Data from an isolated computer learned to transfer noise from the hard disk
This method allows to obtain information of small volume. For example, cryptographic keys
A group of Israeli scientists has developed a new technology of data theft from PCs, which are isolated from the Internet and local networks with a low level of security. This method of protecting computer systems is called an “air gap” (air gap) and consists of physical isolation. A “gap” is considered to be various kinds of cryptographic devices that provide data transmission over a separate communication channel or a method of transmitting information on different drives instead of transferring over a network.
Similar methods have previously been proposed by information security experts. For example, the AirHopper technology involves the use of the FM module of a mobile device to intercept and analyze the electromagnetic radiation of a PC graphics adapter. Even ordinary coolers can become a source of data leakage from a PC (the Fansmitter method). The method of obtaining private information proposed by Israeli experts, called DiskFiltration.
It involves the installation of a special program that will manipulate the disk positioner (actuator arm). The purpose of all this is to make the actuator perform movements in a certain way, making sounds in a certain order. The length of the sound wave in this case will change, and when deciphering the signals of the positioner, the specialists receive zeros and ones. To obtain this information, you need to place a mobile device with a microphone near the target device. It can be a smartphone, laptop or some other device.
“The air gap is considered to be an almost perfect measure of PC isolation, which helps prevent data leakage. Personal information, business data - all this is stored in isolated networks. We showed that despite the degree of isolation, the data can be extracted, ” saysMordechai Guri, Head of Research.
This method can be applied not only to physically isolated from computer systems networks. It can also be used to steal data from computers that are connected to the Internet, but are protected by special software (firewalls, cryptographic systems). The results of their work, scientists outlined in an already published article.
The method developed by Israeli specialists is not very fast. So far, it should be taken as evidence of the possibility of data theft from physically isolated networks. The fact is that using this method involves installing malware onto a protected computer. After installing this software, it will control the operation of the disk positioner. The speed of information transfer during the experiments was 180 bits per minute. And it should also be noted that next to the PC from which information is to be stolen, there must be a mobile device with a microphone and a special program for intercepting sound signals.
The authors, who developed DiskFiltration, argue that with its help it will not be possible to steal any volume data. Too slow data transfer. But secret keys, passwords - it is quite possible to consider such information. It will take a quarter of an hour to transfer a 4096-bit key.
“It has already been proven that malicious software can extract data from a PC that is protected by an“ air gap ”by transmitting ultrasound through the speakers of a protected PC. But this method depends on whether the computer has speakers. Our method, DiskFiltration, makes it possible to leak data from a PC without speakers, using acoustic signals that are generated by hard drives, ”the researchers say. In 2013, the possibility of theft of information from an isolated PC using ultrasound was shown by specialists from Germany.
DiskFiltration works even if the hard disk is very quiet. The most effective method of protection against DiskFiltration is using SSD instead of hard drives and hybrid SHDD drives. If this is not possible for some reason, the sound that makes a mechanical disk can be jammed with a special protective housing. The acoustic method of protection also performed well - in this case it is enough to generate a static acoustic signal. And the last thing that DiskFiltration developers advise is to avoid the appearance of devices with a microphone near isolated PCs.