BitWhisper: Covert Signaling Channel between Air-Gapped Computers Using Thermal Manipulations

@article{Guri2015BitWhisperCS,
  title={BitWhisper: Covert Signaling Channel between Air-Gapped Computers Using Thermal Manipulations},
  author={Mordechai Guri and Matan Monitz and Yisroel Mirsky and Yuval Elovici},
  journal={2015 IEEE 28th Computer Security Foundations Symposium},
  year={2015},
  pages={276-289}
}
It has been assumed that the physical separation ('air-gap') of computers provides a reliable level of security, such that should two adjacent computers become compromised, the covert exchange of data between them would be impossible. [] Key Method Our method is unique in two respects: it supports bidirectional communication, and it requires no additional dedicated peripheral hardware. We provide experimental results based on the implementation of the Bit-Whisper prototype, and examine the channel's…
View on IEEE
arxiv.org
133 Citations
Highly Influential Citations
6
Background Citations
80
Methods Citations
21

133 Citations

BitJabber: The World’s Fastest Electromagnetic Covert Channel

A new physical covert channel named BitJabber is introduced that is extremely fast and strong enough to even penetrate concrete walls and can enable data exfiltration from an air-gapped computer enclosed in a room with thick concrete walls up to 15 cm.

Air-Gap Covert Channels

It is empirically demonstrated that using physically unmodified, commodity systems, covert-acoustic channels can be used to communicate at data rates of hundreds of bits per second, without being detected by humans in the environment, and data rates when nobody is around to hear the communication.

SATAn: Air-Gap Exfiltration Attack via Radio Signals From SATA Cables

  • Mordechai Guri
  • Computer Science
    2022 19th Annual International Conference on Privacy, Security & Trust (PST)
  • 2022
The results show that attackers can use the SATA cable to transfer a brief amount of sensitive information from highly secured, air-gap computers wirelessly to a nearby receiver.

MAGNETO: Covert Channel between Air-Gapped Systems and Nearby Smartphones via CPU-Generated Magnetic Fields

GSMem: Data Exfiltration from Air-Gapped Computers over GSM Frequencies

GSMem, a malware that can exfiltrate data through an air-gap over cellular frequencies, is presented and its efficacy and feasibility are demonstrated, achieving an effective transmission distance of 1 - 5.5 meters with a standard mobile phone.

xLED: Covert Data Exfiltration from Air-Gapped Networks via Router LEDs

The experiment shows that sensitive data can be covertly leaked via the status LEDs of switches and routers at a bit rates of 10 bit/sec to more than 1Kbit/sec per LED.

SpiralSpy: Exploring a Stealthy and Practical Covert Channel to Attack Air-gapped Computing Devices via mmWave Sensing

S SpiralSpy is presented, a new covert channel to attack air-gapped computing devices through millimeter-wave (mmWave) sensing technologies and can be adopted on multiple-fan systems and enable a scalable capacity for multi-channel and high-speed information transfer.

On the capacity of thermal covert channels in multicores

A new methodology is devised and exploited that leverages both theoretical results from information theory and experimental data to study these thermal covert channels on modern multicores and shows a communication scheme that achieves rates of more than 45 bps on the same-core channel and more than 5 bPS on the 1-hop channel with less than 1% error probability.

Exfiltrating data from air-gapped computers via ViBrAtIoNs

MagView: A Distributed Magnetic Covert Channel via Video Encoding and Decoding

This paper proposes MagView, a distributed magnetic cover channel, where sensitive information is embedded in other data such as video and can be transmitted over the air-gapped internal network, and demonstrates that CPU utilization for video decoding can be effectively controlled by changing the video frame type and reducing the quantization parameter without video quality degradation.
...

References

SHOWING 1-10 OF 57 REFERENCES

PHY Covert Channels: Can you see the Idles?

This work empirically demonstrate an effective covert timing channel over nine routing hops and thousands of miles over the Internet (the National Lambda Rail) and discusses when and how a timing channel in the physical layer works, how hard it is to detect such a channel, and what is required to do so.

AirHopper: Bridging the air-gap between isolated networks and mobile phones using radio frequencies

AirHopper is presented, a bifurcated malware that bridges the air-gap between an isolated network and nearby infected mobile phones using FM signals and it is demonstrated how textual and binary data can be exfiltrated from physically isolated computer to mobile phones at a distance of 1-7 meters.

Information leakage from optical emanations

A taxonomy of compromising optical emanations is developed, and design changes are described that will successfully block this kind of "Optical Tempest" attack.

A Practical Methodology for Measuring the Side-Channel Signal Available to the Attacker for Instruction-Level Events

This paper presents a new metric, which we call Signal Available to Attacker (SAVAT), that measures the side channel signal created by a specific single-instruction difference in program execution,

CC-Hunter: Uncovering Covert Timing Channels on Shared Processor Hardware

This work proposes a new micro architecture-level framework, CC-Hunter, that detects the possible presence of covert timing channels on shared hardware and demonstrates that Chanter is able to successfully detect different types of covert timer channels at varying bandwidths and message patterns.

Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations

Techniques that enable the software on a computer to control the electromagnetic radiation it transmits and a trusted screen driver can display sensitive information using fonts which minimise the energy of these emissions are discussed.

Hot or not: revealing hidden services by their clock skew

This work suggests the same technique could be exploited as a classical covert channel and can even provide geolocation, because existing abstract models of anonymity-network nodes do not take into account the inevitable imperfections of the hardware they run on.

On Covert Acoustical Mesh Networks in Air

It is shown that the concept of a covert acoustical mesh network renders many conventional security concepts useless, as acoustICAL communications are usually not considered.

Stuxnet worm impact on industrial cyber-physical system security

  • S. Karnouskos
  • Computer Science
    IECON 2011 - 37th Annual Conference of the IEEE Industrial Electronics Society
  • 2011
The highly sophisticated aspects of Stuxnet are investigated, the impact that it may have on existing security considerations and some thoughts on the next generation SCADA/DCS systems from a security perspective are posed.

CMOS VLSI Design: A Circuits and Systems Perspective

The authors draw upon extensive industry and classroom experience to introduce todays most advanced and effective chip design practices, and present extensively updated coverage of every key element of VLSI design, and illuminate the latest design challenges with 65 nm process examples.
...