This article is more than 1 year old

How to quietly slurp sensitive data wirelessly from an air-gapped PC

One little catch: you need to infect the computer first

'Just a technical demonstration'

Security experts praised the Ben-Gurion work while stating that it didn't by itself amount to a credible attack against air-gapped computers.

"It is just a technical demonstration of exfiltration without wires. Great, good theoretical work, nothing to do with air-gapping," said OPSEC expert The Grugq on Twitter.

Attacks on air-gapped computers are rare but not unprecedented. Most famous is the Stuxnet attacks against Iran's nuclear enrichment facilities, which were discovered back in 2010, but there are other isolated cases. For example, a cyberspy group known as APT30 used air-gap jumping techniques to go after targets in India and south-east Asia, security firm FireEye reported back in April.

The Ben-Gurion University boffins are due to present their latest research next month at the USENIX Security '15 conference in Washington, DC. In the meantime, a short video put together by the researchers to illustrate the hack can be found below.

Lane Thames, a software development engineer and security researcher at Tripwire, praised the research but argued it was becoming "outdated" to imagine anything can be air-gapped because of the rise of the Internet of Things (or Internet of Thieves, given today's state of security).

"We all need to recognize that air-gapped-ness is quickly becoming a thing of the past," Thames said. "Ubiquitous computing and communication technologies and its associated devices, such as those driving the growth of the Internet of Things, will cause many headaches for enterprises who require high levels of security, and this is especially true for organizations that manage critical infrastructures."

"We currently have plenty of very powerful, small-footprint devices that, in theory, could be used to penetrate physically secure, air-gapped environments (think miniature drones and micro-robotics)," he added.

"Essentially, we in the security industry will need to devise new ways of handling this emerging threat scenario.

"The physical security problems and solutions of tomorrow will absolutely be different than what we have today." ®

More about

More about

More about

TIP US OFF

Send us news


Other stories you might like