Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Air-Gap Jumper Covertly Transmits Data in Hard-Drive Sounds (arstechnica.com)

Posted by msmash on from the no-escape dept.

Security researchers have found a new way to siphon data out of an infected computer even when it has been physically disconnected from the Internet -- otherwise known as "air-gap" computers -- to prevent the leakage of sensitive information it stores, reports ArsTechnica. From the article: The method has been dubbed "DiskFiltration" by its creators because it uses acoustic signals emitted from the hard drive of the air-gapped computer being targeted. It works by manipulating the movements of the hard drive's actuator, which is the mechanical arm that accesses specific parts of a disk platter so heads attached to the actuator can read or write data. By using so-called seek operations that move the actuator in very specific ways, it can generate sounds that transfer passwords, cryptographic keys, and other sensitive data stored on the computer to a nearby microphone. The technique has a range of six feet and a speed of 180 bits per minute, fast enough to steal a 4,096-bit key in about 25 minutes.

2 of 83 comments (clear)

  1. pointless stupidity by iggymanz · · Score: 3, Insightful

    Of course, if I am allowed to install software on an "air-gapped" computer, I can make it transfer information by anything on it that makes noise or can be lit or even via power supply. Speakers, various fans, hard drive heads, retractable optical drive tray, locator blue LED, LCD display, even the power draw....I can manipulate all of those.

    There is no point to these studies, they only belabor the obvious.

    Any manager that makes some security policy based on such studies should be beaten.

  2. Re:Considering that people play music by Anonymous Coward · · Score: 3, Insightful

    Considering that people play music with floppy drives then the ability to transfer information acoustically with hard drives isn't really different.

    I wasn't aware of that, thank you for the link. I find things like that fascinating even if they aren't particularly useful.

    A much bigger issue with this: if you can get this program onto the air-gapped machine in the first place, haven't you already compromised it? If I could load say, a flash drive, into the air-gapped system to run this program, why can't I just copy whatever data I was after?

    Unrelated side issue: you know what's really broken about Slashdot? An AC post containing GNAA or the N-word or something like that gets downmodded in seconds (which is desirable), but lots of sincere and really informative AC posts never get modded up (which is a loss for everyone). Why the double standard? Editors have infinite mod points, so why not use them constructively? After all, I can see how someone using a work computer really wouldn't want to browse at -1. An easily offended coworker walking by and seeing a GNAA post would be really hard to explain to HR. It's a classic "guilty unless proven innocent, and even then probably still guilty" situation.