The research was conducted by Mordechai Guri, Ph.D, who was assisted by Mazan Munitz and guided by Prof Yuval Elovici, as part of the on-going focus on air-gap security at the BGU Cyber Security Research Center in Beer Sheva, Israel.
In the past year, researchers at the university have found that air-gapped PCs could potentially be compromised using mobile malware and light-based printers, but this latest project indicates that heat emissions could also play a part in hijacking an air-gapped device to steal data.
Researchers say that this is possible by using an attacking technique named as ‘BitWhisper'. Put simply, would-be attackers could infect both the attack and victim devices with specially-designed malware, and then manipulate heat patterns by using thermal sensors - typically used to prevent the system from over-heating.
The researchers said that this method “establishes a covert, bi -directional channel by emitting heat from one PC to the other in a controlled manner. By regulating the heat patterns, binary data is turned into thermal signals. In turn, the adjacent PC uses its built-in thermal sensors to measure the environmental changes. These changes are then sampled, processed, and converted into data.”
Commands or data can subsequently be sent from one machine to another, in an attack that would leave "no trace whatsoever" as it was happening over invisible heat signals, thus there would be no record of data being exfiltrated.
In a video demonstration, Guri and the team showed how BitWhisper could be used to trigger a USB toy missile launcher in rotating and firing. There are, however, a few catches - most notably that both devices would have to have malware installed (not so easy for air-gapped machines, which usually require physical access), and would have to be within 15 inches (or 40cm) of each other. It is also slow in sending data – as it can only transmit around 8 bits per hour.
Researchers, nonetheless, say that this proof of concept (POC) attack could be used to steal data, including passwords and private security keys, from classified military and payment networks.
“The scenario is prevalent in many organisations where there are two computers on a single desk, one connected to the internal network and the other one connected to the internet,” the researchers said. “BitWhisper can be used to steal small chunks of data (eg passwords) and for command and control."
“Only eight signals per hour are sufficient to steal sensitive information such as passwords or secret keys. No additional hardware or software is required. Furthermore, the attacker can use BitWhisper to directly control malware actions inside the network and receive feedback.”
Speaking to SCMagazineUK.com after the release of the findings (the full report is due to be released shortly), Dudu Mimran, chief technology officer of the Cyber Security Labs at the university, said that the attack is viable given it is common for organisations to have a set-up where on a single desktop, there are two computers - on internal and external networks.'