×
Search TQA Weekly
×
Log into your TQA Weekly

Attackers Infects Air Gapped Devices

How-to infect a computer unattached from any network

Steve Smith explains how air gapped machines get infected and how data is retrieved from such devices to be sent back to the attacker.

Episode #7-43 released on June 24, 2017

Infecting Air Gapped Machines seems like a new crazy idea, and seems like something out of amazingly sophisticated handbook, but the idea has been around for a long time. The technique stems from an old networking file transfer method, known as the Sneakernet. The Sneakernet predates common usage of the Internet of the masses, and allowed for data transfer to be handed off by hand. Diskettes and discs to be more precise. This meant that while getting a particular item was slow, it was harder to track, too. People today often use the Internet to acquire the same items, today. Now, the Sneakernet was, also, how many viruses were acquired back in the day, as well.

An Air gapped computer or device is typically a safer device. Air gapped machines are named as such, because they are not connected to any hard line, or wireless network. Then only way to get data to those machines is by manually transferring the data to them. This makes the infection vector for them much lower.

Using the Sneakernet method of infecting an air gapped machine, makes it possible to infect the device, but communicating data back and forth is troublesome, and almost impossible. At least, this is what most of us would believe. There are ways of making networks beyond cables, and WIFI, that many aren't aware of. Some of these methods include acoustic and light, which can use our microphones and webcams to transmit information between devices, with signals well outside our level of perception. There are other methods, such as seismic, magnetic, thermal, RF and portable multimedia, however each of those methods present more difficulty in being applied to a person who uses an air gapped device, because either the hardware does not exist, or timeline for data acquisition is unforeseeable.

For those wondering, the range of such a covert networking protocol has been demonstrated plausible up to 65 feet between two devices, and much further with a proper mesh network being deployed, which means that anyone who wishes to infect and communicate information from any device, possibly could. The next problem is, because of the CIA losing their own hacking technology, this could present itself as a very possible issue. And, due to the nature of virus creation, no device, nor operating system is safe from these methods, or attacks.

However, don't take my word for it, follow the breadcrumbs all the way home with my sources. Look at it for yourself. And, while you are at it, remember Stuxnet? This was an infection made possible by a Sneakernet attack. If anyone can infect an Iranian nuclear program facility, who knows what else people can do in less secure places.

Host : Steve Smith | Music : | Editor : Steve Smith | Producer : Zed Axis Dot Net

Sources & Resources