Security is a fascinating field that is in a constant state of evolution. When new defenses are created new attackers follow and vice versa. One security measure some people take is to create and store their cryptography keys on a computer that isn’t attached to any network. This is known as an air gap and is a pretty solid security measure if implemented correctly (which is harder than most people realize). But even air gaps can be remotely exploited under the right circumstances:
In recent years, air-gapped computers, which are disconnected from the internet so hackers can not remotely access their contents, have become a regular target for security researchers. Now, researchers from Tel Aviv University and Technion have gone a step further than past efforts, and found a way to steal data from air-gapped machines while their equipment is in another room.
“By measuring the target’s electromagnetic emanations, the attack extracts the secret decryption key within seconds, from a target located in an adjacent room across a wall,” Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer write in a recently published paper. The research will be presented at the upcoming RSA Conference on March 3.
It needs to be stated up front that this attack requires a tightly controlled environment so isn’t yet practical for common real world exploitation. But attacks only improve over time so it’s possible this attack will become more practical with further research. Some may decry this as the end of computer security, because that’s what people commonly do when new exploits are created, but it will simply cause countermeasures to be implemented. Air gapped machines may be operated in a Faraday cage or computer manufacturers may improve casings to better control electromagnetic emissions.
This is just another chapter in the never ending saga of security. And it’s a damn impressive chapter no matter how you look at it.