BitWhisper: Extracting Data From Secured Computers Via Heat
There are always vulnerabilities in every system that a remote attacker can manipulate if they're determined enough, regardless of how secure you may consider your computer to be.
A large number of industrial and government computers systems are isolated from external networks in order to diminish the chances of sensitive material being stolen. This is a fairly common practice called air-gapping, but even preventative measures such as this may not be enough to completely ensure isolated systems against external attackers.
A team of researchers at Isreal's Ben Gurion University have developed a technique that shows how it is possible to set up a two-way communication system with an air-gapped computer. This is a method of gathering sensitive data that the researchers call “BitWhisper”, and it is executed via heat exchange. But although the technique was developed, applied, and is proven to work in a regular office setting, it is one that needs quite a bit of forethought in order to be executed properly.
Two computers sit side-by-side on a desk – a setup that is not uncommon in a standard office environment. One system is connected to the internet while the other remains without connectivity. Often, employees need to perform sensitive tasks on an air-gapped computer while utilizing another computer for internet operations.
For BitWhisper to work, however, both machines (connected and air-gapped) have to be infected with specially designed malware. This is not really an issue for the online machine, but could prove quite tricky on an air-gapped system. Still, even air-gapped computers can contract malware through USB drives, supply chain attacks and so on.
Heating patterns can be generated by instruction of the isolated machine once both systems are infected. This is done by ramping up the CPU or GPU. By using its internal sensors, the nearby internet-connected machine can monitor the fluctuation in temperature from the air-gapped computer and interpret them as a data stream. Commands can also be sent for the online to the isolated machine.
The malware is capable of using heat patterns as a stealthy data stream between the online and air-gapped system. This renders the air-gap irrelevant because all the data extraction occurs via invisible heat signals, and the secure network almost always shows very little to no signs of intrusion. However, the BitWhisper technique isn't the speediest out there. The data rate between the two computers would sit at around eight bits per hour. Even so, this is still enough to retrieve passwords and text files over time.
According to the researchers, any isolated network is vulnerable to BitWhisper if an air-gapped computer sits within fifteen inches of an internet-connected computer. By sending out periodic “thermal pings”, BitWhisper can also search for new connections with other nearby computers. The malware can be instructed to spread to other computers in search of more heat-driven channels as well, once it has settled in the air-gapped network.
In all honesty, though, BitWhisper wouldn't be considered an ideal technique for many external attackers. There are simply too many physical environmental factors to consider with a system as sensitive as this, where something as simple a desk fan or a change in air-conditioning can interfere with or break a connection. Even so, the researchers have to be commended for an ingenious proof-of-concept.
Sources: Flickr's Creative Commons