Three Ways to Communicate with Air-Gapped Systems

Air Gap is a network measure that physically isolates computers or networks from other networks such as the Public Internet or unsecured local area network. It can be found at many places when there is extremely sensitive information stored on those computers or networks.

Is Air Gap 100% safe? No, not 100%. In addition to human factors, you may have heard of many other ways that can establish a channel with other devices without any (physical) connections, such as USB drive, WiFi or other traditional media. Let’s have a look some of them:

  1. Acoustic Signaling

After tampering with this particular computer’s BIOS file, this computer will start transmitting data by utilizing the speakers of the computer and sending it on a frequency that is beyond human beings’ earshot. A microphone will be installed within the range to collect data. Vice versa, a hacker will also be able send malicious instructions to this computer by this way. Sounds scary enough, right? Not there yet. It even can be expended to a multi-hop mesh network. In other words, it can be a massive covert network. Read more

  1. AirHopper

At an Air-Gapped location, all Mobile Phones are usually asked to be checked in at a secured locker. A mobile phone can still be used as the intended receiver of maliciously crafted radio signals emitted from the screen of the isolated computer. How come this can happen? The main idea behind the research is to use radio frequencies in order to transmit the secret data from the computer to the mobile phone. Mobile phones usually come equipped with FM radio receivers and it is already known that software can intentionally create radio emissions from a video display unit. Yes, from the computer screen. Read more

  1. Heat

Yes, you heard me: Heat, the heat emitted from computers. During normal operations of a computer, it always produces heat. To prevent the accumulation of heat, many thermal sensors and fans are installed. Once it detects the heat fluctuations, it will trigger an internal fan to cool down the system. A recent research shows a hacker can utilize these thermal sensors to send and receive binary data at a rate of 8 bits per hour with a range of approximately 15 inches. It may seem to be very restrict. But the researcher notes that it is not an uncommon scenario since air-gapped systems often sit on desktops alongside Internet-connected ones so that workers can easily access both. Read more

After we discussed these methods, the first thing that came to my mind was that it was scary. With the idea of Internet of Things (IoT), we started connecting everything to the Internet, such as refrigerators, TVs, Blue-ray Players, even lights and Air Conditioners. Think about this: many computers now have light sensors that dynamically set the brightness of your screen according to background light to conserve energy. If the hacker gains the control of your light, he can send malicious commands to your computer by turning on and off the light in that room and the light sensor is used to receive the data. If there is a light sensor in the room, data can be transmitted to outside by turning on and off the screen of the computer. In some cases, the motion sensor and vibrator in your mobile phone or even Air Conditioners can also be used to transmit data.