon passwords or security keys from a protected system and transmit the data to an internet-connected system that’s in close proximity and that the attackers control. They could also use the internet-connected system to send malicious commands to the air-gapped system using the same heat and sensor technique.
...
currently, the attack allows for just eight bits of data to be reliably transmitted over an hour—a rate that is sufficient for an attacker to transmit brief commands or siphon a password or secret key but not large amounts of data. It also works only if the air-gapped system is within 40 centimeters (about 15 inches) from the other computer the attackers control. But the researchers, at Ben Gurion’s Cyber Security Labs, note that this latter scenario is not uncommon, because air-gapped systems often sit on desktops alongside Internet-connected ones so that workers can easily access both.

Oh yeah? Well, my computer's a difference engine, so there!

 
This discussion has been archived. No new comments can be posted.
Using Heat to Defeat Air-Gapping | Log In/Create an Account | Top | 28 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1, Touché) by Anonymous Coward on Thursday March 26 2015, @10:27AM

    by Anonymous Coward on Thursday March 26 2015, @10:27AM (#162656)

    Does it make a difference if air-gapped the computer is standing up with the motherboard side facing the internet connected computer? What about if air-gapped the computer is facing away? How about lying flat? Or if the fans are a bit clogged and not cooling the CPU effectively? Of if the graphics card is generating too much heat? Or if it's running an i7 or a Celeron or an older/newer AMD chip? Or if there's an AC vent under the desk or directly above the rack? What if there's several computers in the rack but only one is air-gapped? Or the disk array is near the air-gapped computer? Or my laptop's power supply? Or ... or ... or ...

    I think that under ideal conditions this may work occasionally as long as the internet connected computer knows exactly when the air-gapped computer is processing a key/password/whatever. Otherwise they just might be trying to get their 8bph from some guy playing Duke Nukem: Red Herring.

    Starting Score:    0  points
    Moderation   +1  
       Touché=1, Total=1
    Extra 'Touché' Modifier   0  
    Total Score:   1  

  • (Score: 0) by Anonymous Coward on Thursday March 26 2015, @06:37PM

    by Anonymous Coward on Thursday March 26 2015, @06:37PM (#162894)

    All of that is just noise, you simply need to filter it out.

    • (Score: 0) by Anonymous Coward on Friday March 27 2015, @02:24AM

      by Anonymous Coward on Friday March 27 2015, @02:24AM (#163072)

      Noise is noise, but heat is heat. If you're stealing info a bit at a time via heat emissions you're not going to get different thermal fingerprints without perfect conditions and perfect timing.