Social Icons

Sunday, June 21, 2015

BITWHISPER: Hidden Channel between Air Gapped Computers using Thermal Manipulations

1.   Any Cyber Security Policy in an organisation makes a clear and confident mention of the term AIR-GAP to reduce any kind of breach between a corporate Intranet PC/Standalone PC and the Internet.Sadly and surprisingly no more it is safe.Yes...the AIR-GAP is possible to be breached.Researchers at the Ben-Gurion University of Israel have recently developed a relatively new method of siphoning classified data off of air-gapped systems called “BitWhisper.” 

2.   The team has developed a method of using CPU load modulation to regulate a victim computer's thermal radiation. By monitoring this fluctuation in temperature via a surrounding system’s pre-existing thermal sensors  allows for a covert channel to be established between the two machines, and thus infiltration into a system previously believed to be secure.

Extract below from "Infiltration of Air-Gapped Systems via Thermal Emissions " by Alex W Luehm, Student, CprE 431" 

The vulnerability of an air-gapped system is the common airspace surrounding the target and attacking computers. By using this common medium, it has been found possible to establish a covert channel between the two machines.BitWhisper, a method established by Israeli researchers,utilizes this common medium to transfer thermal “pings” between the two machines in a predetermined protocol, allowing for the transmission of classified data.

The exploitation is based on two basic principles of modern-day computer systems. 

- The first principle is that physical hardware components of a computer generate and disperse heat. This heat can be generated by various sources such as the power supply, the motherboard, the graphics card, and the CPU.Typically, these thermal emissions are vented away from the computer via a system of rotating fans and ducting in the computer housing. Importantly, these fans are controlled by a series of thermal sensors mounted throughout the computer housing. Under normal circumstances, these sensors ensure that no critical components become too hot and cause damage to surrounding hardware or themselves.
 
- The second principle is that the amount of thermal energy generated and emitted by these components is directly related to the current workload of the computer in question. A system doing more intense calculations over a longer period of time produces a larger increase in the amount of heat emitted.

What the researchers have found, is that by installing a malicious program on the target machine, information could be quite literally emitted by the target in the form of thermal pulses. In addition, these thermal pulses could be detected by a surrounding computer's internal thermal sensors and, by the very same malicious program, decoded into the transmitted data. If one of these systems were connected to the internet, then it would be quite feasible to pass classified data from an air-gapped system to an internet-accessible system for further transmission.These pulses typically were detected as either a raising or lowering of temperature, by 1 – 4 degrees Celsius over a period of time. The spanning distance, arrangement, and type of case of the concerned systems caused varying degrees of transmission rate.

Source of Info : 

3.   Original paper "BitWhisper: Covert Signaling Channel between Air-Gapped Computers using Thermal Manipulations" by Mordechai Guri Matan Monitz, Yisroel Mirski, Yuval Elovici available at http://arxiv.org/abs/1503.07919

0 comments:

Post a Comment