Air-gapped computers have long been thought to represent the ultimate in security, and that may very well be true. As a result, though, there is an inherent challenge to prove that wrong. Researchers have demonstrated lots of ways they’re able to penetrate the air gap and exfiltrate data, including heat emissions, HDD LEDs, infrared cameras, magnetic fields, power lines, router LEDs, scanners, screen brightness, USB devices, and noise from hard drives. For more information on these maneuvers, Security Week provides links here.
The same article reports that researchers have now demonstrated an ability to accomplish the same exfiltration by using a malware-equipped smartphone placed on the same surface. Malware placed on the computer encodes data and transmits it through the vibrations generated by the fans used to cool the equipment. The fans modulate the encoded data, and the smartphone demodulates it. Just like a MODEM, only different.
Hot And Bothered
The good news is that researchers have the time and resources to expose these vulnerabilities, presumably ahead of the bad guys. The bad news is that the horizon seems rife with opportunities for the bad guys to exploit, and that’s just with the machine part of the equation. Once you factor in the human element, the possibilities seem almost endless.
The best news is that ICS has been doing this for a long time, and we supplement that experience with an insatiable appetite for innovation and improvement. We’re always trying to get better, and that keeps us at the leading edge of cybersecurity.
So call ICS today. Your phone’s right there, next to your computer, and the fan’s running.