Air-Gapped Computer Hacked

An anonymous reader writes: Researchers from Ben Gurion University managed to extract GSM signals from air gapped computers using only a simple cellphone. According to Yuval Elovici, head of the University’s Cyber Security Research Center, the air gap exploit works because of the fundamental way that computers put out low levels of electromagnetic radiation. The attack requires both the targeted computer and the mobile phone to have malware installed on them. Once the malware has been installed on the targeted computer, the attack exploits the natural capabilities of each device to exfiltrate data using electromagnetic radiation.

Old news is so exciting

This just in, TEMPEST is a thing. Again.

Re:Old news is so exciting

[dave1791]

Parent beat me to the comment. TEMPEST has been around since at least the 80's folks.

Re:Old news is so exciting

[delt0r]

Exactly what i was going to say. I remember how easy it was to read the old CRT monitors remotely that you couldn't see.

Re:Old news is so exciting

[fuzzyfuzzyfungus]

It isn't conceptually novel; but doing a practical TEMPEST attack with nothing but a dumbphone, with a fairly unobtrusive software modification, rather than a relatively classy SDR rig or some antenna-covered fed-van is a nice practical refinement.

Really, how many 'tech news' stories are actually conceptually novel, rather than "Thing you could lease from IBM for the GDP of a small country in the 60s and 70s, or buy from Sun or SGI for somewhere between the price of a new house and the price of a new car in the 80s and early 90s, is now available in a battery powered and pocket sized device that shows ads!" Conceptual novelty has a special place, of course; but one ought not to scorn engineering refinement.

Re:Old news is so exciting

[SuiteSisterMary]

Sure, but it still involves physical access to the machine. Headline should have read something like 'novel new way to get data remotely off of compromised non-networked computers'.

Re:Old news is so exciting

[AHuxley]

The TEMPEST origins are within the CIA going back to the very early 1950's.
The UK stumbled on TEMPEST like results thanks to a leaky embassy cypher machine in 1952 that offered up plain text.
France was the main target going into the 1950's until corrective hardware was added in the early 1960's.
The US and UK also had success with the new methods in Berlin and Vienna against Soviet communications networks.
In theory every advanced cryptographic expert should have been fully aware of the issues into the 1960's-70's on any advanced device on the open market.
The main issue seems to be the use of average PC enclosures in very secure sites. The staff are trusted, the site is kept away from random outsiders, distance and physical security been the focus. The more historical view would be to build a much better enclosure, encrypt and have better site security.
Learn from France and its total loss of communications security in the 1950's...

Re:Old news is so exciting

It isn't conceptually novel; but doing a practical TEMPEST attack with nothing but a dumbphone ...

You obviously did not bother to read the article. Not only does it require malware be installed on the target computer, but it requires malware to be installed on the cellphone as well. Dumb phones (which are not even mentioned in the article) cannot download malware and would require a custom chip installed. While feature phones (also not even mentioned) can download apps, they MAY lack the CPU power necessary to run the decoder malware. It seems like a much ado about nothing to me. The only way to infect an air-gapped computer with the required malware is to have physical access, or control the supply chain that provides software. So not only do you need the security clearance to gain physical access to the machine, but if you can smuggle the thumbdrive with the malware on it IN, you can certainly smuggle the thumbdrive with the desired information on it OUT. This is how Snowden operated.

Re:Old news is so exciting

Dumb phones are mentioned in the article. Quite specifically, in fact. There is even a picture of the setup taken by Wired at the very top of the page. I know that reading is too much to ask but, really, is it so hard to look at pictures if you have already clicked the damned link?

KGIII - Over my post limit. 50 is too low and the absolute wall even with the highest of karma rankings. Ah well...

Re: Old news is so exciting

Exactly the whole submission says nothing new. Oh hey if I have a compromised computer then it's compromised! Well duh. At that point you don't even go emit radiation just vibrate the hard drives or floppies and listen to it.

Re:Old news is so exciting

> still involves physical access to the machine.

So when the NSA intercepts your hardware before it's delivered?

Re:Old news is so exciting

It isn't conceptually novel; but doing a practical TEMPEST attack with nothing but a dumbphone, with a fairly unobtrusive software modification, rather than a relatively classy SDR rig or some antenna-covered fed-van is a nice practical refinement.

You never needed a classy SDR rig or some antenna-covered fed-van in the first place, you just need any receiver sensitive enough for the frequency band you want...

It's like saying "OMG I can stare at my nice 27" flatscreen monitor today instead of the 20lb 10" from 25 years ago"...

Re:Old news is so exciting

[SuiteSisterMary]

So when the NSA intercepts your hardware before it's delivered?

Just look for the guy in the black suit, sunglasses, and earpiece lurking around the door of your server room with a cell phone plugged into his laptop.

Re:Old news is so exciting

[fuzzyfuzzyfungus]

The article named the phone as the Motorola C123. Apparently that model has an atypically well-understood baseband, which is probably why it was picked; but that handset is dumb as a rock except by comparison to the utter antiques from the age of analog cellular or something. I don't even think it has one of the teeny little JREs that phones used to have.

Re:Old news is so exciting

Sure, but it still involves physical access to the machine. Headline should have read something like 'novel new way to get data remotely off of compromised non-networked computers'.

And this is a remarkably slow way to offload data, given that you have hands on the machine AND sufficient access to be installing software - why aren't you just offloading data to whatever device you plugged in? You can't even handwave that as a "but I can do it remotely", since the recieving cellphone has to be "nearby", which means you can't go home and let it work in the background.

It's a neat theoretical, but it's in the realm of "I can listen in on all your phone calls without tapping the line! You just have to let me sit in your living room while you're on the phone..."

Notice

Farting is prohibited. Air gap hack in progress.

"If you install x on both computers...."

[jafiwam]

This is just a new way to make a very slow, very crappy network connection via unexpected hardware.

"Hacking" has SOME meaning ya dummies. It implies that there isn't a willful participant at one end and the data breech happened anyway.

Whatever this is... it isn't 'hacking'.

Re:"If you install x on both computers...."

Making a network out of unexpected hardware sounds like a hack.
Doing so without a willfull participant sounds more like cracking.
But maybe that's just splitting hairs.

Re:"If you install x on both computers...."

It's a "covert channel," a security concern that may justify air gapped networks. So it is a hack in the sense that it is a security exploit, and unconventional. But yeah, the title is very misleading.

Re:"If you install x on both computers...."

Agreed. I'm tired of people demonstrating "hacks" that could not occur under any normal circumstances, just for publicity's sake. It's become annoying and really serves to dilute the concern that should be shown when legitimate security holes are found.

Re:"If you install x on both computers...."

[fuzzyfuzzyfungus]

It isn't a standalone hack, since placing the implant is left as an exercise for the reader; but exfiltration is a necessary ingredient of hacks in situations where a network connection either doesn't exist or can't safely be used.

Re:"If you install x on both computers...."

[Nerrd]

""Hacking" has SOME meaning ya dummies" Yes - and the meaning of the term "hacking" has little to do with criminal activity or the breaching of a computer network. That meaning, is quite new.

Re:"If you install x on both computers...."

[gstoddart]

But so what? If you can get someone inside the secure area where the super secret machines are, and you can put a small amount of malware on them, you can gain access to them.

Yes, you won't do this with a remote exploit, but if you can subvert one person you can get into stuff.

So, like in Ocean's 11 where the guy dressed as the technician hooks into the system and nobody knows it, this is a way in which the bad guys can get your stuff.

And if you know that air gapped computers likely rely on some form of portable media on some form of regular schedule, and you can target that remotely, you really don't need a willing participant on the other end. The portable media might do the job for you without anybody even knowing about it.

If I can compromise your top secret computers by figuring out the weak link of getting this stuff onto them, then from an espionage sense of the word, I'm inside 'yer stuff and I can has cheeseburger.

It sure as hell is hacking by any meaningful sense of the word.

To many of us, 'hack' absolutely includes a clever new way of gaining access to something by exploiting something something unexpected. Doing it over an air gap is pretty unexpected since traditionally we say computers are secure if they're not connected to a network and inside a locked room. With this, not so much.

Once you have the technique, the social engineering or other cheating to get the access is something pretty much well covered by the rest of the espionage playbook. Hell, it's pretty well covered in books and movies.

Re:"If you install x on both computers...."

[ComputerGeek01]

Do you actually know what a toolchain is you idiot? Script kiddies are welcome to stay home.

Re:"If you install x on both computers...."

[Rick+in+China]

As soon as the article got to "The attack requires both the targeted computer and the mobile phone to have malware installed on them"..... I stopped reading.

Re: "If you install x on both computers...."

Yea because movies and books dictate real life.

Re:"If you install x on both computers...."

Argue all you like, wasn't it an employee of an contractor (air conditioning or somesuch) of Target that got the malware into Target's network and it then spread itself to their credit card terminals just in time for the Christmas rush just last year?

I agree it isn't a remote exploit and that air-gapping is very helpful in securing systems that don't need to be networked but dismissing a hack that requires one-time physical access to a system isn't very smart. Security types always say that defense in depth is where it's at.

Re:"If you install x on both computers...."

Recalibrating hardware to perform in a way that it was not intended, but grants a user access to an otherwise closed system is not a hack!

This is exactly the meaning that "hacking" has, you fucking idiot.

Re:"If you install x on both computers...."

by new, i assume you mean 20+ years old. if the majority believe that cracking is hacking, then it is.

And why do they still need to prove this?

The moment you have sufficient access to the system to install malware it means something has gone wrong with the access control, there is no point in air gapping a system if you don't have good access control...

Re:And why do they still need to prove this?

[fuzzyfuzzyfungus]

Unfortunately, as our fine folks in the TAO group have apparently proven on multiple occasions, even people with fancy access control tend to have very little power until the package shows up at their loading dock. What happens earlier in the process is less encouraging.

Re:And why do they still need to prove this?

[oobayly]

In other news - I can get into any car and drive off with it.

All I need to do is get the owner to leave the key on the front-right wheel.

Hacked Computer with air gap not completely secure

[cnaumann]

That headline would be a little more accurate but far less sexy.

If you have physical access...

[Attila+Dimedici]

So, this still requires physical access to the computer. I certainly hope that no one thought that it was possible to prevent someone with physical access to a computer from extracting data from said computer. You can make it difficult for them to do it, but not impossible.

Re:If you have physical access...

[gstoddart]

It requires someone to have access, but not necessarily you.

Say I know every Tuesday you need to transfer data to your air gapped computers. Now, assume the source of that data is somehow less secure and I can target that. Now, the person who is supposed to be in there is the only one who ever is, and unknowingly transfers the appropriate code to get into your systems.

See, the thing about security is that it's only as strong as the weakest link. If there is ever any data transfer in or out of your secure system, that becomes the weak link.

With some cleverness and patience, it is entirely possible this can be done entirely remotely, with all of the physical access being done by trusted people. And then your assertion about needing physical access becomes provably false.

Assuming your air-gapped machine periodically needs new inputs, and assuming you don't have people type that in from paper copy ... then however you get stuff on or off that computer is the thing you target.

Sure, the guys with guns and video cameras won't let me into your secure room. But they do let someone in. And that someone can be made to be unwittingly do your dirty work.

I don't think my scenario is even remotely implausible. If you have enough motivation, patience, and resources, you can accomplish an awful lot when it comes to bypassing security. And most nation states have all of those things, and lots of people actively working on it.

Re:If you have physical access...

[AHuxley]

An embassy site or massive gov building might open to visitors, cleaning contractors, new staff, insiders with faith or cult like foreign loyalties, people offering products for demo or sale, tours, public requests within that magic air gap distance thats not miles on a classic mil base but down to floors or 100's of feet.
The classic secure communications room might be very secure to trusted staff only but the wider network might be very leaky over 10's-100 of feet beyond physical security.
Physical access vs site access has always been the magic that so few designers understood. The network outside the building was 100% safe. At the next room distance plain text recovery was still an option.

Re:If you have physical access...

[Attila+Dimedici]

OK, you are right. You only need the ability to insert your malicious code onto something that will be taken to the computer and set up to install. If you have the ability to both get your software installed on the computer and the ability to monitor its electromagnetic output, you can access the data on that computer. Guess what, I would have told you ten years ago that if you have the ability to get your software installed on a computer, you have the ability to access the data on said computer.

Re:If you have physical access...

[Attila+Dimedici]

You are missing the part where they had to install their malicious software on the computer in question in order to accomplish this hack.

Re:If you have physical access...

[bobbied]

You don't seriously think that they haven't thought about protecting their network connections outside of that super secure room do you?

Last time I checked, anything that carried data between these super secure locations was required to be encrypted by approved encryption devices using randomly assigned keys which changed frequently... Plus the infrastructure that carried the wiring had to be secured from tampering and frequently inspected... These networks don't "leak" as you might expect, but are well isolated both by encrypting data and electromagnetic shielding.

Re:If you have physical access...

[squiggleslash]

It doesn't really mean that, though that helps. It means that at some point you must have had a way to inject your software onto it. That might mean physical access to the computer. Or it might mean physical access to the operating system image before it was loaded onto the computer. Or it might mean physical access to the bespoke software image before it was loaded onto the computer.

One scenario, for example. You work for a company that produces software to control lottery random number machines. You insert, suitably obfuscated, code working on this principle into the software before release. The code is audited, but as all eyes are on modules relating to the retrieval and display of the random number, your code is largely ignored and just assumed to be poorly written, not evil, per-se.

Your accomplice then gets a job as a janitor at SuperMegaBall HQ, one of your clients. They're able to use a cellphone to extract the secure login credentials, which you then crack, and said accomplice is then able to gain full access to the computer with the credentials and upload a software update that'll give you the numbers you want.

This is so foolproof I could work as the scriptwriter for "Scorpion". *kills myself*

Re:If you have physical access...

[NatasRevol]

If there is ever any data transfer in or out of your secure system, that becomes the weak link.

If your 'air-gapped system' ever required data transfer in or out, it's NOT AN AIR GAPPED SYSTEM.

Re:If you have physical access...

[gstoddart]

Or, conversely, if your machine never has any data which comes in or out, then you somehow have created a perfect closed system which has all the information it ever needs and can never be updated.

In which case it's probably useless.

Air gapped doesn't mean you never periodically put in new data or extract results, it means you don't have it connected to anything.

If you never add new data, and you never extract any, your computer is probably doing a really damned boring task which probably doesn't need to be air gapped in the first place.

If you put a computer in a secure room, and hermetically seal it so you can never do anything with it, you might as well turn it off while you're at it. If you're doing something so mundane as to know it will never ever need updating, then print out everything it can ever tell you and put it in a damned book.

Because it will never ever tell you anything you don't already know.

Re:If you have physical access...

How would you have accessed the data? The computer has no network connection and the only thing they use to give it new data to process is non-rewritable CD-Rs. They also keep close watch around the premises, so you can't park your antenna van nearby.

All these people spouting truisms about how everything is hackable and the fact that you can retrieve data from a fucking airgapped PC with a bit of code on it and a less secure device nearby... It's starting to piss me off.

Sure. TEMPEST is old news, but this is a significant refinement. Do you think being all "yeah, sure, we all knew that" makes you look oh so cool or smart?

Re:If you have physical access...

[gstoddart]

So what?

Ever hear of Stuxnet? Do you know it was largely spread with infected USB drives?

It's not like there has never been a situation in which someone has gotten malware installed through this kind of thing. And once you know you have the exploit, you can start figuring out how to get it there.

Security tends to fail when humans are involved, because sooner or later someone messes up.

History has told us repeatedly that this is achievable without ever actually needing to have physical access yourself, you let the target do that for you.

Re:If you have physical access...

[NatasRevol]

Yes, because hermetically seal an individual computer is the same as air-gapping a set of computers.

Pedants are ... funny.

Re:If you have physical access...

[jimbolauski]

Changing the frequency band the data is transmitted on is not a significant refinement. You still need two compromised devices in close proximity to each other and the bandwidth is severely limited.

Meh.

[msauve]

"The attack requires both the targeted computer and the mobile phone to have malware installed on them."

In other news, data can be exfiltrated from air-gapped computers if others can see the screen or hear the speaker. Even worse if they have WiFi installed on them.

Re:Meh.

[Sarten-X]

Those vectors are easily noticeable, though. Malware controlling the computer's electrical usage is so subtle as to be easily missed.

Re:Meh.

[AHuxley]

Thats easy to do with a Tailored Access Operations unit like hardware upgrade to all exported systems to a nation or front company over many years and upgrades.
All computers arrives ready for collection as installed by default. For admin staff or the more secure communications room. Just waiting for an alternative network day, weeks, months later after local install and site testing.

Re:Meh.

[bobbied]

Malware is ALWAYS detectable... It may take awhile to scan, but if you really want to be 100% sure something is clean, there are ways.

I'd be pretty surprised if there are not processes and procedures in place to catch such things as they happen.....

Re:Meh.

Malware is not always detectable. For example, a malicious coder could intentionally implement an algorithm such that its susceptible to a side channel attack. But as almost all algorithm implementations are susceptible this way (excepting a minority of cryptographic implementations), it goes unnoticed. For example, a tight loop in the scheduler. And even if noticed, it might be impossible to know that it was malicious, intentional, or even wrong at all. Hardening implementations against side channels often makes them slower and suboptimal.

It was over 10 years ago, I think, that researchers were able to crack an RSA key by listening to the acoustic resonance of the CPU with a speaker sitting outside the case. Since then RSA implementations have been tightened up (mostly because of proofs-of-concepts regarding TCP latency leaking similar data). But there's a crap ton of software running on modern systems, and for a dedicated organization relatively easy to get their code committed to the original commercial vendors or open source projects.

Of course, selecting the data you want to exfiltrate in an innocuous manner can be problematic; sometimes it's not as easy as leaking bits of a cryptographic key. But there are all kinds of data out there, and its value hard to judge.

If you think something is impossible simply because you can't think of a way to accomplish it, you're an idiot.[1] Only an idiot is sure about what he doesn't know.

[1] Unless, of course, you an provide a logic proof for why it's impossible. Of course, the proof will have to rest on your premises. And those will often fail with time.

Stop the press

[Big+Hairy+Ian]

Malware used in Hacking!!! Seriously though if you're taking security that seriously you'll be sitting in a Fariday Cage for most of your professional career. Hmmm Idea for a kickstarter though a "Fariday Cage Iphone case" :D

Re:Stop the press

As I recall this is exactly how it worked in the black data rooms of certain government facilities prepping or operating certain payloads for certain spacecraft launches. It was like going into a submarine or the bowels of some ship. Racks full of gear in a solid steel room. The door was a hatch with big wheel on it. Nothing was turned on until the door was closed and the wheel spun 'round to seal us in. Data cables and power came in through solid steel conduits from other similar rooms in this facility. There were many fences and miles of patrolled open space between the facility and any public road. Lots of fun!

really bad title

[bloodhawk]

NO, the air gap computer wasn't hacked. If you require them to install malware on it then it wasn't actually hacked, the air gapping is to prevent any malware from getting in. This is like a heap of other sensational articles from security researchers that claim how weak somethings security is as long as they had physical access or admin access, yeah no shit Sherlock, if you can install software on a computer you can do all sorts of nifty shit.

Re:really bad title

The tittle is bad.... but it is still a "hack." One reason to air gap a network is to prevent the exfiltration of data, which this is able to do through a covert channel. This program circumvents that security, albeit with the high bar of first needing a way to install malware on the machine and leave a phone nearby.

So James Bond breaks into the high security area, installs the malware, and leaves. From then on classified data can be slowly siphoned without anyone else knowing.

Re:really bad title

NO, the air gap computer wasn't hacked. If you require them to install malware on it then it wasn't actually hacked, the air gapping is to prevent any malware from getting in.

Yes, incorrectly used terminology.

The possibility is still interesting. Malware can be introduced by leaving USB-sticks around and hope for incompetence to happen.
If this leads to you being able to extract arbitrary data from the infected computer despite air-gapping or properly configured firewalls then it becomes a lot more useful.
Want to get hold of company secrets? Leave a USB-stick on the parking lot. Get back in the evening when no-one checks what the computers are doing and snoop around.

Re:really bad title

I work with a lot of air gapped networks. firstly aint no way you are even getting a phone in the building let alone near one of the computers and no the article is wrong it isn't just smartphones that are generally banned in there, it is ALL electronic devices. If someone has gone to the trouble and pain of an airgapped network they also likely have shielding and whole racks of computers (good luck getting a signal out of their). The method is interesting but hardly realistic as if you had physical access to install the malware you could have mounted far more effective attacks. As always if you have physical access it is game over.

Re:really bad title

[bloodhawk]

most places that require airgap's also have strict rules around what is allowed through the door let alone near a computer. e.g. one of the places I work at you must check ALL electronic devices into a locker before even getting past the front desk. USB ports on terminals are disabled and they don't have optical drives, all data enters and leaves through a controlled point. The USB in the parking lot trick is really only effective in lower security areas, not places with air gaps, air gaps have a lot higher vigilance (not perfect) and the USB in the parking lot is a well known trick that is in standard training for any place that cares the least bit about security let alone a place going to the extent of air gapping. It is interesting from a technical standpoint, but completely implausible.

Motorola C123 = almost SDR

[citizenr]

Phone shown in the video is a variant of Motorola C123, Calypso Chipset design with leaked firmware source and semi documented dsp
http://bb.osmocom.org/trac/wik...

it isnt some dumb phone, its an SDR platform capable of running primitive GSM base station, or sniffing GSM traffic.

how is this a hack?

So for this "hack" to work, you need to have access to the target machine to install malware.

Umm, ok, then I just hacked my companies corporate network by using remote desktop to access a server from home.

About the same level of hack, no?

Re:Hacked Computer with air gap not completely sec

[The+MAZZTer]

"Oh yes, I thought of something," panted Ford.

Arthur looked up expectantly.

"But unfortunately," continued Ford, "it rather involved being on the other side of this airtight hatchway." He kicked the hatch they'd just been through.

Missing the point here......

[dablow]

...what happens if that "malware" comes installed by default on closed source OS like Windows, OS X, iOS?

It's been documented that the NSA (could have been another agency) intercepting IT hardware (like Cisco switches) and installing their own custom firmware. Also hard disks have some code running on them curtsey of the NSA.

Does nobody else see the inherit danger here?

Re:Missing the point here......

[Overzeetop]

Why does the malware need to be closed source. Can you not write and hide malware in open source software? It's not as if an end user is typically going to be able to audit the entire OS codebase even if it is available. And anyone involved in the setup of the machine would have the opportunity to easily slip in the malware, while the OS appeared to be stock.

Re:Missing the point here......

[dablow]

You are correct that the average Joe, including myself, does not review 99.99999% of open sourced software. Quite simply I do not have the time to do so. However when it's open sourced, it is much much harder to sneak in malware because most popular releases do get reviewed by whatever community runs/develops it. If the release in question is ignored, it generally means that there is a lack of interest and/or user base at which point the problem becomes moot.

However it is much much harder to review a closed source OS like Windows/ iOS etc....Nobody will waste their time until paid to do so, and nobody is willing to pay to do so, especially not the companies who make the product.

Re:Missing the point here......

Not just the NSA, but also the Chinese were installing some pretty good looking trash on Hitachi HDDs a few years back.

Re:Missing the point here......

However when it's open sourced, it is much much harder to sneak in malware because most popular releases do get reviewed by whatever community runs/develops it.

One word: Heartbleed. Game over, you lose.

Re: Missing the point here......

Heart bleed was a bug, not malware.

Re:Missing the point here......

You don't install random things on air-gapped computers like a new OS. If you require enough security that your systems need to be air-gapped then you also have software tools and procedures to lock everything down as tightly as possible.

Re:Hacked Computer with air gap not completely sec

[The+MAZZTer]

Bah, screwed up the link. https://www.google.com/search?q=site%3Ablogs.msdn.com%2Fb%2Foldnewthing+%22It+rather+involved+being+on+the+other+side+of+this+airtight+hatchway%22

Zenith Baby! Z-100

USAF used those. Had a Z-80 and an 8086 as I recall. And shielded. Nope. 8088 and 8085. Still had those shields up! Supposedly.

Re:Hacked Computer with air gap not completely sec

[fisted]

You screwed it up yet again. Here you go

Re:how is this a hack? Could be Skimmers Gen II

[Demonoid-Penguin]

So for this "hack" to work, you need to have access to the target machine to install malware.

Umm, ok, then I just hacked my companies corporate network by using remote desktop to access a server from home.

About the same level of hack, no?

No. Because you're just using an existing network connection. They're creating one. A covert channel.
And not even close to the same level.

Other posters have constructed scenario based on the most secure conditions to demonstrate the hack is worthless - while conveniently overlooking the fact that many companies have an air gapped computer with little tight security. In which case the evil maid scenario would work just fine.

Is it a hack, or a crack? It's both. The hack is used to crack the air gap security.

Is it no news because TEMPEST is old news. No. Because TEMPEST has distance, difficulty and space limitations. This attack will work anywhere you can get access to the air gapped computer and put a suitably modified mobile phone within reception range. Mobile phones are easy to hide. It wouldn't be difficult to put one in a wall or roof cavity and power it from a simple puncture clip (a plastic clamp with two pin that penetrate the insulation).

It could also be used to bypass encryption and firewalls that protect non-air gapped computers. Lots of those in places where you can have a mobile phone and get reception. One scenario where this might work is ATMs - which would be easiest if you had the willing assistance of anyone who services them. If it was possible to to pull useful information from the system you'd then be able to siphon off useful info without needing to try and break the encryption used for transmission between the ATM and the bank. Generation II Skimmers.

Petrol bowsers (cheap or free petrol), vending machines (free snacks) and similar devices (cheap tickets, credit card information) - if the information can be reconstructed from the data, and if the method could be used in both directions to allow data injection (which is theoretically possible).

de haxx0rz r

in de air tonite

Back to single lanes

Looks like having multi channel PCIe busses is passe. Time for ISA.

"I/O gapped" is the new "Air gapped"

[davidwr]

If it's not "I/O gapped" - that is, if state changes aren't completely undetectable outside of the "secure environment" - then for all practical purposes it's not what we used to mean when we said something was "air-gapped."

In today's standards, it needs to be in an EMF-shielded room with an independent power supply (probably batteries), and it needs to be powered down completely when the shielded room's doors are open.

Just a "bug"

Heart bleed was a bug, not malware.

No difference. The best exploitable back-doors are designed to just look like bugs. Ask the NSA how that works. As such, where's the proof that heartbleed was "just" a bug?

that's not what airgapping is

[ihtoit]

Airgapping the the complete physical isolation of a computer from ANY network. A computer in a closed Faraday cage with its own power generation inside the cage (like say a battery in a laptop) is the ONLY situation in which a system lacking ANY type of wireless or wired network connection including but not limited to Bluetooth, Wifi, Infrared, Serial, Modem or Cat5, can be in any way considered airgapped.

Re:that's not what airgapping is

add to that list: memory card, floppy diskette, guy with two flags, Morse telegraph, smoke signals...

Comment removed

[account_deleted]

Comment removed based on user account deletion

faraday

wouldn't a faraday cage prevent this? what problems would some wire mesh cause?