Hacking using Heat

Security prodigies of Ben Gurion University are working to develop a technique with which they would be able to harvest data even from an air-gapped system. Air-gapped system (scratching head), What's that?  let's have a look.

An air-gapped system is a security measure for a system in which the particular machine is totally isolated electromagnetically, electronically and physically i.e. this machine is not connected to any of the public networks or any other unsecured network in order to minimize the risk of breaching. The only way to interact or transfer data with this system is to use removable drives - flash drive, CDs.  Since these types of systems are considered to be more secure than others, so these are used to store some of the most sensitive and classified information in many fields which includes military, stock exchange, nuclear plants etc. Despite all these firewalls, researchers have now developed the way to even extract data from these sophisticated systems and they call this method as "BitWhisper". They claim that BitWhisper can even be used for two way communication i.e. it can also be used to instruct the air-gapped system. Ooo. So, if two computers i.e. air-gapped system and another connected system are at about 15 inches of distance and each of them has the specially designed malware on them, then one can pull out data at the rate of about 8 bits per hour.  These speeds however also depend on various other conditions like outside temperature, the distance between computers etc. and could be improved.

Ben Gurion's Cyber Security Lab simply used the fact that a working CPU produces a lot of heat in graphics card, motherboard etc. Computers generally use the number of thermal sensors to control and restrict the temperature within a certain range. What this wise BitWhisper does it that it uses these thermal control sensors to communicate with the air-gapped system. Once the malware enters the system, it starts sending thermal pings which then facilitates the other computer to detect it. Once they are connected via this handshake, they can communicate by varying temperatures which could then be converted to corresponding binary code.  Thus, by changing temperatures in a range of few degrees, one can transfer data unnoticed.  

Ben Gurion researchers even previously had developed the way to siphon data from the air-gapped system using radiofrequency and a mobile phone. In this method, the radio waves generated by systems video card were transmitted and received by FM radio receiver on phone. Doesn't it feel like a scene of a tom cruise impossible movie? However, this new method developed by them has just added another feather to their cap and has cautioned us about the new virulent thief - heat.