There are many ways to attempt to secure a digital system. Firewalls, intrusion detection systems, anti intrusion software, employee training, tight policies and procedures can all play a key part, but they can also be manipulated and defeated by skilled and persistent evil doers. Often considered ‘best’ way to secure a system from those with malicious intent is by completely isolating the system from the outside i.e.- the Internet. This practice is known as ‘air gapping’ in that there is no outside connection through which the ‘bad guys’ can enter the system and perform their nefarious work. Very sensitive systems such as government agencies and those in our critical infrastructure, especially nuclear energy, have historically relied on this practice to ward off catastrophic disaster.
However, it appears that evolving technology may soon make ‘air gapped’ systems not as secure as they once were and IT specialists in those sensitive areas should be concerned. Writing for ArsTechnia, Dan Goodin writes “Researchers have devised a new way to siphon data out of an infected computer even when it has been physically disconnected from the Internet to prevent the leakage of sensitive information it stores”. Developed by Israel’s Ben-Gurion Universities cybersecurity laboratories, the new procedure used to jump the gap is called ‘DiskFiltration’ and, believe it or not, uses ‘sound’ to transfer data from the secure system across the gap to an awaiting capture by – according to Goodin – “manipulating the movements of the hard drive’s actuator“. Guri, Solewicz, Daidakulov, and Elovici, (2016) the developers of the process, describe it as “…a covert channel which facilitates the leakage of data from an air-gapped compute via acoustic signals emitted from its hard disk drive (HDD). Our method is unique in that, unlike other acoustic covert channels, it doesn’t require the presence of speakers or audio hardware in the air-gapped computer”.
Added to other experimental methods for jumping the air gap such as AirHopper, BitWhisper, GSMem, and Fansmitter, it appears that researchers, both good and bad, are closing in on a process to easily breach ‘air gapped’ systems. Those who defend our most sensitive systems should be afraid, very afraid.
Goodin, D. (2016). New air-gap jumper covertly transmits data in hard-drive sounds. Retrieved from the Internet at http://arstechnica.com/security/2016/08/new-air-gap-jumper-covertly-transmits-data-in-hard-drive-sounds/
Guri, M., Solewicz, Y., Daidakulov, A., Elovici, Y. (2016). DiskFiltration: Data Exfiltration from Speakerless Air-Gapped Computers via Covert Hard Drive Noise. Retrieved from the Internet at https://arxiv.org/abs/1608.03431