Researchers recently demonstrated that air-gapped computers can communicate through heat emissions and thermal...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
sensors, which can potentially lead to loss of sensitive data. How does the attack work? Should enterprises be worried about how it could affect embedded systems and the Internet of Things?
State-sponsored attackers and security researchers with significant resources to devote to an attack can find very novel methods to achieve their goals. Knowing that a target environment is using an air-gapped computer -- common in high-security environments like SIPRNet -- gives an attacker a clear starting point in his attack; he knows communication between the classified and nonclassified systems will require something other than traditional IP and network connections.
The attack in question works by installing malware, via a malicious insider or infected USB drives, on two endpoints to transmit a small amount of highly valuable data over a covert channel, which is set up by one device's malware code changing its power consumption to generate more heat. The heat change is then detected by the second device's heat sensor -- heat sensors are common on devices; they turn on a fan to cool the device so it doesn't overheat.
While this is a low-bandwidth communication channel, it could be used to extract valuable data by modulating binary data into thermal signals, which are then received by the thermal sensors of the adjacent computer. However, enterprises do not need to panic unless they think they are targets of state-sponsored or other attackers with significant attack resources.
Nonetheless, organizations may want to ensure they are using strong physical protections on any devices that could be compromised to transmit sensitive data. This will affect any enterprise with high security requirements, and may also affect embedded systems and IoT devices, which could be manipulated remotely to emit heat signals. An enterprise using or manufacturing devices that might be physically targeted to be compromised should use tamper-evident cases. In addition, enterprises should use sufficient shielding on the device to protect it from heat or sound changes, and potentially place the devices in a secure physical location.
Ask the Expert:
Want to ask Nick Lewis a question about enterprise threats? Submit your questions now via email. (All questions are anonymous.)
Learn best practices for implementing an air-gapped computer in the enterprise
Dig Deeper on Secure remote access
Related Q&A from Nick Lewis
Can Structured Threat Information eXpression improve threat intelligence sharing? Nick Lewis breaks down the evolution of the STIX security framework.continue reading
A new type of WordPress malware, WP-Base-SEO, disguises itself as an SEO plug-in that opens backdoors. Nick Lewis explains how it works and how to ...continue reading
A new exploit of CLDAP servers can be used for a DDoS reflection attack that gives attackers a 70x boost. Nick Lewis explains how to defend against ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.