Air-gapped computers that are isolated from the Internet and other
computers are long considered to be the most secure and safest place for
storing data in critical infrastructures such as industrial control
systems, financial institutions, and classified military networks.
However, these systems have sometimes been targeted in the past, which proves that these isolated systems are not completely secure.
However, these systems have sometimes been targeted in the past, which proves that these isolated systems are not completely secure.
Previous techniques of hacking air gap computers include:
- AirHopper that turns a computer's video card into an FM transmitter to capture keystrokes;
- BitWhisper that relies on heat exchange between two computer systems to stealthily siphon passwords or security keys;
- Hacking air-gapped computer using a basic low-end mobile phone with GSM network; and
- Stealing the secret cryptographic key from an air-gapped computer placed in another room using a Side-Channel Attack.
Primary Focus of the 'DiskFiltration' Research:
Ignoring the fact that how an air-gapped computer got infected with malware in the first place, the new research focused on, once infected, how the malware would be able to transfer data (passwords, cryptographic keys, keylogging data, etc.) stored on an air-gapped computer, without network, the Internet, USB port, Bluetooth, speakers, or any electronic device connected to it.
A team of researchers from Ben-Gurion University published their finding in a paper titled, "DiskFiltration: Data Exfiltration from Speakerless Air-Gapped Computers via Covert Hard Drive Noise," explaining a unique technique that uses acoustic signals (or sound signals) emitted from the hard disk drive (HDD) of the targeted air-gapped computer to transfer the stolen data.
How DiskFiltration Works?
You might have felt something spinning and generating weird noise while your computer reads or writes data on a storage hard drive.
That’s the voice coil "actuator" inside your hard drive, which moves on the disk plate while accessing specific parts/blocks of the storage.
As demonstrated, the researchers used their malware to manipulate the movements of the actuator in very specific way to generate acoustic noise (like morse code) that they interpreted into binary data using a smartphone app from six feets away, at a speed of 180 bits per minute, Ars reported.
"The idle acoustic noise emitted from disk rotation is static and cannot be controlled by software," the paper explains.
"In order to modulate binary data, we exploit the seek acoustic noise generated by the movements of the actuator. By regulating (starting and stopping) a sequence of seek operations, we control the acoustic signal emitted from the HDD, which in turn can be used to modulate binary 0 and 1."According to the paper, this technique is fast enough to transmit a 4,096-bit key within 25 minutes through manipulated sound signals emitted from the hard disk drive.
How to Prevent against DiskFiltration-Style Threats?
As a workaround, researchers advised to replace the HDDs (Hard Disk Drives) with SSDs (Solid State Drives) to eliminate the DiskFiltration-style threat, since SSDs are not mechanical, thus generating virtually no noise.
Making use of a particularly quiet type of hard drives or installing the hard drives within special enclosures can also limit the range of emitted noise. Another countermeasure is to jam hard-drive signals by generating static noise in the background.
At the software and firmware level, making use of hard drives that includes automatic acoustic management (AAM) feature could also help in limiting the emitted acoustic noise.
Another solution is to ban smartphones and other types of recording devices nearby of the sensitive air-gapped computers.
No comments
Post a Comment