Hacking Air-Gapped Computers Using Heat

An air-gapped computer system isolated from the Internet and other computers that are connected to external networks believes to be the most secure computers on the planet -- Yeah?? You need to think again before calling them 'safe'.

A group of Israeli security researchers at the Cyber Security Labs from Ben Gurion University have found a new technique to hack ultra-secure air-gapped computers and retrieve data using only heat emissions and a computer’s built-in thermal sensors.

WHAT IS AIR-GAPPED COMPUTERS ?

Air-gapped computers or systems are considered to be the most secure and safest computer systems. These systems are isolated from the Internet or any other commuters that are connected to the Internet or external network.

Air-gapped systems are used in situations that demand high security because it’s very difficult to siphon data from these systems, as it requires a physical access to the machine which is possible by using removable device such as a USB flash drive or a firewire cable.

Air-gapped computers are classified military networks, the payment networks that process credit and debit card transactions for retailers, and in industrial control systems that operate critical infrastructure of the Nation. Even journalists use them to prevent intruders from remotely accessing sensitive data.

HACKING AIR-GAPPED COMPUTERS USING HEAT

In August 2014, security researchers from Ben Gurion University found a new way to breach an air-gapped system by using a method called Air-Hopper which utilizes little more than a mobile phone’s FM radio signals for data exfiltration.

The same security researchers have now discovered a new technique, dubbed BitWhisper, that could be used by hackers to hack air-gapped computers by utilizing heat exchange between two computer systems.

Dudu Mimran, the CTO of Cyber Security Labs, blogged on Monday, "BitWhisper is a demonstration for a covert bi-directional communication channel between two close by air-gapped computers communicating via heat. The method allows bridging the air-gap between the two physically adjacent and compromised computers using their heat emissions and built-in thermal sensors to communicate."

This new technique would allow hackers to stealthily siphon passwords or security keys from a secured system and send the sensitive data to an Internet-connected system which is placed in close proximity controlled by hackers.

Hackers could also use their Internet-connected system to send malicious commands to the air-gapped computer using the same heat and sensor technique in order to cause more severe danger to the secured infrastructure.