Computers
are said to be “air-gapped” when they are not connected to the
internet or any other computer by physical or wireless connections.
Air-gaped computers are usually used to keep sensitive information
safe from the dangers of the internet often by journalists,
governments or credit card companies and banks. Now there is a new
proof of concept released by Isreali researchers that allows systems
to communicate across the air-gap.
There
have been a few other such concepts to communicte across the air-gap
but most (if not all) of them have been a one-way communication, this
new method is bi-directional and it uses the heat sensors that are
inside all computers.
The
attack makes it possible for an air-gapped computer to communicate
with another by generating heat. One computer generates and
dissipates heat while the other uses its heat sensors to detect the
change in heat of the other computer (this means they need to be
somewhat close). The communication is in binary (a lot of heat is a 1
and normal heat is a 0) and since generating and dissapating heat
takes time this communication becomes very slow.
In
order for this to be carried out as an attack the air-gapped computer
would need to be infected with a piece of malware as well as another
computer (preferrably internet connected). Then the two computers
need to be brought into close proximity in order to communicate (the
computers will need to remain in proximity for some time in order to
transfer anythin worthwhile. Despite these strict requirements many
of them may be more possible than they sound. The article from Wired
mentions that in many places a worker will have an air-gapped
computer right next to an internet connected one (for easy use at a
desk), then all that is needed is to infect the internet connected
computer and maybe a flash drive the worker uses with the air-gapped
computer. Once both computers are infected the attacker can transfer
data or issue simple commands to the air-gapped computer.
I
think this proof of concept is very interesting and forces us to
think about what we consider secure. Is it enough for a “secure”
system to be disconnected from the internet? Should it also be kept
in a room that blocks radio waves? Maybe isolated from everything
else possible? Then we need to solve the problem that the system is
hard to work with.
Security
is an ever-evolving field and there may be no way to ever achieve
“perfect security” but we still need to try. Locks are not
perfectly secure either, I have heard it said that locks are to keep
the honest people out, and that if someone really wants to steal your
things a lock is not going to stop them. The idea is that the more
difficult something is to break into less people will try, an
attacker needs to be more motivated to try to get into a really
secure system. At this point I think air-gapped systems are still
safe from all but the most powerful and motivated groups (the NSA
being one of those).
No comments:
Post a Comment