BitWhisper: Extracting Data From Secured Computers Via Heat


There are always vulnerabilities in every system that a remote attacker can manipulate if they're determined enough, regardless of how secure you may consider your computer to be.

A large number of industrial and government computers systems are isolated from external networks in order to diminish the chances of sensitive material being stolen. This is a fairly common practice called air-gapping, but even preventative measures such as this may not be enough to completely ensure isolated systems against external attackers.

A team of researchers at Isreal's Ben Gurion University have developed a technique that shows how it is possible to set up a two-way communication system with an air-gapped computer. This is a method of gathering sensitive data that the researchers call “BitWhisper”, and it is executed via heat exchange. But although the technique was developed, applied, and is proven to work in a regular office setting, it is one that needs quite a bit of forethought in order to be executed properly.

Two computers sit side-by-side on a desk – a setup that is not uncommon in a standard office environment. One system is connected to the internet while the other remains without connectivity. Often, employees need to perform sensitive tasks on an air-gapped computer while utilizing another computer for internet operations.

For BitWhisper to work, however, both machines (connected and air-gapped) have to be infected with specially designed malware. This is not really an issue for the online machine, but could prove quite tricky on an air-gapped system. Still, even air-gapped computers can contract malware through USB drives, supply chain attacks and so on.

Heating patterns can be generated by instruction of the isolated machine once both systems are infected. This is done by ramping up the CPU or GPU. By using its internal sensors, the nearby internet-connected machine can monitor the fluctuation in temperature from the air-gapped computer and interpret them as a data stream. Commands can also be sent for the online to the isolated machine.

The malware is capable of using heat patterns as a stealthy data stream between the online and air-gapped system. This renders the air-gap irrelevant because all the data extraction occurs via invisible heat signals, and the secure network almost always shows very little to no signs of intrusion. However, the BitWhisper technique isn't the speediest out there. The data rate between the two computers would sit at around eight bits per hour. Even so, this is still enough to retrieve passwords and text files over time.

According to the researchers, any isolated network is vulnerable to BitWhisper if an air-gapped computer sits within fifteen inches of an internet-connected computer. By sending out periodic “thermal pings”, BitWhisper can also search for new connections with other nearby computers. The malware can be instructed to spread to other computers in search of more heat-driven channels as well, once it has settled in the air-gapped network.

In all honesty, though, BitWhisper wouldn't be considered an ideal technique for many external attackers. There are simply too many physical environmental factors to consider with a system as sensitive as this, where something as simple a desk fan or a change in air-conditioning can interfere with or break a connection. Even so, the researchers have to be commended for an ingenious proof-of-concept.

Sources: Flickr's Creative Commons

Recommended Posts | Network Management

Best Backup Solution

What is the Best Backup Solution: Online or Local?

Users all face the problems when it comes to backing up and storing their data. Cloud offers online backup service to store data safely. There are many concerns when it comes to trusting data to an online backup service. One of the major concerns is security and paying a fee to store backup online ...
Internet Security

Internet Security 101: How to Protect Your Small Business

As a small business owner, it’s pertinent that you secure your Internet connection and computer against hackers. Today hackers spend time scouring the Internet for any network vulnerabilities and unsecured network connections. As a small business owner your network is vulnerable to online hackers ...
Identifying Trends That Are Changing Network Security

Identifying Trends That Are Changing Network Security

Recently, many dramatic changes have taken place in the network security space because of technology. Companies face a growing challenge to secure their network as they add SaaS, new mobile operating systems, and the use of personal devices in the work environment ...
Troubleshooting with the OSI Model

Troubleshooting with the OSI Model Still Effective

Network technology has changed considerably since the dawn of computer inter-networking. Early commercial networks used x.25, a protocol suite for packet switching. Originally designed to carry voice traffic, x.25 remains in use today for some automated teller machine or credit card verification ...