Israeli boffins hack air gap, fire missiles on compromised kit

One of the weirder attacks to bridge air gap networks has emerged, and uses heat to transfer data between machines.

The command and control mechanism forged by Ben Gurion University researchers could transfer sensitive data through "thermal pings" between two physically close computers.

Like many air gap bridges, the so-called BitWhisper attack is limited in that it requires malware to be installed on the sending and receiving machines in order for the very slow data exchange to take place.

Researchers in a demonstration video shows how BitWhisper can be used to trigger a USB toy missile launcher to rotate and fire.

"BitWhisper is a demonstration for a covert bi-directional communication channel between two close by air-gapped computers communicating via heat," Chief technology officer Dudu Mimran says.

"The method allows bridging the air-gap between the two physically adjacent and compromised computers using their heat emissions and built-in thermal sensors to communicate.

"The scenario of two adjacent computers is very prevalent in many organisations in which two computers are situated on a single desk, one being connected to the internal network and the other one connected to the internet."

Attackers will find the most joy in BitWhisper when exfiltrating smaller files and command and control orders, Mimran says.

Data could be shipped between computers stacked on top and next to each other closer than 40cm and can be bi-directional.

Existing thermal sensors are using to pick up the messages sent as pulses of heat.

Eight of these pulses could be sent an hour, sufficient they say to steal passwords and update installed malware.

Planting malware on air gap machines is easier than it sounds; dropping infected USB sticks and DVDs around a target machine or phishing particular staff members often does the job.

Once infection has taken place, attacks like BitWhisper come into their own as a means of reliable command and control and data exfiltration.

Speaking to El Reg in a February feature article on air gap attacks, Mimran and other industry security bods note the initial infection often goes unnoticed since data exfiltration occurs at a later point.

In the time taken between that infection and the formation of air gap bridges like BitWhisper, malware has ample opportunity to collect passwords and other sensitive materials that are being stored on the machine.

The researchers previously revealed the AirHopper air-gap attack in which data was exfiltrated over radio signals sent from a computer's video card. ®