Exploiting air gaps allows bad actors to extract information using unexpected methods
Most of us are familiar with the primary methods for moving data into and off of our computers: think Wi-Fi networks, USB ports, and Bluetooth connections. However, there are additional, lesser known ways in which data can be retrieved from a device. An elite group of cyber researchers from Ben-Gurion University (BGU) in Beersheva, Israel, have made it their mission to figure out more than a dozen different ways that bad actors with lots of time can extract information, even if you think your PC isn’t connected to anything obvious.
Cybercriminals do this using various parts of the electromagnetic spectrum, including light, radio, and sound waves. On top that, they employ some very clever tricks to steal your data. Granted, these are above and beyond what one would expect — this is precisely why you should familiarize yourself with these attack methods.
We recently wrote about their latest exploits that uses a pattern of flickering LED lights on the computer, called Glowworm. And last year, we covered this class of problems, called air gaps. In both cases, the signal patterns can be captured with the right tools and without any suspicion that the target computer is being monitored. Of course, your office or home needs to be a high enough profile for someone to go through the trouble of one of these attacks. That being said, you're not necessarily off the hook — there are plenty of situations where someone would bother.
Here are some of the BGU team's research on air gaps, along with a brief description of the methods utilized in each exploit:
Several years back, BGU professor Mordechai Guri gave a presentation at Black Hat in which he mentioned an example of a relatively simple attack: A USB flash drive was left in the parking lot of a US military base in the Middle East. The drive was inserted into a laptop and spread across various networks. The Pentagon took a year to clean the malware from all the infected computers. Guri's presentation contains links to some of the other so-called “air gap jumper” exploits listed above.
In order to avoid these types of attacks, it's important for put a variety of protective measures in place:
What's more, there are various endpoint protection programs that can monitor USB activities and create policies to block their use if you can’t eliminate them entirely. Lastly, take a moment to examine your environment: Your risk increases if your computers are near windows or you are connecting to rogue Wi-Fi networks.
In one of the biggest leaks in video game history, a user on GTAForums posted 90 videos from a test build of Grand Theft Auto 6.
What's interesting about Uber's latest breach was the speed at which various publications provided coverage, how quickly Uber notified the world, and how much detail we already have about what happened.
The FBI has issued a public warning claiming that they have identified an increasing number of vulnerabilities posed by unpatched medical devices. The FBI's notice is a good reminder of how law enforcement might focus its attention in this area.