Today’s interconnected world leaves everyone vulnerable to threats that can use the internet as a pipeline to reach any computer, any device, and any internet-connected gadget to steal data or compromise their integrity.
However, there are companies that not only opt for total network segregation, but also keep critical systems away from any internet connection to minimize the risk of malware infection or corruption. Recent research has proven that even air-gapped systems can be compromised with various techniques that might seem far-fetched at first glance.
In light of this new research, some industries that deal with critical data might want to rethink the way they secure access to it. The military, government organizations, and companies that deal with highly sensitive proprietary information might want to figure out and implement new mechanisms for protecting data stored on non-internet connected systems, as these types of attack are anything but unimaginative.
Graphic Cards, Electromagnetic Radiation and FM Radio Receivers
While until now such systems were believed safeguarded from remote control, recent research has proven that attackers may not only be able to exfiltrate sensitive information from air-gapped systems, but also remotely issue commands.
Using nothing but radio frequencies and proof-of-concept malware code, researchers at Ben Gurion University in Israel have successfully transmitted sensitive information from isolated computers to mobile phones.
The malicious piece of code would have to be “smuggled” onto the victim device (e.g. PC, laptop) via an infected removable drive (e.g. USB thumb drive) or some type of corrupted firmware, enabling an attacker to gain a foothold in the local network. This type of malware would infect the computer’s graphics card and use it to start emitting electromagnetic signals to a nearby mobile phone specifically rigged to accept and interpret the signal.
This particular research proves that using electromagnetic radiation broadcast by graphics card and a mobile phone’s FM radio receiver, signals can be broadcasted outside normal communication channels – in this case, the internet – and be used to intercept sensitive and confidential data.
Scanners, Lasers and Drones
Another method for breaching air-gapped systems and networks was recently demo-ed by researchers from Ben-Gurion University, using only lasers and in-office scanners or multifunction printers.
It has been observed that network-attached scanners that scan using their lid opened can be used to interpret Morse code laser patterns into binary information if an attacker points a laser at the white coating on the inside of the scanner’s lid during scanning. The resulting scanned image will have a pattern of white lines on a darker background, corresponding to the pulses of the laser hitting the lid.
If malware were planted inside a computer connected to such a printer, it could interpret the pattern as instructions and execute them. The attacker could be targeting the laser at distances from 1,200 meters to 5 kilometers. Of course, infrared lasers would have the same effect, plus the added benefit that it’s invisible to the naked eye.
Although performing these attacks at long distance would require very powerful lasers, an attacker could attach a laser to a drone or some sort of quadcopter to get closer to the printer and start broadcasting instructions.
The same research shows that the printer could also be used to relay messages back to the attacker using the light produced by the scanner itself, as the malware can control the amount of time the scanner’s light is on and reflects off the opened lid.
Thermal Radiation and Proximity
Other research from the same university involves using the heat exchange between two computers to defeat air-gapped computers and stealthily siphon passwords or security keys from a secure system, and send that data to a nearby internet-connected computer controlled by the hackers.
By using heat emissions and built-in thermal sensors, two compromised computers can communicate with each other and allow and attacker to send and receive information between them.
An attacker would have to plant a specific type of malware on the two PCs that can control the internal CPU or GPU fans to generate various heating patterns. A proximity computer can use its built-in sensors to interpret these heat patterns to measure environmental changes to sample, process and demodulate that information into binary data.
Although the current amount of data that can be exchanged is around 8 bits per hour, it could still suffice for collecting passwords or access keys.
Some limitations of this attack involve proximity, the limited amount of data being broadcast, and the fact that both computers need to be compromised with malware.
So, are air-gapped systems secure?
While it is true that current research into defeating air-gapped systems has revealed some interesting proof-of-concepts, these types of attacks have not yet been reported in the wild. This is not to say that if someone were interested enough in defeating such security he would not be able to do so.
Research proves that, with enough perseverance and under the right circumstances, no computer system is truly safe from hackers remotely controlling them. To avoid such actions, additional steps, such as physically securing critical systems or containing them in Faraday cages, could be implemented to avoid any outside interference or tampering.