If you are an organisation that is custodian of sensitive information or infrastructure, it would be foolhardy of you to place it directly on the public Internet. No matter how good your security might be, there is always the risk that a miscreant could circumvent it, and perform all sorts of mischief. The solution employed therefore is to physically isolate such sensitive equipment from the rest of the world, creating an air gap. Nothing can come in and nothing can go out, or so goes the theory.
Well, that’s the theory, anyway. [Davidl] sends us some work that punches a hole in some air-gapped networks, allowing low-speed data to escape the air gap even if it doesn’t allow the reverse.
So how is this seemingly impossible task performed? The answer comes through the mains electrical infrastructure, if the air gap is bridged by a mains cable then the load on that mains cable can be modulated by altering the work undertaken by a computer connected to it. This modulation can then be detected with a current transformer, or even by compromising a UPS or electricity meter outside the air gap.
Of course, the Hackaday readership are all upstanding and law-abiding citizens of good standing, to whom such matters are of purely academic interest. Notwithstanding that, the article goes into the subject in great detail, and makes for a fascinating read.
We’ve touched on this subject before with such various techniques as broadcast radio interference and the noise from a fan, as well as with an in-depth feature.
Researchers in the past have exfiltrated information through air gaps by blinking all sorts of lights from LEDs in keyboards to the main display itself. However, all of these methods all have one problem in common: they are extremely noticeable. If you worked in a high-security lab and your computer screen started to blink at a rapid pace, you might be a little concerned. But fret not, a group of researchers has found a new light to blink (PDF warning). Conveniently, this light blinks “randomly” even without the help of a virus: it’s the hard drive activity indication light.
All jokes aside, this is a massive improvement over previous methods in more ways than one. Since the hard drive light can be activated without kernel access, this exploit can be enacted without root access. Moreover, the group’s experiments show that “sensitive data can be successfully leaked from air-gapped computers via the HDD LED at a maximum bit rate of 4000 bit/s (bits per second), depending on the type of receiver and its distance from the transmitter.” Notably, this speed is “10 times faster than the existing optical covert channels for air-gapped computers.”
We weren’t born last night, and this is not the first time we’ve seen information transmission over air gaps. From cooling fans to practical uses, we’ve seen air gaps overcome. However, there are also plenty of “air gaps” that contain more copper than air, and require correspondingly less effort.
Continue reading “Do you trust your hard drive indication light?”
It is incredibly interesting how many parts of a computer system are capable of leaking data in ways that is hard to imagine. Part of securing highly sensitive locations involves securing the computers and networks used in those facilities in order to prevent this. These IT security policies and practices have been evolving and tightening through the years, as malicious actors increasingly target vital infrastructure.
Sometimes, when implementing strong security measures on a vital computer system, a technique called air-gapping is used. Air-gapping is a measure or set of measures to ensure a secure computer is physically isolated from unsecured networks, such as the public Internet or an unsecured local area network. Sometimes it’s just ensuring the computer is off the Internet. But it may mean completely isolating for the computer: removing WiFi cards, cameras, microphones, speakers, CD-ROM drives, USB ports, or whatever can be used to exchange data. In this article I will dive into air-gapped computers, air-gap covert channels, and how attackers might be able to exfiltrate information from such isolated systems.
Continue reading “Hacking the Aether: How Data Crosses the Air-Gap”
When you want to protect a computer connected to the Internet against attackers, you usually put it behind a firewall. The firewall controls access to the protected computer. However, you can defeat any lock and there are ways a dedicated attacker can compromise a firewall. Really critical data is often placed on a computer that is “air gapped.” That is, the computer isn’t connected at all to an insecure network.
An air gap turns a network security problem into a physical security problem. Even if you can infect the target system and collect data, you don’t have an easy way to get the data out of the secure facility unless you are physically present and doing something obvious (like reading from the screen into a phone). Right? Maybe not.
Researchers in Isreal have been devising various ways to transmit data from air walled computers. Their latest approach? Transmit data via changing the speed of cooling fans in the target computer. Software running on a cellphone (or other computer, obviously) can decode the data and exfiltrate it. You can see a video on the process below.
Continue reading “Bridging the Air Gap; Data Transfer via Fan Noise”
We are all used to turning on the faucet and having clean, drinkable water on demand. But think about what happens afterwards in your home: that water is used to wash dishes or water lawns and many other uses that render it undrinkable. What stops this nasty water from flowing back into your pipes and out of your kitchen faucet? A backflow preventer. This simple, but vital, part of your plumbing turns your water pipes into one-way systems that give out clean, drinkable water. This isn’t just about making your water taste nice: backflow preventers protect your water supply from things like brain-eating amoeba and E Coli that could kill.
Continue reading “Simple Devices Protecting Our Water System”
Ever wonder how they capture seemingly perfectly timed photographs of water droplets? Most of the time it’s done by using an optointerrupter whereby it detects the droplet falling and then triggers a light source a few milliseconds later with your camera ready and waiting.
This is typically done with something called an air gap flash, which is usually rather expensive or difficult to make, but [Michal’s] figured out another easier way suitable for some applications — using an array of LEDs to illuminate the scene.
He’s got a IR diode, a photo-resistor, a few spacers, some plastic and a bunch of hot glue to make up his optointerrupter. When the droplet passes through the IR beam it breaks the signal from the photo-resistor which then triggers his ATmega48P. It waits 80 milliseconds (he timed it out) and then turns on the LEDs for approximately 50 microseconds. Meanwhile his camera is watching the whole event with a shutter-speed of a few seconds.
This works because LEDs have rise and fall times that are much shorter than a traditional camera flash — normal flashes light up for 1-2 milliseconds, as opposed to this 50 microsecond LED flash. Just take a look at some of the pictures!
Continue reading “Catching Drops of Water With LEDs”
Did you know that a standard camera flash is much too slow to capture high quality images of bullets? A relatively long flash duration results in blurred images of the bullet. By building this air gap flash a bullet can be frozen in mid-air, producing some stunning results. There is an element of danger here, and not from the bullet. This flash uses a 35,000 volt capacitor to produce the mini-bolt of lightning which serves as the light source. The unit can be built for a few hundred dollars, which sounds like a heck of a deal if commercial models really do start at $8k and go up from there.
Now that the photographer has a super-fast flash, a camera axe takes care of the timing… which is everything.