Now Reading
An Airgap Won’t Secure Your Computer Anymore

An Airgap Won’t Secure Your Computer Anymore

by P. H. MadoreJanuary 29, 2015

Security professionals have said for years that the only way to make a computer truly secure is for it to not be connected to any other computers, a method called airgapping. Then, any attack would have to happen physically, with the attacker actually entering the room and accessing the computer that way, which is incredibly unlikely. In the case of computers containing highly sensitive information, additional, physical security can always be added in the form of security guards, cameras, and so on.

Researchers at Georgia Institute of Technology have uncovered a vulnerability in all computers, however, which can be exploited regardless of an air gap. It’s a vulnerability which you’d never suspect, and it’s one that’s hard to fight against. All CPUs emit electromagnetic signals when they are performing tasks, and the first thing these researchers discovered was that binary ones and zeroes emit different levels. The second thing they discovered is that electromagnetic radiation is also emitted by the voltage fluctuations and that it can be read from up to six meters away. These signals, by the way, are known as side-channels, and they are well-documented in the cryptography field.

The Least Traditional Attack You’ve Ever Seen

airgapSide channels are a powerful class of attacks that circumvent traditional security protections and access controls. Unlike traditional attacks that exploit vulnerabilities in what the system does, side channel attacks allow information to be obtained by observing how the system does it, reads their white paper.

The researchers, whose names are Robert Callan, Alenka Zajic, and Milos Prvulovic, have developed software which allows them to overcome the two main problems of this type of attack: multiple weak signals and determining what is of interest and what is not, such as keystrokes. In this video, Milos demonstrates that the keystrokes can be decoded in real time from across the room.

The white paper tries very hard to impress the importance of this vulnerability. An attacker who knows what they are looking for can do a great deal of damage using technology like this. They note that a vulnerability rating has been proposed recently, but that the proposal doesn’t do much in the way of providing developers of future technologies with a roadmap of improvement.

The current state of the art is the recently proposed Side-Channel Vulnerability Factor (SVF), which measures how the side channel signal correlates with high-level execution patterns (e.g. program phase transitions). While this metric allows overall assessment of the “leakiness” of a particular system and application over a given side channel, it provides limited insight to 1) computer architects about which architectural and microarchitectural features are the strongest leakers, and to 2) software developers about how to reduce the side channel leakiness of their code.

Nothing New Under the Sun

Elsewhere, in Israel, a similar process has been developed for except it runs on a cell phone, called the AirHopper. This was done back in October to challenge a policy of letting people bring their mobile phones on secure sites as long as they locked them up in a locker before beginning work. The Israeli researchers proved that they could get data from computers that were connected to no standard network by using side-channels.

With the foundations laid for this sort of compromise, one can only assume that it will be developed by governments and bad actors alike in order to further spy on communications of everyday people as well as gain access to incredibly sensitive data.

Farraday Cage Remedy

Conceivably, rooms containing computers or the computer cases themselves could be augmented with Farraday cages that would prevent this sort of close-range monitoring because the signals wouldn’t make it past the cage. Doing this on your home PC might seem overkill now. But as the technique gains wider usage and the technology which enables it is improved, a revival of wardriving could happen in highly populated areas, this time with the intention of stealing passwords and other sensitive data. One thing is for sure: the future of computer security will have to account for this new, universal vulnerability in some way.

Images from Shutterstock.

Advertised sites are not endorsed by us. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
What's your reaction?
Love it
Hate it
  • Del_Varner

    Umm, this is why there used to be (and maybe still are) computers that were “Tempested” or perhaps subjected to “Tempest” requirements, so they would not emit any electromagnetic radiation.

  • Icahn Breathe

    Let me just be the first to say this isn’t what you think it is:

    This requires a special program to be installed on the “target”/”monitored” laptop that emits specially coded RF when keys are typed on the keyboard. Since you have to install a special program you might as well just install a traditional keylogger.

    Also, I am presuming they are turning off the wireless on the laptop in order to reduce the radiation.

    Hardly a “coffeeshop” scenario as they present it to be in the video.

  • Mark Hahn

    this was embarrassingly obvious to anyone whose had even passing acquaintance with security.

    • votingmachine

      The strength of the signal surprises me. It may be obvious that every electrical current generates electromagnetic waves, but I would not have guessed at the 6 meter range. I would have guessed the radiative power level at MUCH lower. 5 Volts and a few micro-to-milli-Amps … across a complicated circuit.

      I’m still VERY skeptical. Reading keystrokes from 6 meters away may have been the limit. You don’t need a Farraday cage, just the knowledge of the distance and interference around you. And to be clear, the computer is not compromised. There is a slight leakage of information … I don’t think anyone is going to reconstruct much from the mish-mash of emitted spectrum from a computer.

      I typed this. Distinguishing the ASCII codes sent with an antenna from even 6 meters away is an impressive feat. I would doubt the spy could tell what I am listening to on the Sonos App though. Or what my spreadsheet is populated with. Or where the mouse curser is when I click.

      And once again. It is still an uncompromised computer if it has an airgap. It is just that it may be possible to spy in ways that are not yet known. Not to remotely access, but to spy unobtrusively. Even that seems impossible, in a world with a computer every 10 feet.

      • Mark Hahn

        I think you underestimate how valuable (for compromise) it is to know anything about what a computer is doing. Consider the classic timing attack – each observation provides very, very little information, but combined with a sequence of probes, it’s very easy to infer keys (in vulnerable protocols)…

  • sirlanse

    It is the progress of antennas. The military has routinely separated computers from the power grid so that how much power was being drawn would not tell someone what was being computed. There are RF blocks built for water pipes, so that the people could not listen in on the pipes for RF from the computers. You should not just faraday the computer, the keyboard wire needs to be insulated as well.

  • gkumbu

    Correction needed: “6 or 7 feet”, not meters.

  • SamInTampa

    Anyone remember TEMPEST? Read Masters of Deception? It is all about how close you can get to the target. This keyboard/keystroke reading and prediction news is at least 2 years old if not more.This has been well known within the security community for some time. It only scratches the surface of this topic.

  • Edm68

    If binary can be detected at 6 m. There is no need for 802.11 spec we could have an entirely new networking standard that just listens for cpu activity, which would be much faster. I call bs on the story. If i could get in the 6 m zone near to secure infrastructure, the target has bigger security issues.

  • Operation STOCKADE (MI5/GCHQ): analysis of compromising emanation from French cipher machine cables in 1960. They used broad band radio detection of the cables, and were actually able to read the original plain text along the low-grade cipher sequence. Surprisingly, murmurs of high-grade ciphers could sometimes be read from the same cable, which after comparison to the cable fed signal, gave a path to even that cipher’s plain text leakage. From 1960 to 1963 the MI5 and GCHQ could read cipher traffic to and from the French Embassy in London.

    wikip Peter Wright