BitWhisper: Covert Signaling Channel between Air-Gapped Computers Using Thermal Manipulations

@article{Guri2015BitWhisperCS,
  title={BitWhisper: Covert Signaling Channel between Air-Gapped Computers Using Thermal Manipulations},
  author={Mordechai Guri and Matan Monitz and Yisroel Mirsky and Yuval Elovici},
  journal={2015 IEEE 28th Computer Security Foundations Symposium},
  year={2015},
  pages={276-289}
}
It has been assumed that the physical separation ('air-gap') of computers provides a reliable level of security, such that should two adjacent computers become compromised, the covert exchange of data between them would be impossible. [] Key Method Our method is unique in two respects: it supports bidirectional communication, and it requires no additional dedicated peripheral hardware. We provide experimental results based on the implementation of the Bit-Whisper prototype, and examine the channel's…
View on IEEE
arxiv.org
140 Citations
Highly Influential Citations
6
Background Citations
84
Methods Citations
22

140 Citations

BitJabber: The World’s Fastest Electromagnetic Covert Channel

A new physical covert channel named BitJabber is introduced that is extremely fast and strong enough to even penetrate concrete walls and can enable data exfiltration from an air-gapped computer enclosed in a room with thick concrete walls up to 15 cm.

LaserShark: Establishing Fast, Bidirectional Communication into Air-Gapped Systems

By aiming lasers at already built-in LEDs and recording their response, this work is the first to enable a long-distance, bidirectional, and fast covert communication channel for air-gapped systems without any additional hardware on-site.

Air-Gap Covert Channels

It is empirically demonstrated that using physically unmodified, commodity systems, covert-acoustic channels can be used to communicate at data rates of hundreds of bits per second, without being detected by humans in the environment, and data rates when nobody is around to hear the communication.

SATAn: Air-Gap Exfiltration Attack via Radio Signals From SATA Cables

  • Mordechai Guri
  • Computer Science
    2022 19th Annual International Conference on Privacy, Security & Trust (PST)
  • 2022
The results show that attackers can use the SATA cable to transfer a brief amount of sensitive information from highly secured, air-gap computers wirelessly to a nearby receiver.

MAGNETO: Covert Channel between Air-Gapped Systems and Nearby Smartphones via CPU-Generated Magnetic Fields

GSMem: Data Exfiltration from Air-Gapped Computers over GSM Frequencies

GSMem, a malware that can exfiltrate data through an air-gap over cellular frequencies, is presented and its efficacy and feasibility are demonstrated, achieving an effective transmission distance of 1 - 5.5 meters with a standard mobile phone.

xLED: Covert Data Exfiltration from Air-Gapped Networks via Router LEDs

The experiment shows that sensitive data can be covertly leaked via the status LEDs of switches and routers at a bit rates of 10 bit/sec to more than 1Kbit/sec per LED.

SpiralSpy: Exploring a Stealthy and Practical Covert Channel to Attack Air-gapped Computing Devices via mmWave Sensing

S SpiralSpy is presented, a new covert channel to attack air-gapped computing devices through millimeter-wave (mmWave) sensing technologies and can be adopted on multiple-fan systems and enable a scalable capacity for multi-channel and high-speed information transfer.

On the capacity of thermal covert channels in multicores

A new methodology is devised and exploited that leverages both theoretical results from information theory and experimental data to study these thermal covert channels on modern multicores and shows a communication scheme that achieves rates of more than 45 bps on the same-core channel and more than 5 bPS on the 1-hop channel with less than 1% error probability.

Exfiltrating data from air-gapped computers via ViBrAtIoNs

...

References

SHOWING 1-10 OF 57 REFERENCES

PHY Covert Channels: Can you see the Idles?

This work empirically demonstrate an effective covert timing channel over nine routing hops and thousands of miles over the Internet (the National Lambda Rail) and discusses when and how a timing channel in the physical layer works, how hard it is to detect such a channel, and what is required to do so.

A Practical Methodology for Measuring the Side-Channel Signal Available to the Attacker for Instruction-Level Events

This paper presents a new metric, which we call Signal Available to Attacker (SAVAT), that measures the side channel signal created by a specific single-instruction difference in program execution,

CC-Hunter: Uncovering Covert Timing Channels on Shared Processor Hardware

This work proposes a new micro architecture-level framework, CC-Hunter, that detects the possible presence of covert timing channels on shared hardware and demonstrates that Chanter is able to successfully detect different types of covert timer channels at varying bandwidths and message patterns.

Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations

Techniques that enable the software on a computer to control the electromagnetic radiation it transmits and a trusted screen driver can display sensitive information using fonts which minimise the energy of these emissions are discussed.

Hot or not: revealing hidden services by their clock skew

This work suggests the same technique could be exploited as a classical covert channel and can even provide geolocation, because existing abstract models of anonymity-network nodes do not take into account the inevitable imperfections of the hardware they run on.

On Covert Acoustical Mesh Networks in Air

It is shown that the concept of a covert acoustical mesh network renders many conventional security concepts useless, as acoustICAL communications are usually not considered.

Audio networking: the forgotten wireless technology

This article considers audio networking as a mechanism for introducing data packets into ongoing mobile phone calls, covering how to transfer data to nearby smart phones as well as usability and security issues.

Stuxnet worm impact on industrial cyber-physical system security

  • S. Karnouskos
  • Computer Science
    IECON 2011 - 37th Annual Conference of the IEEE Industrial Electronics Society
  • 2011
The highly sophisticated aspects of Stuxnet are investigated, the impact that it may have on existing security considerations and some thoughts on the next generation SCADA/DCS systems from a security perspective are posed.

IX. References

1. Arantes, L. : Potentialized anaesthesia in ophthalmology. 111 Congressus Mundialis Anaesthesiologiae. Tomo 11. 1964:ll-45. 2. Aserinsky, E. and de Bias, D. A . ; Suppression of oculo-cardiac

Electric power systems : a conceptual introduction

Preface. 1. The Physics of Electricity. 1.1 Basic Quantities. 1.1.1 Introduction. 1.1.2 Charge. 1.1.3 Potential or Voltage. 1.1.4 Ground. 1.1.5 Conductivity. 1.1.6 Current. 1.2 Ohm's law. 1.2.1
...