For some in the security field, an air gap is a minimum requirement in cyber defense. What is an air gap, anyway?Īn air gap protects a digital asset by placing it behind an impenetrable barrier to prevent unauthorized access and modification. The air-gapped systems of yore will never return. It can be seductive to harken back to those idyllic times, when computers sat in glass rooms, completely disconnected from the outside world. The ARPANET, which became the Internet, while ushering in fantastic benefits of connectivity, also created the security nightmare that most of us are dealing with today. To help clear up confusion, in this blog we’ll explore the different kinds of air gaps in use today and offer insights into what they offer in terms of security - debunking some of the most prevalent myths along the way.įirst though, to get at the power of air gap mythology, it’s worth asking, where did the myth of physical separation being a necessity come from? Well, it goes like this: Before 1969 and the advent of the ARPANET, there were few effective or economical ways of linking computers into networks. Are you confused by all the myths around air gaps? Does it seem odd that logical air gaps are not considered air gaps in spite of their ability to defend against attacks? If you answered “yes” to these questions, you're likely not alone. Ref: SATAn: Air-Gap Exfiltration Attack via Radio Signals From SATA Cables : /abs/2207.The air gap, a cybersecurity countermeasure that isolates digital assets to put them out of reach of malicious actors, is the subject of many industry myths. However, cybersecurity researchers often publish new exploits like this so that countermeasures can be quickly adopted in facilities that might be vulnerable (even though publication also reveals how to conduct the exploit in the first place). Guri does not mention any evidence that attacks like this have been used in the real world (although that doesn’t guarantee they haven’t). Another option is to monitor the 6Ghz frequency, looking for unexpected broadcasts or even to jam those frequencies. It should also be possible to create code that monitors any unusual activity related to the SATA cables. “Preventing the initial penetration is the first step that should be taken as a preventive countermeasure,” he says.Įnsuring there are no devices nearby capable of recording signals is also a sensible measure that is currently used in NATO and US secure facilities. He goes on to outline various countermeasures to prevent this kind of attack. Guri also showed that the attack can be carried out from within a guest virtual machine, making it much more capable. “We show that attackers can exploit the SATA cable as an antenna to transfer radio signals in the 6 GHz frequency band,” says Guri. He then used a laptop placed about a meter away to monitor transmissions in the 6Ghz band, decoding the word “SECRET” from the illicit broadcasts. This code caused the computer’s SATA cable to broadcast data at a rate of about 1 bit/ sec. To test the idea, Guri wrote the code a capable of creating these signals and uploaded it to an air-gapped desktop PC. “The SATA interface is highly available to attackers in many computers, devices, and networking environments,” he says. Guri’s idea is to modulate the transmission of information along the cable in a way that generates radio signals that can be picked up nearby by equipment monitoring 6Ghz radio frequencies. The cables are a few centimeters long and most operate at a frequency of 6 Gb/sec. Now Mordechai Guri, a cybersecurity researcher at Ben-Gurion University in Israel has found another way - to use the SATA cables inside a computer as wireless aerials to broadcast information via radio waves.Ī SATA cable connects a motherboard data bus to a mass storage device such as a solid-state drive, optical drive or hard disc drive.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |