The Stack Archive

Scientists hack air-gapped system using heat

Tue 24 Mar 2015

Air gap hack

Researchers at Ben-Gurion University have discovered a hacking technique, termed BitWhisper, which can take control of secure computer systems by shooting blasts of hot air and tricking the thermal sensors.

The Israeli research team performed the tests which resulted in an air-gapped computer system being hacked. Air-gapping is a security method whereby information stored on a computer can be protected by closing off all access to the internet. It is often used in secret military operations and other high security situations to guarantee that no data is leaked to the public.

The scientists found that by firing bursts of hot air at a specific temperature they were able to manipulate the thermal sensors of the air-gapped computers. They took this technique and applied a malware designed to detect the hot air as binary code in order that messages sent to the secure systems could action requests – in this case launching a model missile-launch toy.

The hacking method could also be used to steal passwords and authentication keys from the breached networks and send them on to an internet-connected device nearby, allowing for eventual control by the attackers.

Until now, air-gapped systems could only be compromised by hooking them up to another computer or connecting them to removable storage in order to transfer files directly.

The new exploit is still in early days of development and leaves a number of issues unresolved. Firstly, the system must be infected with malware which is a difficult feat with no internet connection. Secondly, the systems have to be very close to each other, at less than 15 inches apart, and lastly the current maximum transfer is only eight bits.

The technique does however throw the security of air-gapping solutions into question, particularly with the rise of the internet of things and connected devices, such as smart heaters, whose proximity to secure networks may pose a risk.


hacking news research security
Send us a correction about this article Send us a news tip