14 DAY TRIAL // Communication between two computers that are not connected to each other, or the Internet, can be achieved by using the heat generated by data processing and the built-in thermal sensors, researchers have found.
Computer systems separated this way are called air-gapped, and they are used in highly sensitive environments where information has to be protected by the strongest security measures.
Such conditions exist in industrial control systems that are part of critical infrastructure and even for financial processing machines, which need to be disconnected from any source that might cause their compromise.
Hardware components’ heat emission used to deliver commands
Called BitWhisper, the method consists in emitting certain heat patterns from one computer, which are translated into commands executed by another system in close proximity.
Ben Gurion University researcher Mordechai Guri conducted the experiments that lead to demonstrating the heat-based data exchange, assisted by Matan Munitz and under the guidance of Professor Yuval Elovici.
Thermal sensors exist in electronic devices to make sure that safeguards such as cooling fans or liquid, are deployed if overheating components (CPU, GPU, motherboard) threatens to damage them.
“By regulating the heating patterns, binary data is modulated into thermal signals. In turn, the adjacent PC uses its built-in thermal sensors to measure the environmental changes. These changes are then sampled, processed, and demodulated into binary data,” the paper explains.
To control the heat emission, software used for stressing the CPU and GPU components is used. The thermal effects on the close-by unit were observed and then the tests were tweaked to eliminate false positive heating that would trigger commands based on user activity (web browsing, YouTube watching, Word editing) or rise in ambient temperature.
Method has its quirks but it is still a valid one
BitWhisper is both bidirectional, so communication goes both ways, and it does not rely on extra hardware components.
This is in contrast with other experiments on exfiltrating data from air-gapped networks, such as the one demonstrated last year by Professor Elovici to Shimon Peres, when it was shown that data can be stolen from an isolated system via a mobile phone that picked up acoustic and electromagnetic emanations from different hardware components.
Once the mobile phone would gain access to the Internet, all the details would be exfiltrated to the attacker, who could be anywhere in the world.
However, BitWhisper has some limitations, one of them being that both computers swapping information have to be compromised for data transmission to occur.
On the same note, the paper, which has not been published publicly yet, notes that only eight bits of data can be exchanged, making the method suitable for stealing low amounts of information or for passing short commands to the targeted device. This restriction would work for picking passwords or secret keys, though, a significant reward in any attack phase.
Also, with malware already planted, the scheme is fitting for delivering instructions to the nefarious piece, which could tamper with sensitive setups reachable from the network.
Attack scenario is not far-fetched
The paper explains that the challenge of an attack relying on BitWhisper consists in compromising the isolated systems, since the web-connected ones are easier to access. This could be done by poisoning the supply chain, using an insider or through an infected device.
Researchers say that the connection between the infected computers is established by sending “thermal pings” to locate them and create the compromised network. If a networked system is encountered, then the attacker can control the data exfiltration and command delivery processes.
Increased success of an operation can also be attained by deploying the attack outside work hours, when the computer is idle. Researchers say that this “can reduce the potential of interference caused by internal heat generation. The attacker may also program the receiving code to limit the CPU usage of other processes during signal reception.”
For a BitWhisper attack to work, the devices need to be placed at a distance no greater than 40cm / 15.7in from each other. This is well within the range nearby systems would be at in an office or an air-gapped structure, since these require human intervention for getting data in or out.
In a video demonstration (included below), the researchers show how a toy missile launcher hooked via USB to an air-gapped unit is controlled through heat-delivered commands from a different computer.
Ben Gurion University researchers prove that heat emissions and built-in thermal sensors can create a communication channel with an isolated system:
