According to the hackernews, a new way to stole data form air-gapped computer was found. The technique got the name “DiskFiltration” and it is as interesting as it sounds. Air-gapped computers are compuers isolated from the Internet and other devices. Specialists considered for a long time thaty they are the most secure and safest place for storing data in critical infrastructures such as:
- industrial control systems
- financial institutions
- classified military networks.
However, attackers targeted these systems in the past, which proves that these isolated systems are not completely secure.
Previous techniques of hacking air gap computers include:
- AirHopper that turns a computer’s video card into an FM transmitter to capture keystrokes;
- BitWhisper that relies on heat exchange between two computer systems to stealthily siphon passwords or security keys;
- Hacking air-gapped computer using a basic low-end mobile phone with GSM network; and
- Stealing the secret cryptographic key from an air-gapped computer placed in another room using a Side-Channel Attack.
Now, researchers devised a method to steal data from an infected computer although it had no connection to the Internet. For preventing the computer to leak sensitive information stored in it.
The research ignores the way in which an air-gapped computer got infected with malware in the first place. It rather focuses on, once infected, how the malware would be able to transfer data (passwords, cryptographic keys, keylogging data, etc.) stored on the computer, without network, the Internet, USB port, Bluetooth, speakers, or any electronic device connected to it.
A team of researchers from Ben-Gurion University published their finding in a paper titled, “DiskFiltration: Data Exfiltration from Speakerless Air-Gapped Computers via Covert Hard Drive Noise”. They explained a unique technique that uses acoustic signals (or sound signals) emitted from the hard disk drive (HDD) of the targeted air-gapped computer to transfer data.
How DiskFiltration Works?
You might have felt something spinning and generating noise while your computer reads/writes data on a storage hard drive.
That’s the voice coil “actuator” inside your hard drive, which moves on the disk plate while accessing specific parts/blocks of the storage.
The researchers used their malware to manipulate the movements of the actuator to generate acoustic noise (like morse code). Then, they interpreted it into binary data using a smartphone app from six feets away, at a speed of 180 bits per minute, Ars reported.
According to the paper, this technique is fast enough to transmit a 4,096-bit key within 25 minutes through manipulated sound signals emitted from the hard disk drive.
How to Prevent against DiskFiltration-Style Threats?
As a workaround, researchers advised to replace the HDDs (Hard Disk Drives) with SSDs (Solid State Drives). This eliminates the DiskFiltration-style threat, since SSDs are not mechanical, thus generating virtually no noise.
Making use of a particularly quiet type of hard drives or installing the hard drives within special enclosures can also limit the range of emitted noise. Another countermeasure is to jam hard-drive signals by generating static noise in the background.
On software and firmware level, using hard drives that include automatic acoustic management (AAM) could help limiting the emitted noise.
Another solution is to ban smartphones and other types of recording devices nearby of the sensitive air-gapped computers.