Researchers have devised a new way to siphon data out of an infected computer even when it has been physically disconnected from the Internet to prevent the leakage of sensitive information it stores.
The method has been dubbed “DiskFiltration” by its creators because it uses acoustic signals emitted from the hard drive of the air-gapped computer being targeted. It works by manipulating the movements of the hard drive’s actuator, which is the mechanical arm that accesses specific parts of a disk platter so heads attached to the actuator can read or write data. By using so-called seek operations that move the actuator in very specific ways, it can generate sounds that transfer passwords, cryptographic keys, and other sensitive data stored on the computer to a nearby microphone. The technique has a range of six feet and a speed of 180 bits per minute, fast enough to steal a 4,096-bit key in about 25 minutes.
“An air-gap isolation is considered to be a hermetic security measure which can prevent data leakage,” Mordechai Guri, a security researcher and the head of research and development in the cyber security labs at Israel’s Ben-Gurion University, told Ars. “Confidential data, personal information, financial records and other type of sensitive information is stored within isolated networks. We show that despite the degree of isolation, the data can be exfiltrated (for example, to a nearby smart phone).”