[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] Stealing Data From Computers Using Heat
From:       InfoSec News <alerts () infosecnews ! org>
Date:       2015-03-25 7:23:31
Message-ID: alpine.DEB.2.02.1503250723200.29895 () infosecnews ! org
[Download RAW message or body]

http://www.wired.com/2015/03/stealing-data-computers-using-heat/

By Kim Zetter
Security
Wired.com
03.23.15

AIR-GAPPED SYSTEMS, WHICH are isolated from the Internet and are not 
connected to other systems that are connected to the Internet, are used in 
situations that demand high security because they make siphoning data from 
them difficult.

Air-gapped systems are used in classified military networks, the payment 
networks that process credit and debit card transactions for retailers, 
and in industrial control systems that operate critical infrastructure. 
Even journalists use them to prevent intruders from remotely accessing 
sensitive data. To siphon data from an air-gapped system generally 
requires physical access to the machine, using removable media like a USB 
flash drive or a firewire cable to connect the air-gapped system directly 
to another computer.

But security researchers at Ben Gurion University in Israel have found a 
way to retrieve data from an air-gapped computer using only heat emissions 
and a computer's built-in thermal sensors. The method would allow 
attackers to surreptitiously siphon passwords or security keys from a 
protected system and transmit the data to an internet-connected system 
that's in close proximity and that the attackers control. They could also 
use the internet-connected system to send malicious commands to the 
air-gapped system using the same heat and sensor technique.

In a video demonstration produced by the researchers, they show how they 
were able to send a command from one computer to an adjacent air-gapped 
machine to re-position a missile-launch toy the air-gapped system 
controlled.

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/

[prev in list] [next in list] [prev in thread] [next in thread]