New Malware Defeats “Air Gap” To Transmit Data Via LED Light
An “air gap” in computer security is a form of protection in which the designated computer is shielded from any network access whatsoever, effectively protecting it from hackers, malware, and other internet related threats. The result is a truly standalone machine that cannot transmit data in or out except by physical means such as USB, CD-ROM or disk. A new strain of malware has defeated the air gap, however, by enabling access to the blinking LED light that typically indicates hard disk activity on most computers. A camera then records this data and processes it.
This Hollywood-esque espionage technique was recently demonstrated by security experts at Ben-Gurion’s cybersecurity lab, and showcased in a video featured at WIRED magazine’s Threat Level blog.
If a potential attacker could somehow get someone – an accomplice or a thief – to plant the malware on the target computer, he could then use a camera via drone or window to record the LED light signals to transmit data. This is a new and relatively unknown technique, but in the way that White Hat hackers unveil zero day threats such as these to enable the security community to devise methods to protect and defend against such techniques it’s a very educational and useful revelation.
The LED hard drive light is controllable to up to 6,000 blinks per second, which is a very effective way to transmit data in a 0 and 1 form.
This technique is similar to different hacking techniques that use the computer’s fans to transmit data using the ultrasonic noise that the fans emit, and has it’s own strengths and limitations. Obviously the light must be visible to the hackers, whether across a room or through a window of sorts. Additionally it still requires an infection with the malware itself. Data transmission was measured by Ben-Gurion at around 4000 bits per second using a highly sensitive Siemens photodiode sensor, that was able to capture the high intensity LED flashes at a blistering framerate.
Air Gaps are not entirely perfect. There have been a couple of methods that the gap can successfully be breached. Stuxnet was one such method that the American and Israeli military used to breach Iranian nuclear enrichment facilities.
Some companies attempt to simulate an air gap by using software firewall, but this is not a true air gap. A truly air gap protected machine is physically isolated from network connections of every sort, and only obtains and sends data through removable means.
As hacking becomes more and more sophisticated in response to the ever-increasing use of computers and networks, it may be necessary to move backwards to more “obsolete” analog equipment in order to avoid crippling hacking attacks in future emergencies and warfare. In the hit TV series “Battlestar Gallactica,” the starring ship of the same name was immune to Cylon attack simply because it was obsolete, and had no network to infect by the advanced cyborg Cylons.