How to Compromise Air-Gapped Devices

Unarmed Gunman

Unarmed Gunman

Medium Pimpin'
May 2, 2007
7,335
287
0
The D
www.googlehammer.com
security researchers at Ben Gurion University in Israel have found a way to retrieve data from an air-gapped computer using only heat emissions and a computer’s built-in thermal sensors. The method would allow attackers to surreptitiously siphon passwords or security keys from a protected system and transmit the data to an internet-connected system that’s in close proximity and that the attackers control. They could also use the internet-connected system to send malicious commands to the air-gapped system using the same heat and sensor technique.
Click to expand...

Demonstration:

[ame]http://www.youtube.com/watch?v=EWRk51oB-1Y[/ame]

How It Works

Computers produce varying levels of heat depending on how much processing they’re doing. In addition to the CPU, the graphics-processing unit and other motherboard components produce significant heat as well. A system that is simultaneously streaming video, downloading files and surfing the internet will consume a lot of power and generate heat.


To monitor the temperature, computers have a number of built-in thermal sensors to detect heat fluctuations and trigger an internal fan to cool the system off when necessary or even shut it down to avoid damage.


The attack, which the researchers dubbed BitWhisper, uses these sensors to send commands to an air-gapped system or siphon data from it. The technique works a bit like Morse code, with the transmitting system using controlled increases of heat to communicate with the receiving system, which uses its built-in thermal sensors to then detect the temperature changes and translate them into a binary “1” or “0.”


To communicate a binary “1” in their demonstration for example, the researchers increased the heat emissions of the transmitting computer by just 1 degree over a predefined timeframe. Then to transmit a “0” they restored the system to its base temperature for another predefined timeframe. The receiving computer, representing the air-gapped system, then translated this binary code into a command that caused it to reposition the toy missile launcher.
Click to expand...

http://www.wired.com/2015/03/stealing-data-computers-using-heat/
 


Maybe I can throw a sensor in my GF's vag to figure out what the fuck she's really talking about? ClitWhisper?
 
It says in the article that the air-gapped device needs to have malware installed for this to work. So, this is really a way to communicate with an air-gapped device that is already compromised. Getting the malware on to the air-gapped device is how you compromise it.
 
Jewish_Brain.jpg



.
 
droplister said:
It says in the article that the air-gapped device needs to have malware installed for this to work. So, this is really a way to communicate with an air-gapped device that is already compromised. Getting the malware on to the air-gapped device is how you compromise it.
Click to expand...

malware like the kind that comes standard, for your convenience, on every HDD, SDD, and USB stick?
 
You must log in or register to reply here.
Top Bottom