It’s not as flashy as it sounds. Not to say it’s not a viable attack. But “air-gapped” is a bit of a stretch. In the article, they describe the system as airgapped, but only after you already injected malware into it, and kidnapped a CCTV or brought a smartwatch/phone/something-with-a-camera near the computer.
I thought it would be something much more fancy, but it’s almost a five-dollar-wrench system. When it said “air-gapped” I thought they only listened to a “clean” system. I assumed it’s something like this - or even earlier systems that did such things on air-gapped systems.
For security-minded people, is this type of attack considered as air-gap-crossing if you had to access the system first?
I mean, I guess technically it is getting the data out over the air, not via the usual computer networks. It just requires a prior hack as well.
I thought it would be something much more fancy, but it’s almost a five-dollar-wrench system
It’s more of an evil maid attack. Bribe the cleaners to plug a USB device into a sensitive system and inject the malware from there. Or just leave the USB device in the carpark and wait for someone to pick it up and plug it in. Injecting malware is often easier than exfiltrating data.
The much more fun variant of this attack involved some USB keyboards with a built-in hub and vulnerable firmware. You could install a keylogger in the keyboard that would record to internal flash and then dump it to a USB key when one with the right name was inserted.
It seems like this has been done only because academia demands publishing novel methods.
In practice I think a bigger worry is that every piece of hardware can be turned into a radio if you can fluctuate its power usage, and every wire can be an antenna.
The research group behind it has a bit of a rep (not entirely positive) for the “side-channel-whatever-tech”, for a more exhaustive list with highs and lows: https://orenlab.sise.bgu.ac.il/Publications
It’s not as flashy as it sounds. Not to say it’s not a viable attack. But “air-gapped” is a bit of a stretch. In the article, they describe the system as airgapped, but only after you already injected malware into it, and kidnapped a CCTV or brought a smartwatch/phone/something-with-a-camera near the computer.
I thought it would be something much more fancy, but it’s almost a five-dollar-wrench system. When it said “air-gapped” I thought they only listened to a “clean” system. I assumed it’s something like this - or even earlier systems that did such things on air-gapped systems.
For security-minded people, is this type of attack considered as air-gap-crossing if you had to access the system first?
I mean, I guess technically it is getting the data out over the air, not via the usual computer networks. It just requires a prior hack as well.
It’s more of an evil maid attack. Bribe the cleaners to plug a USB device into a sensitive system and inject the malware from there. Or just leave the USB device in the carpark and wait for someone to pick it up and plug it in. Injecting malware is often easier than exfiltrating data.
The much more fun variant of this attack involved some USB keyboards with a built-in hub and vulnerable firmware. You could install a keylogger in the keyboard that would record to internal flash and then dump it to a USB key when one with the right name was inserted.
Cue sysadmins running around putting electric isolation tape over the LEDs on the keys…
It seems like this has been done only because academia demands publishing novel methods.
In practice I think a bigger worry is that every piece of hardware can be turned into a radio if you can fluctuate its power usage, and every wire can be an antenna.
The research group behind it has a bit of a rep (not entirely positive) for the “side-channel-whatever-tech”, for a more exhaustive list with highs and lows: https://orenlab.sise.bgu.ac.il/Publications
(2019)
Also this exfil method is well documented for the USB Rubber Ducky: The Keystroke Reflection Attack
D’oh, didn’t see the date. Updated the title