An air-gapped
computer system isolated from the Internet and other computers that are
connected to external networks believes to be the most secure computers on the
planet -- Yeah?? You need to think again before calling them 'safe'.
A group of
Israeli security researchers at the Cyber Security Labs from Ben Gurion
University have found a new technique to hack
ultra-secure air-gapped computers and retrieve data using only heat
emissions and a computer’s built-in thermal sensors.
WHAT IS AIR-GAPPED COMPUTERS ?
Air-gapped
computers or systems are considered to be the most secure and safest computer
systems. These systems are isolated from the Internet or any other commuters
that are connected to the Internet or external network.
Air-gapped
systems are used in situations that demand high security because it’s very
difficult to siphon data from these systems, as it requires a physical access
to the machine which is possible by using removable device such as a USB flash
drive or a firewire cable.
Air-gapped
computers are classified military networks, the payment networks that credit and debit card transactions for retailers, and in industrial control systems that operate critical
infrastructure of the Nation. Even journalists use them to prevent intruders from
remotely accessing sensitive data.
HACKING AIR-GAPPED COMPUTERS USING HEAT
In August 2014,
security researchers from Ben Gurion University found a new way to breach an
air-gapped system by using a method called Air-Hopper which utilizes little more than a mobile phone’s FM radio signals for
data exfiltration.
The same
security researchers have now discovered a new technique, dubbed BitWhisper, that could be used by hackers to hack air-gapped computers by
utilizing heat exchange between two computer systems.
Dudu Mimran, the
CTO of Cyber Security Labs, blogged on Monday, "BitWhisper is a
demonstration for a covert bi-directional communication channel between two
close by air-gapped computers communicating via heat. The method allows
bridging the air-gap between the two physically adjacent and compromised
computers using their heat emissions and built-in thermal sensors to
communicate."
This new
technique would allow hackers to stealthily siphon passwords or security keys
from a secured system and send the sensitive data to an Internet-connected
system which is placed in close proximity controlled by hackers.
Hackers could
also use their Internet-connected system to send malicious commands to the
air-gapped computer using the same heat and sensor technique in order to cause
more severe danger to the secured infrastructure.
The team
provided a video demonstration which shows how they were able to send a command
from one computer to an adjacent air-gapped machine to re-position a toy missile launcher connected to the
adjacent air-gapped system.
HOW BITWHISPER WORKS ?
Thermal sensors
exist in computers used to trigger the internal fans to cool the PC down if
overheating components such as CPU, GPU (graphics-processing unit) and other
motherboard components threatens to damage them.
BitWhisper
utilizes these sensors to send commands to an air-gapped system or siphon data
from it. The different heat patterns generated from the computer is regulated
and binary data is modulated into thermal signals.
The other
adjacent PC in close proximity to the first one uses its built-in thermal
sensors to measure the environmental changes. These changes are then sampled,
processed, and demodulated into binary data in order to exfiltrate data.
Experts
demonstrated that the communication can also be bi-directional with both
computers capable of transmitting or receiving commands and data by using the
heat emitted by computers’ various components. A hacker simply needs to plant a
piece of malware on each PC that need to communicate.
Dudu Mimran told
The Hacker News in an email that Its "not easy (to install Malware,) but
possible i.e via USB or bad firmware or infection via other computers in the
internal network. Such malware can be installed long time before activation so
there are quite a few chances. Our base assumption that air gapped computers
can be infected."
The malware is
designed to search for nearby systems by periodically emitting a thermal ping
from the infected system in order to determine when a victim has placed his
infected laptop next to a classified desktop system.
"Once a
bridging attempt is successful, a logical link between the public network and
the internal network in established," researchers explained. "At this
stage, the attacker can communicate with the formerly isolated network, issuing
commands and receiving responses."
Both the systems
would then engage in a handshake, involving a sequence of "thermal
pings", to establish a connection between them. But increased success of
an operation is achieved outside work hours, when the internet-connected
computer and the air-gapped one are in close proximity for an ongoing period
and there is no need to conduct a handshake each time.
FEW LIMITATIONS
• The proof-of-concept attack requires
both systems to first be compromised with malware.
• The attack currently allows for just
8 bits of data to be reliably transmitted over an hour, which is sufficient for
an attacker to siphon a password or secret keys.
• The attack works only if the
air-gapped system is within 40 centimeters/about 15 inches from the other
computer controlled by an attacker.
However,
researchers say they may be able to increase the distance between the two
communicating computers and the speed of data transfer between them.
FUTURE ATTACK
MAY INVOLVE IoT DEVICES
According to the
security researchers, the future research might involve using the so-called
internet of things (IoT) — an internet-connected heating and air conditioning
system or a fax machine — as an attack vector instead of internet-connect
computers.
The team of
researchers Mordechai Guri and Matan Munitz, under the guidance of Professor
Yuval Elovici, planned to present their findings at a security conference in
Tel Aviv next week and publish a paper on their research, "BitWhisper:
Covert Signaling Channel between Air-Gapped Computers Using Thermal
Manipulations."
No comments:
Post a Comment