BitWhisper: The Heat is on the Air-Gap

Submitted by Cyber Security ... on Mon, 23/03/2015 - 14:31

UPDATE 30 Mar 2015: A draft of the research paper is available for download here

Researcher Mordechai Guri assisted by Matan Monitz and guided by Prof. Yuval Elovici, has uncovered a new method to breach air-gapped systems. Our last finding on air-gap security was published in August of 2014, using a method called Air-Hopper which utilizes FM waves for data exfiltration. The new research initiative, termed BitWhisper, is part of the ongoing research on the topic of air-gap security at the Cyber Security Research Center at Ben-Gurion University. BitWhisper is a demonstration for a covert bi-directional communication channel between two close by air-gapped computers communicating via heat. The method allows bridging the air-gap between the two physically adjacent and compromised computers using their heat emissions and built-in thermal sensors to communicate.
 

The following video presents a proof of concept demonstration:

 

The scenario of two adjacent computers is very prevalent in many organizations in which two computers are situated on a single desk, one being connected to the internal network and the other one connected to the Internet. The method demonstrated can serve both for data leakage for low data packages and for command and control. Guri, whom was recently selected to receive a 2015-2016 IBM PhD Fellowship Award, was also the lead researcher on the AirHopper finding.

The full research paper will be published on this blog soon, so stay tuned. Deeper coverage can be found on Wired. Journalists looking to cover the story and gain early access to the full research paper can contact me, Dudu Mimran, at dudu@dudumimran.com