Air-gapped computers not secure from advanced threat actors, Kaspersky warns

If your organisation holds highly sensitive data that it keeps safe from external access through air-gapped computers and other devices, hackers have ways to exfiltrate data out of such devices without leaving any traces.

Air-gapped computers are usually considered the most secure means to store classified information, the loss of which can imminently compromise national security or the loss of intellectual property rights which take decades of hard work and research to obtain.

However, security firm Kaspersky warns that advanced hackers can use the laws of physics, their inventiveness, and their technical acumen to exfiltrate classified data stored in air-gapped computers, often without leaving a trace. And they are not talking about bribed insiders.

Hackers can use various techniques based on principles of physics such as ultrasound, electromagnetism, magnetism, optics, thermodynamics, and seismic waves to interact with air-gapped computers and obtain information stored in them, the firm said.

For instance, the AirHopper malware is capable of bridging the air-gap between an isolated network and nearby infected mobile phones using FM signals. After converting an electromagnetic field into an electric signal, hackers can "use malware to send a sequence of signals to the display and transform the monitor cable into a kind of antenna. By manipulating the number and frequency of the bytes sent, they can induce radio emissions detectable by an FM receiver," Kaspersky said.

High-frequency magnetic radiation generated by CPUs can also be controlled through the use of software that can manipulate the load on a processor’s cores. A group of researchers at Israel’s Ben-Gurion University demonstrated how this technique can even bypass a Faraday Cage that is designed to block electromagnetic signals.

Hackers can also use malware to remotely instruct computers to alter the temperature inside their systems, and deploy another remote machine to log the changes, convert them into intelligible information, and send out the data. However, this trick can only work if the two computers are not more than 16 inches away from one another.

According to Kaspersky, most of these techniques to infiltrate air-gapped computers are highly complex and will only be used by foreign intelligence agencies or industrial spies with deep pockets that have a hge interest in the data they are trying to access.

For organisations that use air-gapped computers to store data, the security firm advises that sufficient distance should be ensured between devices to prevent hackers from using one infected device to target another. At the same time, organisations should ban the use of computer audio equipment, limit the infrared functionality of surveillance cameras , shield the premises, reduce LED visibility, and disable USB ports on the air-gapped computer to prevent infection.

This isn't the first time that various techniques have been discovered to exfiltrate data from air-gapped computers. In May, Israeli security researcher Dr Mordechai Guri developed a leftfield technique for extracting data from air-gapped systems. His approach involved creating an acoustic covert channel by turning a PC’s power supplies into speakers.

“Our developed malware can exploit the computer power supply unit (PSU) to play sounds and use it as an out-of-band, secondary speaker with limited capabilities. The malicious code manipulates the internal ‘switching frequency’ of the power supply and hence controls the sound waveforms generated from its capacitors and transformers,” he said.

ALSO READ: Lazarus Group’s DTrack malware infects Indian nuclear power plant

MORE ABOUT: