[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] Stealing Data From Computers Using Heat
From: InfoSec News <alerts () infosecnews ! org>
Date: 2015-03-25 7:23:31
Message-ID: alpine.DEB.2.02.1503250723200.29895 () infosecnews ! org
[Download RAW message or body]
http://www.wired.com/2015/03/stealing-data-computers-using-heat/
By Kim Zetter
Security
Wired.com
03.23.15
AIR-GAPPED SYSTEMS, WHICH are isolated from the Internet and are not
connected to other systems that are connected to the Internet, are used in
situations that demand high security because they make siphoning data from
them difficult.
Air-gapped systems are used in classified military networks, the payment
networks that process credit and debit card transactions for retailers,
and in industrial control systems that operate critical infrastructure.
Even journalists use them to prevent intruders from remotely accessing
sensitive data. To siphon data from an air-gapped system generally
requires physical access to the machine, using removable media like a USB
flash drive or a firewire cable to connect the air-gapped system directly
to another computer.
But security researchers at Ben Gurion University in Israel have found a
way to retrieve data from an air-gapped computer using only heat emissions
and a computer's built-in thermal sensors. The method would allow
attackers to surreptitiously siphon passwords or security keys from a
protected system and transmit the data to an internet-connected system
that's in close proximity and that the attackers control. They could also
use the internet-connected system to send malicious commands to the
air-gapped system using the same heat and sensor technique.
In a video demonstration produced by the researchers, they show how they
were able to send a command from one computer to an adjacent air-gapped
machine to re-position a missile-launch toy the air-gapped system
controlled.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic