August 12, 2016
Air-gapped computers that are isolated from the Internet and other computers are long considered to be the most secure and safest place for storing data in critical infrastructures such as industrial control systems, financial institutions, and classified military networks.
However, these systems have sometimes been targeted in the past, which proves that these isolated systems are not completely secure.
Previous techniques of hacking air gap computers include:
- AirHopper that turns a computer’s video card into an FM transmitter to capture keystrokes;
- BitWhisper that relies on heat exchange between two computer systems to stealthily siphon passwords or security keys;
- Hacking air-gapped computer using a basic low-end mobile phone with GSM network; and
- Stealing the secret cryptographic key from an air-gapped computer placed in another room using a Side-Channel Attack.
Now, researchers have devised a new method to steal data from an infected computer even if it has not been physically connected to the Internet for preventing the computer to leak sensitive information stored in it.
Primary Focus of the ‘DiskFiltration’ Research:
Ignoring the fact that how an air-gapped computer got infected with malware in the first place, the new research focused on, once infected, how the malware would be able to transfer data (passwords, cryptographic keys, keylogging data, etc.) stored on an air-gapped computer, without network, the Internet, USB port, Bluetooth, speakers, or any electronic device connected to it.
A team of researchers from Ben-Gurion University published their finding in a paper titled, “DiskFiltration: Data Exfiltration from Speakerless Air-Gapped Computers via Covert Hard Drive Noise,” explaining a unique technique that uses acoustic signals (or sound signals) emitted from the hard disk drive (HDD) of the targeted air-gapped computer to transfer the stolen data.