Even An Air Gap Won’t Save You

Security is a fascinating field that is in a constant state of evolution. When new defenses are created new attackers follow and vice versa. One security measure some people take is to create and store their cryptography keys on a computer that isn’t attached to any network. This is known as an air gap and is a pretty solid security measure if implemented correctly (which is harder than most people realize). But even air gaps can be remotely exploited under the right circumstances:

In recent years, air-gapped computers, which are disconnected from the internet so hackers can not remotely access their contents, have become a regular target for security researchers. Now, researchers from Tel Aviv University and Technion have gone a step further than past efforts, and found a way to steal data from air-gapped machines while their equipment is in another room.

“By measuring the target’s electromagnetic emanations, the attack extracts the secret decryption key within seconds, from a target located in an adjacent room across a wall,” Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer write in a recently published paper. The research will be presented at the upcoming RSA Conference on March 3.

It needs to be stated up front that this attack requires a tightly controlled environment so isn’t yet practical for common real world exploitation. But attacks only improve over time so it’s possible this attack will become more practical with further research. Some may decry this as the end of computer security, because that’s what people commonly do when new exploits are created, but it will simply cause countermeasures to be implemented. Air gapped machines may be operated in a Faraday cage or computer manufacturers may improve casings to better control electromagnetic emissions.

This is just another chapter in the never ending saga of security. And it’s a damn impressive chapter no matter how you look at it.

2 thoughts on “Even An Air Gap Won’t Save You”

  1. This doesn’t sound like any new kind of thing — just a particular implementation of Van Eck Phreaking/TEMPEST stuff.

    Some of my friends are fond of pointing out that end to end encrytion may be nice,but that it’s irrelevant if an eavesdropper can compromise one or both ends. And they’re right.

    On the other hand, compromising one end or the other is more difficult and costly than just intercepting network traffic, especially if one of the ends has an air gap or other protective measures.

    And it can be made more costly yet by creating a sort of herd immunity — so many people using encryption and taking other measures to secure their ends of exchanges that it’s harder to figure out where to aim the big guns and expensive to keep enough of those guns in stock.

    1. The tactic itself isn’t new but the fact they were able to accurately read data from another room is. It’s an impressive improvement as well.

      But I know of some companies that have been using isolated machines in Faraday cages to protect against this kind of attack (amongst others). While I doubt this kind of attack is at all practical at this point it’s certainly, as you point out, something people have been aware of.

Comments are closed.