Israeli security researchers claim to have discovered a new way to jump supposedly secure air-gapped systems via heat emissions.
The so-called BitWhisper project was developed by a team at Ben-Gurion University of the Negev (BGU) led by Mordechai Guri.
If two air-gapped computers are placed no more than 40cms apart and malware is downloaded onto each, the researchers can enable the systems to communicate with each other via heat emissions.
By regulating heat patterns, they were able to turn binary data into thermal signals which the machine next door measures using built-in thermal sensors and converts back into data, an explanatory note claimed.
“These properties enable the attacker to hack information from inside an air-gapped network, as well as transmit commands to it,” the research team said in a statement.
“Only eight signals per hour are sufficient to steal sensitive information such as passwords or secret keys. No additional hardware or software is required. Furthermore, the attacker can use BitWhisper to directly control malware actions inside the network and receive feedback.”
Air-gapping is a network security technique for isolating a secure computer or network from an unsecured network – commonly the public internet.
According to the researchers, computers of different security levels are often situated next to each other inside an organization, making BitWhisper a possibility.
As for getting malware on the air-gapped machine – it could be possible via infected removable media or a malicious insider, for example.
However, security experts were skeptical about whether the technique could be used effectively outside of laboratory conditions.
F-Secure special adviser, Sean Sullivan, claimed that “only a handful of organizations in the world” need to worry about this kind of attack scenario.
“From an OPSEC point of view, it might be better to limit malware to only one network rather than two,” he told Infosecurity.
“In other words – infect the air-gapped network via USB – and go back for the information retrieval via USB. As opposed to – infected the air-gapped network, and also infect the internet connected network – and then have the malware talk to the other malware via heat. I think only some very specialized cases exist in which this should be a real concern.”