Your air-gapped computers aren’t safe from computer hacking

May 18, 20185 minute read

Select article text below to share directly to Twitter!


One of the most rock-solid ways to keep a device safe from computer hacking, as any self-respecting nerd knows, is to completely disconnect it from the network. That's why air-gapped computers, isolated from the outside world like little hermit islands, are considered more secure than their plugged-in counterparts.

Now, in a stunning turn of events, researchers have discovered not just one but several covert methods of extracting data from air-gapped computers. It may sound like something straight out of MacGyver or Mission Impossible, but it's real—and it's happening. Here's how hackers are getting into air-gapped computers and what you can do about it.

Beware the ultrasonic "open sesame"

The earliest method hackers developed for breaking into air-gapped computers was listening to electromagnetic (EM) radiation emanating from the memory bus, USB ports, or cables, which they could silently pull off from an adjacent room. In doing so, they could suss out the target's secret decryption key and peek at all the juicy data that would've been hidden from view otherwise. But this method is old now—hackers have widely exploited it, and manufacturers responded by including EM shielding in their products to prevent it from happening in the future.

Acoustic channels are another attack vector digital villains can use to compromise air-gapped devices. Some smartphones have microphones that can pick up audio signals that may not sound like much to you—just background noise—but these signals can actually amount to a secret, stealthy open sesame. Ultrasonic sounds can issue commands at frequencies you can't hear, silently commandeering your devices. Security researchers have demonstrated the ability to pilfer data from an air-gapped computer using the sound of the cooling fans that keep it from overheating. As WIRED reports, they can nab encryption keys, acquire usernames and passwords, and even engage in keylogging using this technique—from about 25 feet away.

Computer hacking has even gone thermal to a certain extent. It's possible to obtain data from an air-gapped computer using its heat emissions and built-in thermal sensors, grabbing security keys and login credentials that could then be used to compromise systems within a range of about 40 centimeters. For this attack to work, though, all systems involved must first be compromised with malware, and this attack vector only supports data transmission at about the rate of eight bits per hour, which doesn't really allow anyone to make off with an appreciable amount of data, so you may not have to worry about this type of incursion just yet.

Don't trust that flickering LED

Optical attacks represent a potent threat to your air-gapped PCs and other endpoints, so brace yourself for this possibility. Just about every piece of technology out there, from smartphones to laptops and beyond, includes LEDs that can be hijacked to transmit data—and hackers are coming after these attack vectors, too.

As ZDNet explains, LEDs typically indicate whether a camera on a laptop is active or data is being transmitted. But you generally can't tell whether an LED has been compromised—at least not by looking at its soft, flickering light. Meanwhile, that same, seemingly benign incandescence could visually transmit almost a megabyte of data every half hour to any device within line of sight, and therein lies the problem.

Hackers can use LEDs on storage drives to transmit data at speeds up to 4 kbps by using surveillance cameras as optical receivers. Newer smartphones also come with infrared LEDs that are vulnerable. Even your printers and copiers might not be safe: The LEDs found in these machines may be at risk of falling prey to this type of attack. In other words, optical attack vectors pose a major endpoint security risk. Given how ubiquitous LEDs are at the office, it's not hard to understand why hackers consider them appealing targets—they're everywhere, and they could be coughing up your data.

Protect your air-gapped devices

Clearly, hackers will stop at nothing to get your data. What can you do to ward off these exotic exploits coming out of left field? A lot of them depend on physical proximity to the device, so consider sequestering it off-site or in a specially protected room, away from windows. Make sure all cables connecting to the machine are properly shielded; that should fend off those EM attacks discussed earlier. You may also want to disable audio input and output, plug any unused USB ports, and tape over LEDs, so they can't transmit data.

Beyond that, shut down any air-gapped computer or device when not in use, and take care to unplug its cables, including the power cable, afterward. Solid-state drives provide better protection than standard hard drives, and encryption is a must. It's wise to practice good endpoint security, as well: Strong printer device security, for example, can keep your printers from being hijacked by malware during such an attack.

Finally, don't forget the human element. It only takes one unwitting user to plug an infected USB drive into an air-gapped device—and then, it's game over. With that in mind, make sure to teach your colleagues about these exploits in your security awareness training sessions.

Hackers are relentless, exploiting every vulnerability you've thought of—and even some you haven't—to get at your data. But by understanding how attacks against air-gapped devices work and taking proactive steps to prevent them from happening, you can protect your business from this sneaky threat.

  • Recommended for you
  • Recommended for You