Security researchers have unveiled new techniques that allow attackers to exfiltrate sensitive data from air-gapped computers, which are systems physically isolated from unsecured networks. Despite air gaps being a strong security measure, these attacks demonstrate that determined adversaries can still find ways to breach such systems.
Dr. Mordechai Guri and his team at Ben-Gurion University in Israel have published multiple papers detailing various covert channels that can be used to leak data from air-gapped systems. Their latest research focuses on exploiting computer components’ electromagnetic, acoustic, thermal, and optical emanations to transmit data to nearby receivers.
One attack, dubbed RAMBO (Radiation of Air-gapped Memory Bus for Offense), exploits electromagnetic emissions from a computer’s RAM to leak data.
Malware can generate controlled radio signals that encode stolen information by manipulating memory access patterns. Using a software-defined radio receiver, an attacker can intercept these signals from several meters away.
Another attack, dubbed “AIR-FI”, leverages electromagnetic emissions from DDR SDRAM memory buses to generate WiFi signals that nearby WiFi-capable devices can pick up.
The malware running on the air-gapped system performs specific memory access operations to modulate data into the 2.4 GHz WiFi frequency band. This allows exfiltration rates of 1 to 100 bits per second over distances up to several meters.
Another technique called “POWER-SUPPLaY” exploits the acoustic noise generated by computer power supplies. By controlling the power consumption of the CPU, the malware can create acoustic signals that encode data. These inaudible sounds can be captured by nearby microphones and decoded to retrieve the stolen information.
The researchers also demonstrated optical covert channels using the hard drive activity LED. The “LED-it-GO” attack rapidly flickers the LED in patterns that encode binary data, which can be recorded by a camera and later decoded. This allows exfiltration speeds of up to 4000 bits per second.
Thermal emissions from computer components provide another attack vector. The “BitWhisper” technique uses temperature changes induced by CPU operations to transmit data between two adjacent air-gapped systems. While slow at only 1-8 bits per hour, it shows even thermal side channels can leak information.
The “GAIROSCOPE” attack utilizes a smartphone’s gyroscope to receive vibrations from a compromised computer. The malware causes subtle vibrations in the PC’s fans and hard drive, which propagate through shared surfaces to the phone. Its gyroscope can detect oscillations as small as 0.001 degrees per second.
A particularly stealthy method called “LANTENNA” leverages the Ethernet cables as antennas to broadcast radio signals. Malware can transmit data by toggling the cable’s transmission lines to generate electromagnetic emissions that are detectable several meters away using software-defined radio equipment.
To execute these attacks, the air-gapped system must first be compromised with malware. This could potentially occur through infected USB drives, social engineering, or supply chain attacks. Once the malware is in place, it can collect sensitive data and transmit it using covert channels.
Defending against these attacks poses significant challenges. Conventional security software may not detect covert transmissions. Countermeasures like Faraday cages, acoustic dampening, and signal jamming can help but may be impractical in many environments.
The researchers emphasize that while air gaps provide strong security, they are not impenetrable. Organizations relying on air-gapped systems should implement defense-in-depth strategies, including strict access controls, endpoint protection, and monitoring for anomalous behavior.
As attackers continue to develop innovative techniques, the cat-and-mouse game between offensive and defensive security persists. These findings underscore the need for continued research into protecting our most sensitive systems and data.
Comments
Post a Comment