Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 17 submissions in the queue.

Using Heat to Defeat Air-Gapping

posted by janrinok on Thursday March 26 2015, @09:12AM   Printer-friendly
from the data-transfer-rate-of-the-worst-ISPs dept.

Phoenix666 writes:

Israeli researchers have demonstrated a proof of concept for defeating air-gapping through heat:

[...] [S]ecurity researchers at Ben Gurion University in Israel have found a way to retrieve data from an air-gapped computer using only heat emissions and a computer’s built-in thermal sensors. The method would allow attackers to surreptitiously siphon passwords or security keys from a protected system and transmit the data to an internet-connected system that’s in close proximity and that the attackers control. They could also use the internet-connected system to send malicious commands to the air-gapped system using the same heat and sensor technique.
...
currently, the attack allows for just eight bits of data to be reliably transmitted over an hour—a rate that is sufficient for an attacker to transmit brief commands or siphon a password or secret key but not large amounts of data. It also works only if the air-gapped system is within 40 centimeters (about 15 inches) from the other computer the attackers control. But the researchers, at Ben Gurion’s Cyber Security Labs, note that this latter scenario is not uncommon, because air-gapped systems often sit on desktops alongside Internet-connected ones so that workers can easily access both.

Oh yeah? Well, my computer's a difference engine, so there!

 
This discussion has been archived. No new comments can be posted.
Using Heat to Defeat Air-Gapping | Log In/Create an Account | Top | 28 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by Hairyfeet on Thursday March 26 2015, @04:10PM

    by Hairyfeet (75) <bassbeast1968NO@SPAMgmail.com> on Thursday March 26 2015, @04:10PM (#162775) Journal

    If you have already gotten malware onto an AIR GAPPED (I capitalized because some don't seem to be getting the concept, we're talking a stand alone PC where you have to have physical access to inject the malware) computer then you could 1.- Memorize more than 8 bits worth of data and transmit it when you are on a net box, 2.- Use the same method you used to get the malware on, be it flash or CD or floppy, 3.- Camera (they have cams now that can be the button on a shirt).

    If you have the access to put malware on a computer where physical access is required? You are already home free, the hard part is over.

    --
    ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by GreatAuntAnesthesia on Thursday March 26 2015, @04:28PM

    by GreatAuntAnesthesia (3275) on Thursday March 26 2015, @04:28PM (#162789) Journal

    > If you have already gotten malware onto an AIR GAPPED (I capitalized because some don't seem to be getting the concept, we're talking a stand alone PC where you have to have physical access to inject the malware) computer

    You might be missing the point:
    1 - Hardware manufacturer / OS vendor (at the direction of scary TLA [1]) installs airgap software onto the computer at the factory. It's running silently and secretly in the background, waiting to be activated by the right stimulus.

    2 - hardware goes out and gets installed in a sensitive location. Needn't be a desktop or a server, it might be the ECU of a car, or a controller in some industrial setup.

    3 - TLA uses remote exploits (also installed at hardware / OS level[1]) to gain control of net-connected computer within reach of the air-gapped machine.

    4 - Hacked online machine reaches out to airgapped machine, sending through the correct trigger to activate the sleeper code and take control of the PC.

    5 - pwned.

    As you can see, no physical access is required in the way you are thinking of it. Physical access at the factory I'll grant you, but try not to think about that for too long because when you realise your computer is running a US operating system on a chinese-made processor you'll want to sell your computer and go live in a yurt.

    [1] We know they are not above this kind of shit.

    • (Score: 2) by Hairyfeet on Thursday March 26 2015, @05:15PM

      by Hairyfeet (75) <bassbeast1968NO@SPAMgmail.com> on Thursday March 26 2015, @05:15PM (#162829) Journal

      Again if you have an enemy making the hardware? You be ALREADY fucked because there is a hell of a lot more they can do than just steal your data...imagine having all your PCs encrypt themselves with passwords of long strings of gibberish so that at a crucial time your PCs are all plastic bricks for instance.

      Former AR Gove Huckabee may be an asshole but one thing he got spot on the nose is when you are having critical equipment made by a country you can't trust? You are an idiot.

      --
      ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.

  • (Score: 2) by WillR on Thursday March 26 2015, @08:55PM

    by WillR (2012) on Thursday March 26 2015, @08:55PM (#162952)

    If you have already gotten malware onto an AIR GAPPED (I capitalized because some don't seem to be getting the concept, we're talking a stand alone PC where you have to have physical access to inject the malware)

    ...or your malware has to be disguised as something the owner of the air gapped network wants, and you let him install it for you. Like Stuxnet.