air gap

12 Articles

Hacking The Aether: How Data Crosses The Air-Gap

February 2, 2017 by 35 Comments

It is incredibly interesting how many parts of a computer system are capable of leaking data in ways that is hard to imagine. Part of securing highly sensitive locations involves securing the computers and networks used in those facilities in order to prevent this. These IT security policies and practices have been evolving and tightening through the years, as malicious actors increasingly target vital infrastructure.

Sometimes, when implementing strong security measures on a vital computer system, a technique called air-gapping is used. Air-gapping is a measure or set of measures to ensure a secure computer is physically isolated from unsecured networks, such as the public Internet or an unsecured local area network. Sometimes it’s just ensuring the computer is off the Internet. But it may mean completely isolating for the computer: removing WiFi cards, cameras, microphones, speakers, CD-ROM drives, USB ports, or whatever can be used to exchange data. In this article I will dive into air-gapped computers, air-gap covert channels, and how attackers might be able to exfiltrate information from such isolated systems.

Continue reading “Hacking The Aether: How Data Crosses The Air-Gap”

Bridging The Air Gap; Data Transfer Via Fan Noise

July 1, 2016 by 45 Comments

When you want to protect a computer connected to the Internet against attackers, you usually put it behind a firewall. The firewall controls access to the protected computer. However, you can defeat any lock and there are ways a dedicated attacker can compromise a firewall. Really critical data is often placed on a computer that is “air gapped.” That is, the computer isn’t connected at all to an insecure network.

An air gap turns a network security problem into a physical security problem. Even if you can infect the target system and collect data, you don’t have an easy way to get the data out of the secure facility unless you are physically present and doing something obvious (like reading from the screen into a phone). Right? Maybe not.

Researchers in Isreal have been devising various ways to transmit data from air walled computers. Their latest approach? Transmit data via changing the speed of cooling fans in the target computer. Software running on a cellphone (or other computer, obviously) can decode the data and exfiltrate it. You can see a video on the process below.

Continue reading “Bridging The Air Gap; Data Transfer Via Fan Noise”

Simple Devices Protecting Our Water System

November 17, 2015 by 39 Comments

We are all used to turning on the faucet and having clean, drinkable water on demand. But think about what happens afterwards in your home: that water is used to wash dishes or water lawns and many other uses that render it undrinkable. What stops this nasty water from flowing back into your pipes and out of your kitchen faucet? A backflow preventer. This simple, but vital, part of your plumbing turns your water pipes into one-way systems that give out clean, drinkable water. This isn’t just about making your water taste nice: backflow preventers protect your water supply from things like brain-eating amoeba and E Coli that could kill.

Continue reading “Simple Devices Protecting Our Water System”

Catching Drops Of Water With LEDs

May 19, 2014 by 21 Comments

rig_circuit
Ever wonder how they capture seemingly perfectly timed photographs of water droplets? Most of the time it’s done by using an optointerrupter whereby it detects the droplet falling and then triggers a light source a few milliseconds later with your camera ready and waiting.

This is typically done with something called an air gap flash, which is usually rather expensive or difficult to make, but [Michal’s] figured out another easier way suitable for some applications — using an array of LEDs to illuminate the scene.

He’s got a IR diode, a photo-resistor, a few spacers, some plastic and  a bunch of hot glue to make up his optointerrupter. When the droplet passes through the IR beam it breaks the signal from the photo-resistor which then triggers his ATmega48P. It waits 80 milliseconds (he timed it out) and then turns on the LEDs for approximately 50 microseconds. Meanwhile his camera is watching the whole event with a shutter-speed of a few seconds.

This works because LEDs have rise and fall times that are much shorter than a traditional camera flash — normal flashes light up for 1-2 milliseconds, as opposed to this 50 microsecond LED flash. Just take a look at some of the pictures!

Continue reading “Catching Drops Of Water With LEDs”

DIY Air Gap Flash Saves At Least Seven Grand

January 10, 2011 by 27 Comments

Did you know that a standard camera flash is much too slow to capture high quality images of bullets? A relatively long flash duration results in blurred images of the bullet. By building this air gap flash a bullet can be frozen in mid-air, producing some stunning results. There is an element of danger here, and not from the bullet. This flash uses a 35,000 volt capacitor to produce the mini-bolt of lightning which serves as the light source. The unit can be built for a few hundred dollars, which sounds like a heck of a deal if commercial models really do start at $8k and go up from there.

Now that the photographer has a super-fast flash, a camera axe takes care of the timing… which is everything.