Hacking Air Gapped Systems

News from the world of advanced surveillance.

“Air Gapped” systems means, there are no (conventional) network connections to the outside world.  No ethernet, no wifi, no bluetooth, nothing.   Air gapped systems are often considered the gold standard of secure (PRIVATE) systems, because there is simply no network connection.   The only more secure system is one that is powered off and unplugged, perhaps disassembled.

So how can anyone hack such am air gapped system and take data out?

https://www.wired.com/2017/02/malware-sends-stolen-data-drone-just-pcs-blinking-led/

Look ma, no (conventional) network connection.   Malware brought in by USB, DVD, or other files, infects the standalone system.  Then the blinking LED transmits the contents to the camera outside (perhaps on a drone outside the window).
That’s why REAL computer rooms don’t have windows.  SCIF‘s are soundproof, lightproof, and many other-things proof, including radio and electric signals, sound, and vibrations.
From the end of the article:  “the simplest countermeasure by far is simply to cover the computer’s LED itself. Once, a piece of tape over a laptop’s webcam was a sign of paranoia. Soon, a piece of tape obscuring a computer’s hard drive LED may be the real hallmark of someone who imagines a spy drone at every window.”
Advertisements