Another Air-Gap Bridge Discovered, Using Heat
A fairly common set up for air-gap security, the set up which cuts a system off from all networking on a permanent basis, is to have air-gapped computers near regular workstations so that they are easily accessible. For a long time, the common wisdom has been that this is the only way to be truly secure from remote attacks. Local attacks, where the hacker would have direct, physical access to a computer, are still possible with an air-gap, but physical security often compensates for this.
The NSA’s Tempest specification, which is a method of intercepting electromagnetic signals directly from the processor of a system – air-gapped or not – has long been a method of compromising offline systems. In January, we reported on researchers who had successfully utilized tempest-like methods to read keystrokes up to six meters away from the target computer. The same researchers who were able to parlay this method to a mobile phone application have now managed to do something similar, but more impressive, using heat.
Called BitWhisper, the new attack makes use of heat emissions and the already existing thermal sensors on the motherboards to create communication between a networked computer and an air-gapped one. Important to note with this compromise is that, like the previous discovery with AirHopper, it will require an infection on the target computer, as well as the receiving one.
However, this is not necessarily an inconceivable scenario. The attacker would only need access to the computers for a couple of minutes, and then he could have on-going access to the secure data on the air-gapped computer via the networked one. Extremely advanced malware developers could do this in such a way that it went undetected for months. It’s important to keep in mind that the target wouldn’t have to be someone who was doing cyber-security research.
The attack is extremely ineffective since, in an hour, it can only transmit eight bits of data. Also, the attacking and victimized computer must be within fifteen inches of each other. So as of yet, this is not necessarily a breakthrough in security research, but it could serve as a building block for future research along the same lines.
The whitepaper on the subject, provided by the Security Research Center at Ben Gurion University in Irsael, says, in part:
Like many electrical systems, PCs generate heat. The law of conservation of energy states that energy is conserved over time; excess power dissipates as heat, primarily in a physical process called Joule heating. Joule heating (also termed resistive heating) occurs when the passage of an electric current through a conductor releases heat. The generated heat is proportional to the current and voltage of the system . Complex electronic systems such as the central processing unit (CPU) of a modern PC requires varying amounts of power (current and voltage) proportional to the workload of the system. This workload directly affects the amount of heat generated by the system.
Part of a Wider Field of Applications
Air-gaps have long been known to be possible to compromise. The Tempest specification is one of the known programs within the US government (and its allies) which specifically focuses on this subject. One of the leaks of Edward Snowden revealed that even more advanced air-gap breakers were utilized in compromising computers such as those in Iran. The New York Times wrote on the subject:
While most of the software is inserted by gaining access to computer networks, the N.S.A. has increasingly made use of a secret technology that enables it to enter and alter data in computers even if they are not connected to the Internet, according to N.S.A. documents, computer experts and American officials.
The article was in reference to a system which the NSA had supposedly successfully utilized to intercept data from air-gapped computers as much as eight miles away. Thus, a new paradigm in computer security: in the end, there is no such thing. If you don’t want it digitally intercepted and copied, don’t put it on a computer, networked or not.