back to article Israeli researcher fans fears: here's another way to cross the airgap

Pity the weary sysadmin who's just finished silencing the loudspeakers in the company's computers to keep data behind the air gap: processor fans can also be used to whisper your secrets. Israeli white-hat Mordechai Guri, who last year fiddled with firmware to transmit crypto keys from computers to feature phones on GSM …

  1. Mark 65

    As in his previous work, an attacker needs to be able to infect the target to plant the badware that gathers (for example) passwords from the keyboards and put that data into a modulated fan signal.

    His definition of crossing the air-gap must differ from mine. If you can infect the target at the level necessary to perform the subsequent leak then I'd argue there isn't really a proper air-gap there. Some fuckwit plugging shit into a machine that can infect it isn't really air-gapped it just doesn't have a network connection and, to my mind, that isn't the same thing.

    1. Anonymous Coward
      Anonymous Coward

      As you say, the moment someone has physical access to your computers, air-gapped or not, all bets are off.

      While some of these 'connections' are interesting from a technical point of view they are not practical if security is taken into consideration. For instance, at one plant we supervise everyone has to go through two sets of security, one of which is a physical search, before you get to the secure area and even when there the servers are in a locked room. My techs are not allowed to take tools through security and the client has provided all those necessary and they stay in the server room at all times.

      There is security and SECURITY and most companies don't know the difference or care.

      1. Anonymous Coward
        Anonymous Coward

        For instance, at one plant we supervise everyone has to go through two sets of security, one of which is a physical search, before you get to the secure area and even when there the servers are in a locked room.

        Great defence against crappy cybercrims and low budget espionage. But mere theatre against nation state grade efforts. The attacker just needs to get their people recruited as one or more of the security detail (or blackmail those already there). As with any form of attack, the victim is only as strong as their weakest links, and the great thing about state levels of resource is that you can attack adjacent weakest links in a planned approach.

        One has to assume if the Israeli's are letting this go public, its because it either doesn't work in the real world, or that they've found much easier methods.

        1. Kumar2012
          Trollface

          @Ledswinger "One has to assume if the Israeli's are letting this go public, its because it either doesn't work in the real world, or that they've found much easier methods." --- or maybe they are having a good laugh imagining the mad mullahs in Iran going around checking each and every PC and server with a fan in their nuke facilities ;)

        2. chris 17 Silver badge

          @ Ledswinger

          you should assume with that much physical security, the personnel are also vetted to at least DV.

  2. a_yank_lurker

    Distance

    From what the various articles imply, one has to be fairly close to the target, say a couple meters max and in the same room. This would imply one's physical security is non-existent or someone is not vetting the stuff hanging on the walls.

    1. LaeMing

      Re: Distance

      I guess if you have an 'air-gapped' computer in the same roome as a networked one, they could (slowly) communicate back and forth.

      1. Anonymous Coward
        Anonymous Coward

        Re: Distance

        I guess if you have an 'air-gapped' computer in the same roome as a networked one, they could (slowly) communicate back and forth.

        Then you don't have a secure situation at all.

    2. Dagg Silver badge
      Big Brother

      Re: Distance

      I have no idea how far a meter is, it would depend on the size of the actual meter and maybe the type; audio, RF, voltmeter, amp meter, water meter...

      I suspect you mean metre which is an actual unit of distance.

      One day americans will get to understand metric...

      1. Likkie

        Re: Distance

        It depends where you come from...

        https://en.wikipedia.org/wiki/Metre

      2. tfewster
        Joke

        Re: Distance

        Form the ersults of the Berxit erfeerndum,, you should porbably start saying "meter" and "metirc" now

      3. PNGuinn
        Go

        Re: Distance

        At least the Merkins still understand real Colonial Units (albeit sometimes their own version of them).

        Even if they don't know their lefts from their rights and drive on the wrong side of the road.

        Maybe now we've voted for brexit (Yay!) we can dump all those silly miliwatsits back on Sprouts and join 'em.

        1. Robert Carnegie Silver badge

          I'm worried

          What is the British equivalent of kilobyte or megahertz? We haven't had our own computing standards since Turing.

      4. quxinot

        Re: Distance

        Those who have their speed limits posted in MPH should probably not cry about American measurement usage.

      5. Jeffrey Nonken

        Re: Distance

        Gratuitous American-slamming. How... witty of you.

        1. TRT Silver badge

          Re: Distance

          The London equivalent of the Hertz is the Boris and is the mean frequency of Santander bike hire in the capital; 1 cycle per second.

  3. Destroy All Monsters Silver badge
    Paris Hilton

    Airgapped by untrustworthy and trying to communicate with the enemy outside?

    Does that make the data center a gulag?

  4. chivo243 Silver badge

    like grampa always said

    Physical access = Game over.

    1. Anonymous Coward
      Anonymous Coward

      Re: like grampa always said

      Grampa was a sage:

      Happens to me to, every time I access a female air gap (no fanning needed), game over. :/

  5. Steve Davies 3 Silver badge

    Good luck detecting those fans

    and their changes when inside a DC with literally hundreds of other fans of all different shapes and sizes all going full tilt.

    you can hardly hear yourself think at times.

    I guess the test rig was setup inside an an ANECHOIC CHAMBER and not in the real world.

    Still it makes employment for some don't it...

    1. BasicChimpTheory

      Re: Good luck detecting those fans

      Wasn't the usecase described as grabbing passwords entered via keyboard?

      Much of that happening in your DC?

  6. Anonymous Coward
    Anonymous Coward

    I already have a solution...

    I have a pink noise generator on my phone.

    Introduce more environmental noise and you'll drop the dangerous data below the S/N threshold. End of story. And the phone won't be able to use its mike for anything sensitive, so win win..

    1. PNGuinn
      Joke

      Re: I already have a solution...

      And trigger another expensive research project into recovering the data from greater than 50 dB below the noise floor?

      Have you got shares in a kosher pork barrel company perchance?

    2. TeeCee Gold badge
      Coat

      Re: I already have a solution...

      ....pink noise generator....

      Is that the entire Frankie goes to Hollywood back catalogue on loop?

      1. Fred Flintstone Gold badge

        Re: I already have a solution...

        Is that the entire Frankie goes to Hollywood back catalogue on loop?

        Hey, you have a point there. I think we finally know what was really behind that free U2 album from Apple ..

  7. Pascal Monett Silver badge

    "if you're handling really sensitive data"

    If that is the case, then I would think that you work in an environment where no mobile phones are allowed.

    Because if your data is that sensitive, then the last thing you want is someone walking in with the perfect spy kit in his pocket.

    1. Anonymous Coward
      Anonymous Coward

      Re: "if you're handling really sensitive data"

      Taking and sending

  8. Anonymous Coward
    Anonymous Coward

    900 baud?

    Imagine how blocky the porn would be!

    https://xkcd.com/598/

  9. herman

    So now we need computers to be vacuum gapped. That is going to be rather inconvenient. Don't hold your breath.

    1. Robert Carnegie Silver badge

      Just fanless. Can do.

    2. Anonymous Coward
      Anonymous Coward

      Vaccum Gap

      "Don't hold your breath."

      I think I'd better.

  10. CarbonLifeForm

    Just pump loud music onto the IT floor?

  11. Mahhn

    Power

    Using motherboard power features you can pump signals through the power supply that are measurable in the building power wiring. Place a sniffer on the power circuit before it hits a line filter. Much better than the fan, but the same control features are used. it's a variation of a Powerline Network adapters that you can buy anywhere.

  12. Anonymous Coward
    Anonymous Coward

    Why not just use

    Why not just use Fabrice Bellard's work that turns your VGA display card into a DVB-T ("Freeview", etc) transmitter, or something functionally equivalent? Sounds far more interesting.

    Or maybe you're already using it, who knows...

    http://bellard.org/dvbt/

  13. Jeffrey Nonken

    ...any computer with a variable-speed fan. FTFY.

    You don't even have to go fanless. Just pick 3-wire-or-less fans.

  14. Stevie

    Bah!

    I have a better exploit that requires *no* access to the computer to steal passwords.

    Instead the computer user is gassed through the front door keyhole by men dressed as undertakers as he or she sleeps. Then, the dwelling is broken into and a small camera embedded surgically in each of the computer user's fingertips, and connected via bluetooth to a powerful tranceiver surgically embedded next to the spleen.

    The user is then partially revived, dosed with strong hypnotics and conditioned to believe his or her sore fingers came from trying to cut their fingernails in an electric pencil sharpener.

    A van equipped with a receiver is positioned within range of the spleenomitter and the password read from the keycaps as they are struck.

    No need to access the amchine at all.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like