I’m going to air gap my computer, so I don’t have to worry about viruses, malware, ransomware, and other security threats.
A typical security measure to prevent access to extremely sensitive data is to air gap the machines accessing the data, so the machines are not connected to external networks including the Internet. However, researchers have developed multiple communication paths that circumvent computers on air gap networks.
Electromagnetic. Reading EM radiation from the memory bus to leakage from USB ports and cables. [Fix: EM shielding]
Acoustic. Popular because hacked smartphone microphones can pick up audio signals that humans can’t differentiate from background hum. A recent trend is using ultrasonic sounds which are inaudible and offer higher bandwidth.
Thermal. While this has been demonstrated but the bandwidth is only a few tens of bits per second over a short distance.
Optical. Ubiquitous LEDs on almost any system can transmit significant amounts of data to a watching surveillance camera
Power Lines. Both sending data over powerlines inside the target building and outside the electrical service panel.
The research has turned into actual data hacks via air gaps.
- NSA & Israel developed Stuxnet and Flame penetrated air-gapped Iranian computers a decade ago to sabotage Iran’s nuclear program. Stuxnet was targeted at air-gapped computers controlling centrifuges.
- HVACKer is malware utilizing HVAC systems. Often HVAC systems can be used to send commands into the air gap machines. The source of the Target data breach was a provider of HVAC systems.
- Cold offline crypto-wallets have been hacked. Malware called Bridgeware can leak a bitcoin private key over air gap via ultrasonic signals in only 3 seconds.
- Mosquito is a technique to transmit data between two computers using a speaker to speaker communication w/o a microphone.
Air gapping machines and data can still be a valuable extra layer of defense for protecting sensitive data. Recommended actions to get the most of your air gap solution:
- Secure the machine offsite or in safeguarded room
- Make sure all cables to the machine is adequately shielded
- Plug unused USB slots with the USB Port Blocker
- Plug machine into an uninterruptable power supply to disguise power signature.
- Turn the machine off when it is not in use (and unplug it from power)
- Replace standard hard drives with SSD and
- Encrypt your data. File encryption can be implemented such that if a file ever got outside the air gap network, the contents could not be accessed.
SecureCircle can provide a data protection solution that regardless if the source information is stored on an air-gapped machine or stored in a public cloud storage location, data is always protected from unauthorized access. SecureCircle’s patent-pending Transparent File Encryption is Always Encrypted, Always Retractable, Always Tracked, and Always Portable.