skip to main content
review-article
Free access

Bridgeware: the air-gap malware

Published: 26 March 2018 Publication History

Abstract

The challenge of combatting malware designed to breach air-gap isolation in order to leak data.

References

[1]
Air Gap Computer Network Security; http://abclegaldocs.com/blog-Colorado-Notary/air-gap-computer-network-security/.
[2]
Anderson, R.J. Emission security. Security Engineering, 2nd Ed. Wiley Publishing, 2008, 523--546.
[3]
Bartolini, D.B., Miedl, P. and Thiele, L. On the capacity of thermal covert channels in multicores. EuroSys, 2016.
[4]
Black-Hat. Emanate like a boss: Generalized covert data exfiltration with Funtenna. (2015); https://www.blackhat.com/us15/briefings.html#emanate-like-a-boss-generalized-covert-data-exfiltration-with-funtenna.
[5]
Bornstein, M.H. and Lamb, M.E. Cognitive Development: An Advanced Textbook. Psychology Press, 2011.
[6]
Callan, R., Zajic, A. and Prvulovic, M. A practical methodology for measuring the side-channel signal available to the attacker for instruction-level events. In Proceedings of the 47th Annual IEEE/ACM International Symposium on Microarchitecture. IEEE, 2014, 242--254.
[7]
Carrara, B. And Adams, C. Out-of-band covert channels---A survey. ACM Computing Surveys 49, 2, (2016).
[8]
Deshotels, L. Inaudible sound as a covert channel in mobile devices. In Proceedings of the USENIX Workshop for Offensive Technologies, 2014.
[9]
Do, Q., Martini, B. and Choo, K-K.R. Exfiltrating data from Android devices. Computers & Security 48 (2015), 74--91.
[10]
Do, Q., Martini, B. and Choo, K-K.R. A data exfiltration and remote exploitation attack on consumer 3D printers. IEEE Trans. Information Forensics and Security 11, 10 (2016), 2174--2186.
[11]
D'Orazio, C.J., Choo, K-K.R. and Yang, L.T. Data exfiltration from Internet of Things devices: iOS devices as case studies. IEEE Internet of Things J. 99, 2327--4662.
[12]
Federation of American Scientists. Joint Worldwide Intelligence Communications System, 1999; http://fas.org/irp/program/disseminate/jwics.htm.
[13]
Goodin, D. Meet 'badBIOS,' the mysterious Mac and PC malware that jumps airgaps. 2013; http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/.
[14]
Goodin, D. How 'omnipotent' hackers tied to NSA hid for 14 years---and were found at last. 2015; https://arstechnica.com/information-technology/2015/02/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last/.
[15]
Guri, M., Hasson, O., Kedma, G. and Elovici, Y. An optical covert-channel to leak data through an air-gap. In Proceedings of the 14th Annual Conference on Privacy, Security and Trust (Auckland, 2016).
[16]
Guri, M., Kachlon, A., Hasson, O., Kedma, G., Mirsky, Y. and Elovici, Y. GSMem: Data exfiltration from air-gapped computers over GSM frequencies. In Proceedings of the USENIX Security Symposium, (Washington, D.C., 2015).
[17]
Guri, M., Kedma, G., Kachlon, A. and Elovici, Y. AirHopper: Bridging the air-gap between isolated networks and mobile phones using radio frequencies. In Proceedings of the 9th International Conference on in Malicious and Unwanted Software: The Americas. IEEE, 2014, 58--67.
[18]
Guri, M. Monitz, M. and Elovici, Y. USBee: Air-gap covert-channel via electromagnetic emission from USB. In Proceedings of the 14th Annual Conference on Privacy, Security and Trust, (Auckland, 2016).
[19]
Guri, M. Monitz, M. and Elovici, Y. Bridging the air gap between isolated networks and mobile phones in a practical cyber-attack. ACM Trans. Intelligent Systems and Technology 8, 4 (2017), 50.
[20]
Guri, M. Monitz, Mirski, M. and Elovici, Y. BitWhisper: Covert signaling channel between air-gapped computers using thermal manipulations. In Proceedings of the 28th IEEE Computer Security Foundations Symposium, (Verona, 2015).
[21]
Guri, M., Solewicz, Y., Daidakulov, A. and Elovici, Y. Fansmitter: Acoustic data exfiltration from (speakerless) air-gapped computers. 2016, arXiv:1606.05915.
[22]
Guri, M., Solewicz, Y., Daidakulov, A. and Elovici, Y. Acoustic data exfiltration from speakerless air-gapped computers via covert hard-drive noise ('DiskFiltration'). In Proceedings of the European Symposium on Research in Computer Security, (Oslo, 2017).
[23]
Guri, M., Zadov, B. and Elovici, Y. LED-it-GO: Leaking (a lot of) data from air-gapped computers via the (small) hard drive LED. In Proceedings of the 14th International Conference on Detection of Intrusions and Malware and Vulnerability Assessment, (Bonn, 2017).
[24]
Hanspach, M. and Goetz, M. On covert acoustical mesh networks in air. 2014; arXiv:1406.1213, 2014.
[25]
Kuhn, M. Optical time-domain eavesdropping risks of CRT displays. In Proceedings of the IEEE Symposium on Security and Privacy, 2002.
[26]
Kuhn, M.G. and Anderson, R.J. Soft TEMPEST: Hidden data transmission using electromagnetic emanations. Information Hiding, Springer-Verlag, 1998, 124--142.
[27]
Lee, E., Kim, H. and Yoon, J.W. Attack, various threat models to circumvent air-gapped systems for preventing network. Information Security Applications 9503 (2015), 187--199.
[28]
Loughry, J. and Umphress, D.A. Information leakage from optical emanations. ACM Trans. Information and System Security (2002), 262--289.
[29]
Madhavapeddy, A., Sharp, R., Scott, D. and Tse, A. Audio networking: The forgotten wireless technology. IEEE Pervasive Computing 4, 3 (2005), 55--60.
[30]
McAfee. Defending critical infrastructure without air gaps and stopgap security, 2015; https://blogs.mcafee.com/executive-perspectives/defending-critical-infrastructure-without-air-gaps-stopgap-security/.
[31]
McNamara, J. The complete, unofficial TEMPEST information page, 1999; http://www.jammed.com/~jwa/tempest.html.
[32]
Mirsky, Y., Guri, M. and Elovic, Y. HVACKer: Bridging the air-gap by manipulating the environment temperature. deepsec, 2015.
[33]
National Computer Security Center. NCSC-TG-004 Glossary of Computer Security Terms, 1988; http://fas.org/irp/nsa/rainbow/tg004.htm.
[34]
NSA/CSS. NSA/CSS Regulation 90--6: Technical Security Program. Fort George G. Meade, MD. Partially declassified transcript, 1999; http://cryptome.org/nsa-reg90-6.htm.
[35]
O'Malley, S.J. and Choo, K-K.R. Bridging the air gap: Inaudible data exfiltration by insiders. In Proceedings of the Americas Conference on Information Systems, 2014.
[36]
SC Magazine. Light-based printer attack overcomes air-gapped computer security, 2014; http://www.scmagazineuk.com/light-based-printer-attack-overcomes-air-gapped-computer-security/article/377837/.
[37]
Schneier, B. Schneier on Security: COTTONMOUTH-III: NSA exploit of the day; https://www.schneier.com/blog/archives/2014/03/cottonmouth-iii.html.
[38]
Securelist. Agent.btz: A Source of inspiration? 2014; https://securelist.com/blog/virus-watch/58551/agent-btz-a-source-of-inspiration/.
[39]
Sepetnitsky, V., Guri, M. and Elovici, Y. Exfiltration of information from air-gapped machines using monitor's LED indicator. In Proceedings of the Intelligence and Security Informatics Conference, (The Hague, The Netherlands, 2014).
[40]
Symantec. Mind the gap: Are air-gapped systems safe from breaches? 2014; http://www.symantec.com/connect/blogs/mind-gap-are-air-gapped-systems-safe-breaches.
[41]
Tempest for Eliza; http://www.erikyyy.de/tempest/.
[42]
van Eck, W. Electromagnetic radiation from video display units, 1985; https://cryptome.org/emr.pdf.
[43]
The Washington Post. Powerful NSA hacking tools have been revealed online; https://www.washingtonpost.com/world/national-security/powerful-nsa-hacking-tools-have-been-revealed-online/2016/08/16/bce4f974-63c7-11e6-96c0-37533479f3f5_story.html.
[44]
Zander, S., Armitage, G. and Branch, P. A survey of covert channels and countermeasures in computer network protocols. IEEE Communications Surveys & Tutorials 9, 3 (2007), 44--57.

Cited By

View all
  • (2025)Multi-sensor data fusion perspective for smart grid analyticsCyber Security Solutions for Protecting and Building the Future Smart Grid10.1016/B978-0-443-14066-2.00006-2(81-115)Online publication date: 2025
  • (2024)Protecting Data at Risk of Unintentional Electromagnetic Emanation: TEMPEST ProfilingApplied Sciences10.3390/app1411483014:11(4830)Online publication date: 3-Jun-2024
  • (2024)MagView++: Data Exfiltration via CPU Magnetic Signals Under Video DecodingIEEE Transactions on Mobile Computing10.1109/TMC.2023.326240023:3(2486-2503)Online publication date: 1-Mar-2024
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image Communications of the ACM
Communications of the ACM  Volume 61, Issue 4
April 2018
88 pages
ISSN:0001-0782
EISSN:1557-7317
DOI:10.1145/3200906
Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 March 2018
Published in CACM Volume 61, Issue 4

Permissions

Request permissions for this article.

Check for updates

Qualifiers

  • Review-article
  • Popular
  • Refereed

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)632
  • Downloads (Last 6 weeks)165
Reflects downloads up to 18 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2025)Multi-sensor data fusion perspective for smart grid analyticsCyber Security Solutions for Protecting and Building the Future Smart Grid10.1016/B978-0-443-14066-2.00006-2(81-115)Online publication date: 2025
  • (2024)Protecting Data at Risk of Unintentional Electromagnetic Emanation: TEMPEST ProfilingApplied Sciences10.3390/app1411483014:11(4830)Online publication date: 3-Jun-2024
  • (2024)MagView++: Data Exfiltration via CPU Magnetic Signals Under Video DecodingIEEE Transactions on Mobile Computing10.1109/TMC.2023.326240023:3(2486-2503)Online publication date: 1-Mar-2024
  • (2024)PIXHELL Attack: Leaking Sensitive Information from Air-Gap Computers via ‘Singing Pixels’2024 IEEE 48th Annual Computers, Software, and Applications Conference (COMPSAC)10.1109/COMPSAC61105.2024.00134(976-987)Online publication date: 2-Jul-2024
  • (2024)Equation Unsolved: Inside the Shadowy World of Elite Cyber Spies2024 34th International Conference on Collaborative Advances in Software and COmputiNg (CASCON)10.1109/CASCON62161.2024.10838060(1-6)Online publication date: 11-Nov-2024
  • (2024)The Malware as a Service EcosystemMalware10.1007/978-3-031-66245-4_16(371-394)Online publication date: 5-Jul-2024
  • (2023)Analysis on Hacking the Secured Air-Gapped Computer and Possible SolutionCybernetics and Information Technologies10.2478/cait-2023-001723:2(124-136)Online publication date: 12-Jun-2023
  • (2023)AIR-FI: Leaking Data From Air-Gapped Computers Using Wi-Fi FrequenciesIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.318662720:3(2547-2564)Online publication date: 1-May-2023
  • (2023) POWER-SUPPLaY: Leaking Sensitive Data From Air-Gapped, Audio-Gapped Systems by Turning the Power Supplies into Speakers IEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2021.313340620:1(313-330)Online publication date: 1-Jan-2023
  • (2023)How to Scrub a Launch: Spaceport Cybersecurity2023 IEEE 9th International Conference on Space Mission Challenges for Information Technology (SMC-IT)10.1109/SMC-IT56444.2023.00015(56-67)Online publication date: Jul-2023
  • Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Digital Edition

View this article in digital edition.

Digital Edition

Magazine Site

View this article on the magazine site (external)

Magazine Site

Login options

Full Access

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media