back to article Israeli boffins hack air gap, fire missiles on compromised kit

One of the weirder attacks to bridge air gap networks has emerged, and uses heat to transfer data between machines. The command and control mechanism forged by Ben Gurion University researchers could transfer sensitive data through "thermal pings" between two physically close computers. Like many air gap bridges, the so- …

  1. Anonymous Coward
    Anonymous Coward

    But wait...

    does there not have to be something already installed on the target System to act as a receiver?

    If this is the case, then the impact of this 'feature' is going to be more like 'so what'?

    (that is if the air gapped systems are properly audited?)

    Opps there goes another Squadron of Flying Sheep heading over Beachy Head.

    1. Anonymous Coward
      Anonymous Coward

      Re: But wait...

      does there not have to be something already installed on the target System to act as a receiver?

      From the article:

      Like many air gap bridges, the so-called BitWhisper attack is limited in that it requires malware to be installed on the sending and receiving machines in order for the very slow data exchange to take place.

      […]

      Planting malware on air gap machines is easier than it sounds; dropping infected USB sticks and DVDs around a target machine or phishing particular staff members often does the job.

      1. Anonymous Coward
        Anonymous Coward

        Re: But wait...

        Came with clipboard loaded to say the same. "it requires malware to be installed on the sending and receiving machines", it also requires the two machines to both be suitable tower cases and to be shoved sufficiently close to one another and left in place for as long as is necessary for the sensitive data to be captured and trickled out. Seems to be an extremely specific concern for an extremely small audience. I also imagine that the vast majority of that tiny audience will be fully aware of their situation and will have considered the wider scope for this kind of attack, including other faster, more pervasive and efficient emanations such as sound, light and radio and whatever mitigations they have seen fit to adopt for those media will almost certainly eliminate the plausibility of the presented attack. So while I certainly wouldn't dismiss it outright as completely irrelevant, it certainly seems to be a very obscure concern for a very tiny audience.

        1. JamesPond
          Mushroom

          Re: But wait...

          Do desktop PC's / laptops normally come with heat sensors which this hack is apparently dependent upon? I know servers do as I've had a couple shut down when they've got too hot (which incidentally Compaq said invalidated the warranty when the mother boards popped a few months later!).

          I guess we now have to wrap our PCs in tin foil, not just our heads!

          1. David Gosnell

            Re: But wait...

            > Do desktop PC's / laptops normally come with heat sensors which this hack is apparently dependent upon?

            Yes, all over the place. Quite often measured at three or four points round the system, e.g. CPU, PSU, hard disk(s) etc. Generally takes software such as MBM (for Windows) to hook into it, but it's there for the using all the time.

        2. Anonymous Coward
          Anonymous Coward

          Re: But wait...

          "I certainly wouldn't dismiss it outright as completely irrelevant, it certainly seems to be a very obscure concern for a very tiny audience"

          Welcome to the readership of El Reg

    2. Charles Manning

      Re: But wait...

      Yes, the victim must be compromised after that the data can be transferred in various ways...

      In this case, they used heat to send data via the victim's temperature sensors. You could also use all sorts of other methods.

      A BT keybopard for instance.... If the host was to disconnect/reconnect a BT keyboard and the victim was listening for traffic - that would work as would pretty much any form of sensor.

      Even LEDs can be used as sensors. A little known thing about LEDs is that they are also light sensitive and LEDs driven by microcontrollers can also be used as light receivers.

      But, hey, once you've compromised a compter, just assume all bets are off.

  2. This post has been deleted by its author

  3. Anonymous Coward
    Anonymous Coward

    Why not use audio

    Make the hard drives spin up / down or even the fan speed then use the mic on the other one to detect the sound and then decode it.

    Easier still - the NIC LED lights are a much longer range, higher bit rate data exfoliation point than heat.

    1. Filippo

      Re: Why not use audio

      ...exfoliation?

      1. Anonymous Coward
        Anonymous Coward

        Re: Why not use audio

        "...exfoliation?"

        An interesting metaphor. Presumably the casting off of light packets.

        1. Anonymous Coward
          Anonymous Coward

          Re: Why not use audio

          Hate to "burst your bubble" AC but I'd have thought a misread of "...BitWhisper when exfiltrating smaller files..." from the article is more likely to be the... inspiration?

          1. Anonymous Coward
            Anonymous Coward

            Re: Why not use audio

            Damn you auto-correct :)

    2. Irongut Silver badge

      Re: Why not use audio

      What mic? No tower computer I have ever seen had a built in mic. If you had a pair of laptops then fair enough but I doubt anyone uses a laptop for a secure air-gapped computer. It would defeat the point.

      As for headsets plugged into the computers how would you know which hdd or fan to listen to in a busy office?

      1. Anonymous Coward
        Anonymous Coward

        Re: Why not use audio

        Devices that generate audio by moving a physical item will also generate an electrical change in response to audio, it is not much of a leap to think there is some way of recovering voltage changes in the Piezo sounder, hard drive enclosure, power supply coils (vibration from case) etc.

        Or later discovering C107 on all AsuGigaMicro boards since 2005 is actually an electret microphone.

        Hell turn on the laser in the CD/DVD player and don't spin the disk, read the return modulated by vibration, filter out the fans and you have the boom box which is PC cases feeding voice frequencies back.

  4. Nifty Silver badge

    So you need to install efficient malware on both machines in order to make one really inefficient hack work. Hmm.

  5. This post has been deleted by its author

  6. Winters

    How exactly are you supposed to get the malware onto the air-gaped computer?

    1. Irongut Silver badge

      By learning to read the article before commenting.

      1. Queasy Rider

        We need a new acronym: RTWFA

        As the quality of commentard feedback continues to slide, I recommend using this as a reply to the reading impaired: Read The WHOLE F**king Article.

  7. Stephen 2

    Lets say you manage to get the malware onto the air gapped computer. And lets say there's another machine close enough and also with the malware installed. I would assume that computer would also be air gapped.

    So how do you get the information out?

    1. DragonLord

      Given that I've seen a couple of methods for transferring data between air gapped computers before this. I would say that at least one of them will probably work. Also I'm guessing that the point of the 2 computers close together is that one of them is connected to the public network and one to the internal network, so as to not inconvenience the user of the 2 computers.

      Don't forget that for most people convenience trumps security

    2. Anonymous Coward
      Anonymous Coward

      Obligatory

      It's air-gapped computers all the way down.

  8. Anonymous Coward
    Anonymous Coward

    "A toy missile launcher"

    ...how very appropriate.

    1. Anonymous Coward
      Anonymous Coward

      Re: "A toy missile launcher"

      Thank you for your tip-off. The thought police are on their way! Have a great day.

  9. Anonymous Coward
    Anonymous Coward

    British solution

    Place one very hot cup of tea between the air-gapped computers.

  10. Crazy Operations Guy

    You'd need intel on the physical location of the machines

    How would the malware know here its receiving data from, or even that the heat is coming from an infected system and not just a box that gets used for periodic, yet intensive tasks.

    SO for this task to work, you'd have to manage to get the malware onto both machines. Its not hard to infect either machine, but beating the odds and getting both? Those are some pretty big odds given that the sending machine would need to remain undetected (which gets harder as time goes by, because someone is going to notice a process that wastes that many cycles).

    Things like this is why my company put all air-gapped systems into secure data center and users access them by way of a thin client. Pus we have executable white-lists, so something like this wouldn't be able to run in the first place.

    1. Anonymous Coward
      Anonymous Coward

      Re: You'd need intel on the physical location of the machines

      One does wonder how long the adversary might spend trying to decode the "signal" from a thermostatically controlled radiator... or even the "signal" from the comings and goings of the office wetware units.

  11. CAPS LOCK Silver badge

    An interesting idea but...

    ... not practical. 3/10 must try harder.

    1. Anonymous Coward
      Anonymous Coward

      Re: An interesting idea but...

      Probably just about adequate to secure another round of funding though... certainly getting some attention... so I'd imagine it's a "mission accomplished"

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020