Simple general extrapolation: if your device contains any software actuated part whose emissions of any form can be detected via passive sensing, or whose operation can be detected via active sensing, then the device cannot be air gapped.
Simpler general extrapolation - every (macroscopic[0]) physical process radiates information about itself at the speed of light. The information is always "out there", there's no "airgapping" that. The question is, and always was, how expensive and difficult is it to read that information.
[0] - not sure about some quantum ones, but then again, those that do not radiate information aren't exactly very useful
Can't you just use a faraday cage, sound matting, and add some filters on the mains power coming into the power supply and any USB/monitor cables coming out to decouple any potential crosstalk? This is a solved problem in very sensitive equipment like electron microscopes, where the smallest signal or vibration can leak (from a USB keyboard or another machine on the same power line on the other side of the building, for example) and effect the electron beam.
The other alternative would be to raise the electrical and auditory noise floor to the point where the leaked signals get lost in random noise. Then you'd have to perfectly synchronize the external sensors with the internal clocks to be able to extract any useful information.
Obviously these solutions aren't perfect (what is?) but short of placing a spatially filtered passive radar in the same room, you wouldn't get any usable information leakage.
You're still just raising costs, not making it impossible. Which is fine, because security is always about raising costs to make break-ins not worth the while.
Clive Robinson on Schneier's blog came up with a thorough notion years ago: energy leaks plus "energy gapping" systems. He said if any form of energy or matter could transfer from one system toward anothet device then it should be considered a potential leak. So, you have to physically isolate them then block the whole spectrum practically.
Each new story supports his model. Energy gapping for the win.
Haha. I won't go that far. You just shield from as many forms of sounds, light, EM, etc as you can. Alternatively, build memory and info-flow security into your hardware, do POLA at device level, and use TEMPEST-style hardware. Also, as in EMSEC tents or safes, one can separate security levels into their own shielded cages/racks. Already products for that although not sure if energy gapping is thorough enough.
there was an article on HN recently about using chemical reactions to do some of the computer processing, with the net benefit that the random nature of the reactions would mask these emitted signals.
In all seriousness, this is nothing new. People have been exfiltrating data from the moving parts of drives for years. Even humble floppy drives can send messages at a great distance. Here some vids of them transmitting sound files to external receivers.
If someone has sufficient physical access to an airgapped computer to both install malware and place detection devices around it, wouldn't there be far simpler ways to exfiltrate data?
I believe the point here is you don't need to be able to physically touch the computer. You can be 6 ft away from a server locked from physical access (via lock or other mechanism), although I'm not sure how containers around the airgapped computers affect this data transmission.
I had the misfortune of going through a vulnerability analysis with a government contractor on one of NetApp's products a while ago. I was amazed at how many ways they had figured out how to get data out of the storage unit without using either Ethernet or fiber channel. To be honest though I knew it was going to be rough when they asked if we had tested operating our equipment in a vacuum. (answer no, we depend on air for heat exfiltration).
Anything that is interesting at a bank, health or national security level should already be fairly well protected:
* underground or otherwise well shielded facilities
* dedicated server rooms, switch rooms, comms rooms etc etc
* manned 2 stage gates for entry into facility + (electronic) access going into any department inside.
* strict regulations on what kind of equipment goes into the facility. (Wireless anything has been taboo since it came I think.)
What this doesn't handle is mostly:
* hostile sysadmins. You can only do so much about hostile insiders. Pair work, swapping peers, only allow updates once they have been vetted by a second crew etc can reduce the risk as can something as simple as being nice.
* hostile contractors that makes it through despite your extensive vetting. They must also be cold enough to bring fancy surveillance gear despite the risk of getting caught.
* stuxnet-levels of effort from a resourceful and determined opponent, piercing your firewall carefully from the inside. Still then it would take time to get anything meaningful from electronic noise (and at this point the attacker can likely just read the data from memory, Target Credit Card style.
All of this equipment needs power so that could be another attack vector. For example, we already have powerline networking. In theory you could include something like that in a power supply, after all it does connect to the motherboard and expansion cards. Of course it would require collusion among many different companies but it may not be out of the realm of a nation state attack.
Agree. Then again a lot of power goes into such sites, often in redundant setups so actually exfiltating anything that way sounds like nation state level for me as well.
Hi Sytse, you list 'Wireless keyboard' but you can also bridge the gap with a wired keyboard by detecting (and amplifying, perhaps even through walls) the clicking sounds (or electromagnetic waves) and crack the code by frequency analysis etc. Using a dvorak, personalized layout or an esoteric language like i do could perhaps partially mitigate such attack. See:
Perhaps. I would just put the equipment in the "Band Room". i.e. Sound proof, you can't even hear the drummer. Power conditioners will stop most signal leakage. There are no windows in the band room, so LED's aren't an issue.
Not enough? Have folks play heavy metal with 12 4kw amps. Anyone trying to monitor will have their ears bleed.
Unless the hard drive holds data in the petabyte area, I think it just might be more cost effective today to use SSD. Although the SSD route might exceed the cost for the options you mentioned, SSD has other advantages including being future proof.
The inertia of the fan blades rotating probably limits the data rates you can get with this method, assuming rotation speed correlates with sound frequency (to distinguish between 1 and 0). I would guess it might be a few bits/minute.
I remember reading, in a computer magazine about 15 years ago about a technology, or else an area of research that claimed to do just this. To infer what is being typed on-screen from subtle variations in radiation emitted from the monitors. Apparently some degree of success was possible even outside a building. It probably related more to the CRTs of the day, and the less noisy UIs.
"Data Exfiltration from Displayless Speakerless Air-Gapped Fanless Computers with SSDs via Subtle High Frequency Modification of USB Voltages". AKA your mouse wire is your new antenna.
You could modulate the data into an analog signal using the range of distinguishable sound frequencies from the fan and probably achieve a useful data rate. Modems do something similar to stream data over a phone line.
Flashing LEDs is a possibility too. Like Morse Code, you could flash a dit and a dah (1 and 0) to represents bits. More advanced techniques using proper timing and spacing to form letters and words may allow for more data extraction. I bet you could get about 60 characters (bytes) per minute. Maybe more. Would need a smart phone or camera to read it.
iPads. Kept in a Faraday cage and provisioned with apps over a cable from a neutered host (read-only drive, maybe? Anyway: locked down and firewalled to prevent unapproved software updates).
Alternatively: the market for refurbed LSI-11s is booming.
... It pre-dates TCP/IP (not to mention most of the bells and whistles malware can get its hooks into, not to mention not generally having any audio i/o at all, or a bunch of other surplus doodads people expect these days that expand the threat surface of the machine).
Given that stuxnet was probably delivered through USB, the only way forward is not going to be prevention but detection by having both automated gaurds and "physical" guards.
