Air gap security beaten by turning PC capacitors into speakers

Researchers have poked another small hole in air gapped security by showing how the electronics inside computer power supply units (PSUs) can be turned into covert data transmission devices.

Normally, if a computer is physically isolated from other computers it is seen as being more secure because there is no channel for data to be transmitted in or out of the device.

Used for decades by the military, today the concept is now often used to secure computers used for secure tasks such as internal bank transfers, or to isolate medical equipment controlled by software such as MRI scanners.

However, the famous Stuxnet attack on Iran in 2010 showed how air gapping could be beaten using infected USB sticks, since when researchers have started exploring more unusual methods to achieve the same end.

The latest technique, called POWER-SUPPLaY by Mordechai Guri of Ben-Gurion University of the Negev in Israel, involved malware manipulating the current in the PSU’s electrical components to generate ultrasonic sound waves.

This, apparently, is the phenomenon of the “singing capacitor”, through which the PSU can be turned into a speaker of sorts.

Although the volume of data that can be communicated in this way is a tiny 50 bits/sec, Guri has posted a video as a simple proof-of-concept that demonstrates how even this modest throughput can still transmit characters, including passwords, typed on the target computer to a nearby smartphone.

None of this would be audible to someone using the target computer, or detectable by conventional security, which might be useful in specific types of attack scenario:

This technique allows sonic and ultrasonic audio tones to be generated from a various types of computers and devices even when audio hardware is blocked, disabled, or not present.

A big limitation is that the range is as small as the data throughput – barely five metres at most – which would surely limit its usefulness. Background noise would limit this even more.

It was also beyond the scope of the research to come up with a way of sneaking the malware that generates the signal on to the air gapped computer.

What the research does achieve, however, is to add to the lengthening and ever more ingenious methods researchers at Ben-Gurion University of the Negev have found to sneak data out of computers using almost any component.

This includes using speakers, PSU fans, hard drive LEDs, keyboard LEDs, infrared cameras, and even a technique for exfiltrating data from devices inside Faraday cages that block all electromagnetic signals – and this list is by no means exhaustive.

It seems no air gap is good enough to stop these researchers even if all of them would be difficult to use in real-world scenarios.

Where does this leave air gaps as a concept?

The US Defense Advanced Research Projects Agency (DARPA) is now concerned enough about the attacks to fund research into how computer isolation could be re-thought.

The fundamental problem is that computing devices are now too complex at every level of their design and operation for air to offer the isolation it once did.

There are too many components with unusual properties, while even simple devices such as those found on Internet of Things (IoT) networks can run complex software.

Finding ways to beat air gaps might seem like an esoteric subject but understanding the possibilities could yet redefine how the next generation of hopefully ultra-secure computers is specified.


Latest Naked Security podcast

LISTEN NOW

Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.