Tag Archive for: airgap

Hacking The Aether: How Data Crosses The Air-Gap

/in


It is incredibly interesting how many parts of a computer system are capable of leaking data in ways that is hard to imagine. Part of securing highly sensitive locations involves securing the computers and networks used in those facilities in order to prevent this. These IT security policies and practices have been evolving and tightening through the years, as malicious actors increasingly target vital infrastructure.

Sometimes, when implementing strong security measures on a vital computer system, a technique called air-gapping is used. Air-gapping is a measure or set of measures to ensure a secure computer is physically isolated from unsecured networks, such as the public Internet or an unsecured local area network. Sometimes it’s just ensuring the computer is off the Internet. But it may mean completely isolating for the computer: removing WiFi cards, cameras, microphones, speakers, CD-ROM drives, USB ports, or whatever can be used to exchange data. In this article I will dive into air-gapped computers, air-gap covert channels, and how attackers might be able to exfiltrate information from such isolated systems.

Many techniques presented here (but not all) would require a previous breach to have already compromised the isolated machine (usually installing some kind of malware in the process). This may have happened via a social engineering attack, an inside job, an undercover special operation or whatever James Bond scenario you have in mind, it’s not important for the current article scope. Although the malware delivery mechanism makes for an interesting problem and discussion, the scope of this article is on how to exfiltrate data after the breach (if a breach was, in fact, needed).

What is an Air-Gap Covert Channel?

An air-gap covert channel could be defined as any unintentional channel that is used to transmit and/or receive data between systems that are physically isolated and, by policy, not authorized to communicate with one another, in which air-gapping measures were taken at the emitter, receiver or both. Unintentional means that the channel was not originally designed to be used as a data channel, for example, the modem LEDs. Although there might me…

Source…

New air-gap jumper covertly transmits data in hard-drive sounds

/in

(credit: Cyber Security Labs @ Ben Gurion University)

Researchers have devised a new way to siphon data out of an infected computer even when it has been physically disconnected from the Internet to prevent the leakage of sensitive information it stores.

The method has been dubbed “DiskFiltration” by its creators because it uses acoustic signals emitted from the hard drive of the air-gapped computer being targeted. It works by manipulating the movements of the hard drive’s actuator, which is the mechanical arm that accesses specific parts of a disk platter so heads attached to the actuator can read or write data. By using so-called seek operations that move the actuator in very specific ways, it can generate sounds that transfer passwords, cryptographic keys, and other sensitive data stored on the computer to a nearby microphone. The technique has a range of six feet and a speed of 180 bits per minute, fast enough to steal a 4,096-bit key in about 25 minutes.

“An air-gap isolation is considered to be a hermetic security measure which can prevent data leakage,” Mordechai Guri, a security researcher and the head of research and development in the cyber security labs at Israel’s Ben-Gurion University, told Ars. “Confidential data, personal information, financial records and other type of sensitive information is stored within isolated networks. We show that despite the degree of isolation, the data can be exfiltrated (for example, to a nearby smart phone).”

Read 5 remaining paragraphs | Comments

Technology Lab – Ars Technica