Israeli boffins hack air gap, fire missiles on compromised kit One of the weirder attacks to bridge air gap networks has emerged, and uses heat to transfer data between machines. The command and control mechanism forged by Ben Gurion University researchers could transfer sensitive data through "thermal pings" between two physically close computers. Like many air gap bridges, the so- …
does there not have to be something already installed on the target System to act as a receiver?
If this is the case, then the impact of this 'feature' is going to be more like 'so what'?
(that is if the air gapped systems are properly audited?)
Opps there goes another Squadron of Flying Sheep heading over Beachy Head.
does there not have to be something already installed on the target System to act as a receiver?
From the article:
Like many air gap bridges, the so-called BitWhisper attack is limited in that it requires malware to be installed on the sending and receiving machines in order for the very slow data exchange to take place.[…]
Planting malware on air gap machines is easier than it sounds; dropping infected USB sticks and DVDs around a target machine or phishing particular staff members often does the job.
Came with clipboard loaded to say the same. "it requires malware to be installed on the sending and receiving machines", it also requires the two machines to both be suitable tower cases and to be shoved sufficiently close to one another and left in place for as long as is necessary for the sensitive data to be captured and trickled out. Seems to be an extremely specific concern for an extremely small audience. I also imagine that the vast majority of that tiny audience will be fully aware of their situation and will have considered the wider scope for this kind of attack, including other faster, more pervasive and efficient emanations such as sound, light and radio and whatever mitigations they have seen fit to adopt for those media will almost certainly eliminate the plausibility of the presented attack. So while I certainly wouldn't dismiss it outright as completely irrelevant, it certainly seems to be a very obscure concern for a very tiny audience.
Do desktop PC's / laptops normally come with heat sensors which this hack is apparently dependent upon? I know servers do as I've had a couple shut down when they've got too hot (which incidentally Compaq said invalidated the warranty when the mother boards popped a few months later!).
I guess we now have to wrap our PCs in tin foil, not just our heads!
> Do desktop PC's / laptops normally come with heat sensors which this hack is apparently dependent upon?
Yes, all over the place. Quite often measured at three or four points round the system, e.g. CPU, PSU, hard disk(s) etc. Generally takes software such as MBM (for Windows) to hook into it, but it's there for the using all the time.
Yes, the victim must be compromised after that the data can be transferred in various ways...
In this case, they used heat to send data via the victim's temperature sensors. You could also use all sorts of other methods.
A BT keybopard for instance.... If the host was to disconnect/reconnect a BT keyboard and the victim was listening for traffic - that would work as would pretty much any form of sensor.
Even LEDs can be used as sensors. A little known thing about LEDs is that they are also light sensitive and LEDs driven by microcontrollers can also be used as light receivers.
But, hey, once you've compromised a compter, just assume all bets are off.
This post has been deleted by its author
What mic? No tower computer I have ever seen had a built in mic. If you had a pair of laptops then fair enough but I doubt anyone uses a laptop for a secure air-gapped computer. It would defeat the point.
As for headsets plugged into the computers how would you know which hdd or fan to listen to in a busy office?
Devices that generate audio by moving a physical item will also generate an electrical change in response to audio, it is not much of a leap to think there is some way of recovering voltage changes in the Piezo sounder, hard drive enclosure, power supply coils (vibration from case) etc.
Or later discovering C107 on all AsuGigaMicro boards since 2005 is actually an electret microphone.
Hell turn on the laser in the CD/DVD player and don't spin the disk, read the return modulated by vibration, filter out the fans and you have the boom box which is PC cases feeding voice frequencies back.
This post has been deleted by its author
Given that I've seen a couple of methods for transferring data between air gapped computers before this. I would say that at least one of them will probably work. Also I'm guessing that the point of the 2 computers close together is that one of them is connected to the public network and one to the internal network, so as to not inconvenience the user of the 2 computers.
Don't forget that for most people convenience trumps security
How would the malware know here its receiving data from, or even that the heat is coming from an infected system and not just a box that gets used for periodic, yet intensive tasks.
SO for this task to work, you'd have to manage to get the malware onto both machines. Its not hard to infect either machine, but beating the odds and getting both? Those are some pretty big odds given that the sending machine would need to remain undetected (which gets harder as time goes by, because someone is going to notice a process that wastes that many cycles).
Things like this is why my company put all air-gapped systems into secure data center and users access them by way of a thin client. Pus we have executable white-lists, so something like this wouldn't be able to run in the first place.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
