Logicaly removed and physically separated from unsecured public networks, “Air Gapping” a system is way to ensure security on a system. The idea being if the system is not connected to the public network it is considered less risky and thus less vulnerable to get a threat. But as technology advances that is becoming more of a pain and work to achieve. Researchers at the Cyber Security Research Center in Israel have found a way to transmit data from an “air-gapped” computer using software installed on an USB drive and a nearby receiver with a radio frequency (RF) antenna. The software on the USB drive (USBee, created by the CSRC) can generate controlled RF emissions from a data bus of a USB connector and send data to a nearby receiver at 80 bytes per second. This is interesting to me because they were able to use the internal resources of the computer to pretty much create a transmitter out of a simple portable storage device using code, that’s impressive! Protecting “air-gapped” systems not only requires separating it from unsecured networks but also shielding the containing room in a location away from antennas and quite possibly removing USB ports or creating systems with the minimum amount of hidden USB ports that would be available to only those that need access.
http://www.darkreading.com/vulnerabilities—threats/air-gapped-systems-foiled-again-via-usb-drive-/d/d-id/1326803
http://in.bgu.ac.il/en/Pages/news/datastolen_usb.aspx
Leave a Reply
You must be logged in to post a comment.