Hacking the Air-gapped computers using heat generated by them

1
Hacking the Air-gapped computers using heat generated by them

Researcher develop technique for stealing data from computers which are not connected to Internet using heat generated by them

Earlier we had brought you a research paper published by University of Georgia where the researchers managed to steal data from air-gapped computers using ‘side channel signals.’ Stealing from computers not connected to internet became that much more easier using the new technique found by security researchers from Ben Gurion University.

Security researchers from Ben Gurion University in Israel have found a way to retrieve data from air-gapped computers i.e. computers not connected to internet, using only heat emissions and a computer’s built-in thermal sensors.

The research team consists of Mordechai Guri, Gabi Kedma and Assaf Kachlon and are overseen by their adviser Yuval Elovici.

Together they have devised a method which could be used potential hackers to steal passwords from a protected system and transmit the stolen data from a internet connected PC in close proximity to their command and control center.

Computers produce varying levels of heat depending on how much processing they’re doing. PCs have built in thermal sensors to monitor such heat and give commands to the internal fan to start or switch off.

The attack, which the researchers dubbed BitWhisper, uses these sensors to send commands to an air-gapped system or siphon data from it. The technique works a bit like Morse code, with the transmitting system using controlled increases of heat to communicate with the receiving system, which uses its built-in thermal sensors to then detect the temperature changes and translate them into a binary “1” or “0.”

The researchers have published the video of the Proof-of-Concept which can been seen below

In the video demonstration, the researchers are able to send command from their source PC to the target air-gapped PC to re-position the missile launch toy which the air-gapped PC controls.

Since the method requires that the target PC be infected by a malware first, they can also send malicious commands to the air-gapped target PC using same heat and thermal sensors. As of now the PoC attack allows just eight bits of data to be reliably transferred over an hour. However this time is enough for cyber criminals to steal passwords and secret keys or give malicious commands.

The researchers stated that the PoC attack only works if the target air-gapped PC is within 40 centimeters or 15 inches from the control PC. The researchers howevers state that this shouldnt pose a problem as all air-gapped classified PCs often sit on desktops alongside Internet-connected ones so that workers can easily access both.

Further the researchers say that this is only the first step and they expect it to be foundation for other researchers to work on.

 

“We expect this pioneering work to serve as the foundation of subsequent research, which will focus on various aspects of the thermal channel and improve its capabilities,” the researchers note in their paper. With additional research, they say they may be able to increase the distance between the two communicating computers and the speed of data transfer between them.

They will present their findings at a security conference in Tel Aviv next week.

Resource : Wired

1 COMMENT

  1. That is quite brilliant, yet slow. But the fact that the machine must have malware on it to manipulate the system adjusting conditions to produce temperature changes means a previous exposure to attack must have occurred. If that be the case, I would have instructed the malware to do something else more efficient.

    I understand the proof of concept is key though. Bravo. Now make it better. Try reading the data from a PC at a distance (non-tempest monitoring) without it being previously infected by malware or connected to a network.

LEAVE A REPLY

Please enter your comment!
Please enter your name here