Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Can cybercriminals jump your air gap?
#1
Lightbulb 
Quote:
[Image: jumping-over-air-gap-featured.jpg]

Even if a computer is physically isolated, data can be stolen from it using some very unusual methods.

Internet equals troubles. That’s why one of the most radical ways to secure a computer storing extremely valuable information or controlling a critical process is never to connect it to the Internet, or maybe not to connect it to any network at all, even a local one. Such physical isolation is known as an air gap.

No connection, no problem, right? Unfortunately, that is not entirely true — some cunning ways exist to exfiltrate data even from an air-gapped device. A group of researchers at Israel’s Ben-Gurion University, headed by Mordechai Guri, specializes in such data-theft methods. We explain what they’ve found and whether you (and we) need to worry.

How to jump an air gap

That air-gapped systems are vulnerable is not news — supply-chain attacks and bribed insiders are still entirely possible. The simplest attacks use an infected flash drive, for example; that’s how the legendary Stuxnet began.

Okay, so the computer gets infected, but how can someone exfiltrate data without an Internet connection?

That’s where inventiveness meets physics. A computer may be physically isolated and not transmit any signals outside over networks, but it still generates heat, magnetic fields, and noise. It is through such nonobvious channels that someone can siphon off information.

Ultrasound

Even a computer without speakers or audio equipment is capable of making sounds in the 20 Hz–24 KHz range (if, for example, you change the frequency of the power supply). What’s more, even a device without a separate microphone can eavesdrop, because speakers or headphones can be manipulated to perform the role. A significant portion of the abovementioned range (18 KHz–24 KHz, to be precise) is outside the limits of human hearing, a quality that can be of use in various interesting ways. At home, for example, using that range can activate a smart speaker.

More relevant in this case, someone can infect a computer with malware that encodes the target information and transmits it by ultrasound. This in turn gets picked up by another infected device nearby (for example, a smartphone), and transferred to the outside world. Other methods researchers have discovered exploit the sounds made by computer fans and hard drives.
...
Continue Reading
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
AWZ Screen Recorder
AWZ Screen Recorder ...zevish — 11:05
Website X5 Go 2024.1
Website X5 Go 2024.1...zevish — 09:32
Apple's rules to allow third-party app ...
Apple has announ...alison30 — 09:28
Intel: Microsoft AI PCs need a Copilot K...
Microsoft hopes th...harlan4096 — 08:55
Synchredible 8 Professional Edition v8.2...
          Synchredib...zevish — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
harlan4096's profile harlan4096
Administrator

>