The Air-Gap Jumpers

Conference: BlackHat USA 2018

2018-08-08

Summary

Air-gapped networks are not completely secure and can be compromised through various sophisticated attack vectors, including air gap cover channels. These channels can be classified into seven main categories: physical media, acoustical channels, electromagnetic, magnetic, electric, travel channel, optical, and thermal.

Air-gapped networks are used by various organizations and industries to maintain their data, including critical infrastructure command and control centers, healthcare, banking, and finance sectors.
Attackers can use educated attack vectors to compromise air-gapped networks, such as supply chain attacks and malicious insiders.
Air gap cover channels are non-standard or non-conventional out-of-band communication methods that attackers can use to exfiltrate information from isolated air-gapped networks.
Air gap cover channels can be classified into seven main categories: physical media, acoustical channels, electromagnetic, magnetic, electric, travel channel, optical, and thermal.
Physical media is the conventional way to jump the air gap, using flash drives or similar devices to transfer files and data.
Acoustical channels use ultrasonic range to modulate and transmit data over a six-kilohertz band, which can be received by a hidden microphone or smartphone in the room.
Electromagnetic cover channels use the display cable to generate electromagnetic radiation, which can be controlled and modulated to the FM radio band and received by a smartphone with an FM receiver.
An anecdote illustrates how a nearby smartphone can receive top-secret data from an air-gapped computer through electromagnetic cover channels.
Other cover channels include magnetic, electric, travel channel, optical, and thermal, which are briefly discussed in the presentation.

The presentation shows how a nearby smartphone can receive top-secret data from an air-gapped computer through electromagnetic cover channels. The display cable generates electromagnetic radiation, which can be controlled and modulated to the FM radio band. The FM transmitter from the computer can be received by a mobile phone with an FM receiver in the engine room or outside the room, creating a link between the computer and the mobile phone. This research is called 'Bridging the Air Gap between Isolated Networks and Mobile Phone Using Radio Frequencies.'

Abstract

The term 'air-gap' in cyber security refers to a situation in which a sensitive computer, classified network, or critical infrastructure is intentionally physically isolated from public networks such as the Internet. Air-gap isolation is mainly used to maintain trade secrets, protect confidential documents, and prevent personal information from being leaked out, accidently or intentionally.In this talk, we focus on 'Bridgeware', a type of malware which allows attackers to overcome ('bridge') air-gap isolation in order to leak data. We talk about various covert channels proposed over the years, including electromagnetic, magnetic, acoustic, thermal, electrical and optical methods (and introduce new air-jumping technique from our recent research). We examine their characteristics and limitations, including bandwidth and effective distance. We also discuss the relevance of these threats and the likelihood of related cyber-attacks in the modern IT environment. Finally, we present different types of countermeasures to cope with this type of threat. We will include demo videos.

Materials:

Slides

Tags: