Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hack Air-Gapped Computers Using Heat

Posted by timothy on from the oh-baby-you're-so-communicative dept.

An anonymous reader writes Ben-Gurion University of the Negev (BGU) researchers have discovered a new method to breach air-gapped computer systems called "BitWhisper," which enables two-way communications between adjacent, unconnected PC computers using heat. BitWhisper bridges the air-gap between the two computers, approximately 15 inches apart that are infected with malware by using their heat emissions and built-in thermal sensors to communicate. It establishes a covert, bi-directional channel by emitting heat from one PC to the other in a controlled manner. Also at Wired.

5 of 123 comments (clear)

  1. Re:The larger problem is by gstoddart · · Score: 4, Insightful

    And how did Stuxnet spread?

    In some cases, by exploiting removable media.

    If you think there's no precedent for getting the infection onto the machine, you're horribly mistaken.

    --
    Lost at C:>. Found at C.
  2. Re:Bad Title by The+Raven · · Score: 1, Insightful

    Air gap... like Bluetooth?

    I know what the term means, but heat is just another type of EM radiation (infra-red) that doesn't have dedicated communication hardware. The accomplishment is neat, but not useful.

    As a counter-example, the paper on reading monitors from their diffuse reflected luminance is actually useful. You get a high-bandwith, air-gapped eavesdropping method. This communication by heat is more likely to be detected (as a problem, not necessarily as communication) than a steganographic (thank you) communication channel using more common EM radiation.

    I'm not saying it's not 'neat'. It's just not neat and useful.

    --
    "I will trust Google to 'do no evil' until the founders no longer run it." Hello Alphabet.
  3. Re:goddamnit!!! by LordLimecat · · Score: 3, Insightful

    So I fail to care about which term is used, it is a security breach and one of the worst kind

    Except it will only work in the most esoteric scenarios with laboratory conditions, sure. 2 PCs, with side-vent cooling and no cold aisle, and a distance of 15 inches?

    Somehow I dont think this will threaten air-gapped secure networks. Those are going to have steady cold air coming in the front, and exhausting out the back; if theyre dumping significant heat through the side of the cases you're doing it wrong.

  4. Re:goddamnit!!! by wonkey_monkey · · Score: 4, Insightful

    If anything, then, I'd say they've hacked the air gap, not the computers.

    --
    systemd is Roko's Basilisk.
  5. Re:goddamnit!!! by Anonymous Coward · · Score: 2, Insightful

    Exploits only ever get better. That's threat analysis 101. And you've provided no evidence or analysis why you're supposed mitigations are an insurmountable defense; at best they're only a stop-gap.

    This is a proof of concept. And a pretty cool proof of concept. The idea of using a side channel like this isn't that novel (RSA key cracks via CPU acoustics was shown years ago), but just think of the all the little problems you'd have to solve to execute the concept. It's pretty awesome work.