39.9 F
Washington D.C.
Tuesday, November 29, 2022

Researchers Discover New Method To Hack Air-Gapped Computers Using Heat

Researchers at Israel’s Ben-Gurion University of the Negev (BGU) have discovered a newmethod to breach air-gapped computer systems called “BitWhisper” which enables two-way communications between adjacent, unconnected PC computers using heat.

Computers and systems are considered to be air-gapped when they are not connected to the Internet or to any other computer that is connected to the Internet. Hacking has therefore been a rare occurrence and air-gapped computers are considered more secure than those connected to a network or the Internet, with attacks having to relying on the use of USB flash drives. But researchers have discovered that there is a way to hack air-gapped computers relatively easily.

The research, conducted by Mordechai Guri, PhD, is part of an ongoing focus on air-gap security at the BGU Cyber Security Research Center. Typically, air-gapped computers are used in financial transactions, mission critical tasks or military applications.

According to the researchers, “The scenario is prevalent in many organizations where there are two computers on a single desk, one connected to the internal network and the other one connected to the Internet. BitWhisper can be used to steal small chunks of data (e.g. passwords) and for command and control."

BGU’s BitWhisper bridges the air-gap between the two computers, approximately 15 inches (40 cm) apart that are infected with malware by using their heat emissions and built-in thermal sensors to communicate. It establishes a covert, bi-directional channel by emitting heat from one PC to the other in a controlled manner.

By regulating the heat patterns, binary data is turned into thermal signals. In turn, the adjacent PC uses its built-in thermal sensors to measure the environmental changes. These changes are then sampled, processed, and converted into data.

“These properties enable the attacker to hack information from inside an air-gapped network, as well as transmit commands to it,” the BGU researchers explained. “Only eight signals per hour are sufficient to steal sensitive information such as passwords or secret keys. No additional hardware or software is required. Furthermore, the attacker can use BitWhisper to directly control malware actions inside the network and receive feedback.”

The researchers demonstrated BitWhisper using a computer with a USB missile-launcher toy attached. They were able to send heat commands from the connected system over the air-gap to the isolated system and control the missile launcher.

While users have become smarter about the use of USB flash drives in air-gapped computers, the possibility of using radio waves, and now heat, to attack, means air-gapped systems are not as secure as previously assumed.

Homeland Security Todayhttp://www.hstoday.us
The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Related Articles

- Advertisement -

Latest Articles