BitWhisper utilizes those sensors "to send commands to an air-gapped system or siphon data from it." In the video below, researchers demonstrate "BitWhisper: Covert Signaling Channel between Air-Gapped Computers using Thermal Manipulations." It shows the computer on the left emitting heat and sending a "rotate command" to a toy missile launcher connected to the adjacent air-gapped PC on the right. The method allows bridging the air-gap between the two physically adjacent and compromised computers using their heat emissions and built-in thermal sensors to communicate.Ĭomputers monitor temperature via " built-in thermal sensors to detect heat" and to trigger internal fans to cool the PC down. The researchers explained the proof-of-concept attack as:īitWhisper is a demonstration for a covert bi-directional communication channel between two close by air-gapped computers communicating via heat. This time the Cyber Security Research Center at Ben-Gurion University in Israel jump the air-gap by using heat. The same security researchers who came out with Air-Hopper have announced BitWhisper as another method to breach air-gapped systems. Guri explained.Īs countermeasures, it's recommended to take steps to prevent the threat actor from gaining an initial foothold, use an external Radio frequency (RF) monitoring system to detect anomalies in the 6GHz frequency band from the air-gapped system, or alternatively polluting the transmission with random read and write operations when a suspicious covert channel activity is detected.If you think having a computer isolated from the Internet and other computers will keep you "safe," then think again. "The receiver monitors the 6GHz spectrum for a potential transmission, demodulates the data, decodes it, and sends it to the attacker," Dr. In the final data reception phase, the transmitted data is captured through a hidden receiver or relies on a malicious insider in an organization to carry a radio receiver near the air-gapped system. Unlike breaching a traditional network by means of spear-phishing or watering holes, compromising an air-gapped network requires more complex strategies such as a supply chain attack, using removable media (e.g., USBStealer and USBFerry), or rogue insiders to plant malware.įor an adversary whose aim is to steal confidential information, financial data, and intellectual property, the initial penetration is only the start of the attack chain that's followed by reconnaissance, data gathering, and data exfiltration through workstations that contain active SATA interfaces. Join our webinar and learn how to stop ransomware attacks in their tracks with real-time MFA and service account protection. Learn to Stop Ransomware with Real-Time Protection Put simply, the goal is to use the SATA cable as a covert channel to emanate electromagnetic signals and transfer a brief amount of sensitive information from highly secured, air-gapped computers wirelessly to a nearby receiver more than 1m away. The technique, dubbed SATAn, takes advantage of the prevalence of the computer bus interface, making it "highly available to attackers in a wide range of computer systems and IT environments." Mordechai Guri, the head of R&D in the Cyber Security Research Center in the Ben Gurion University of the Negev in Israel, wrote in a paper published last week. "Although air-gap computers have no wireless connectivity, we show that attackers can use the SATA cable as a wireless antenna to transfer radio signals at the 6GHz frequency band," Dr. A new method devised to leak information and jump over air-gaps takes advantage of Serial Advanced Technology Attachment ( SATA) or Serial ATA cables as a communication medium, adding to a long list of electromagnetic, magnetic, electric, optical, and acoustic methods already demonstrated to plunder data.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |