Posted on 03/24/2015 9:46:52 AM PDT by Patriot777
Ben Gurion University reported Monday that researcher Mordechai Guri, assisted by Matan Munitz and guided by Prof. Yuval Elovici, uncovered a way to breach air-gapped systems—that's quite something considering that air-gapped systems, said the Daily Mail, are among the most secure computers on the planet, used in high security settings such as classified military networks, payment networks processing credit and debit card transactions for retailers, and industrial control systems for critical infrastructure.
The research initiative was given the name BitWhisper, part of research on the topic of air-gap security at the Cyber Security Research Center at Ben-Gurion University. Dudu Mimran, the CTO of Cyber Security Labs, blogged on Monday, "BitWhisper is a demonstration for a covert bi-directional communication channel between two close by air-gapped computers communicating via heat. The method allows bridging the air-gap between the two physically adjacent and compromised computers using their heat emissions and built-in thermal sensors to communicate." Two physically adjacent and compromised computers used heat emissions and built-in thermal sensors to communicate. According to the university's account, a scenario with two adjacent computers is prevalent in many organizations in which two computers are situated on a single desk, one connected to the internal network and the other connected to the Internet. The method that was demonstrated can serve for data leakage for low data packages and for command and control. The Daily Mail on Monday said the team planned to present their findings at a security conference in Tel Aviv next week and to release a paper describing their work.
(Excerpt) Read more at phys.org ...
the key word here is “low” as in low data rate. The comparison to Morse is probably apt, I’d be surprised if they could get a symbol rate greater than the equivalent of a dozen words per minute, if that. Note they don’t say anything about this, just ‘stay tuned’ for their paper.
If you’re thinking methods like this could be used to eavesdrop on a computer, that news is about 30 years old, see:
http://en.wikipedia.org/wiki/Tempest_%28codename%29
I'd say that was still possibly quite hazardous. Eg malware payloads aka shellcodes for example. Or signatures of things to go searching for. Or key-rings. Or private keys. Plenty of small stuff that has a big impact. Also the compromise could be hooked up to an exploit driver and then it could run continuously, possibly even seeking a higher bandwidth channel like ultrasonic or light (IR/screen/camera). Plenty of badness can get done at a few hundred BPS.
Reading the Snowden files from Der Spiegel it looks like the NSA had projects that left little malware seeds everywhere, just waiting to get hooked up to bootstrap and grow.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.