Researchers show air-gapped systems susceptible to attack
- By Mark Pomerleau
- Mar 27, 2015
For many years, common wisdom held that air-gapped systems provided the most secure platform in classified government and financial systems because they are physically isolated from other machines, networks and the Internet. One of the benefits of these systems is that they are only compromised if one is able to gain physical access to the machines.
Or so we thought.
A group of researchers from Israel have demonstrated a way to gain access to air-gapped systems, according to a report in Wired. Using the heat emissions and the built-in thermal sensors found in computers, the researchers were able to siphon data from an air-gapped system.
This same heat and sensor technique could lift passwords from air-gapped machines or transmit malicious commands from Internet-connected devices to the air-gapped systems.
The attack developed by the Israeli researchers at Ben Gurion University and nicknamed BitWhisper used the computer’s heat sensors to send commands to air-gapped systems or siphon data from it. Comparable to Morse code, Wired wrote, the attack communicates with the internal system based on heat signatures caused by certain commands and translates them into binary code.
Last year, Ben Gurion University researchers demonstrated AirHopper, a method for leaking data from an isolated computer to a mobile phone without using Wi-Fi or Bluetooth. The app uses radio frequencies to transcribe keystroke data from the computer screen to a phone’s FM radio receiver. Researchers contend that AirHopper can exfiltrate data from a physically isolated computer to mobile phones at a distance of 1-7 meters with effective bandwidth of 13-60 bytes per second, which is enough to steal a password.
Separately, another group of researchers from Georgia Institute of Technology showed how air-gapped systems can be compromised using keystrokes that capture side-channel signals from computers connected to secure isolated networks, according to a report in Tech Republic.
Among the many types of side channels -- acoustic, power, electromagnetic and cache -- voltage fluctuations create electromagnetic radiation that can be captured and processed, though researchers admit that it is extremely difficult to distinguish useful information from the electromagnetic radiation.
The Georgia Tech researchers even had to invent a type of code they called Signal Available to Attacker, or SAVAT, to separate voltage levels and interpret the data.
Mark Pomerleau is a former editorial fellow with GCN and Defense Systems.