Search This Blog

Sunday, November 27, 2016

Air Gapped Systems (Part 3) - DiskFiltration

The past two post were about extracting data or compromised from air gapped systems via USB flash drive such as Stuxnet or through acoustic sounds generated by the machine's processor and cooling fans called Fansmitter. Researchers at Israel's Ben Gurion University using noises emitted from the device's hard drive.

The attack does require malware be installed on the target. The malware generates the acoustic emissions at specific audio frequencies by controlling the movements of the HDD's actuator arm to specific audio frequencies that can be picked up by a nearby receiver, such as a smartwatch, laptop, or smartphone. It doesn't require the presence of speakers or audio hardware from the target. The attack is effective in a range of six feet at a transfer rate of180 bits per minute.

Countermeasures:

Hardware
SSD
Quite HHD
Dampener cases
Noise detectors
Jammers
Software
HIDS/HIPS
Automatic Acoustic Management (AAM)
Procedural
Zone seperation



No comments:

Post a Comment