The security researchers at Ben Gurion University in Israel have identified the method of obtaining air-gapped system data through heat emissions and the built-in thermal sensors of a computer. The method has been named BitWhisper.

Air-gapped systems that generally are not linked with other systems and are also isolated from the Internet can be utilized in circumstances that require high level of security simply because these make it difficult to siphon data from them.

Usually Air-Gapped technology is used in highly sensitive networks like classified military systems, credit and debits card transaction processes for retailers, and in those industrial control systems that are responsible for operating critical infrastructure. However, it may also be used by journalists for avoid remote accessing of sensitive data by hackers.

Siphoning data from this system rely upon gaining physical access to the device/machine, and using any kind of removable media such as a firewire cable or a USB flash drive for linking the air-gapped machine directly to another device like a computer.

How to Steal data from an Air-gapped system?

The security researchers at Ben Gurion University in Israel have identified the method of obtaining air-gapped system data through heat emissions and the built-in thermal sensors of a computer. The method has been named BitWhisper.

BitWhisper allows attackers to secretly siphon passwords and other security keys by using a protected system and then transmit the information to a system that is connected to internet and is in close proximity of the attacker(s). Internet-connected systems may also be used for sending malicious commands through heat and sensor technique to the air-gapped system.

Researchers also provided the proof of the workability of BitWhisper in a video footage. In their video, the team used a computer tower to induce a command to a nearby computer tower that represented an air-gapped system.

Researchers believe that future research may involve utilizing the IoT (internet of things) as an attack vector- an online heating and air conditioning machine or even a fax machine that can be accessed remotely can be compromised to alter controlled fluctuations in temperature, noted Wired.

How BitWhisper Works?

It is a fact that varying levels of heat is generated by computers. The heat level depends upon the extent of processing that the CPU is performing. Additionally, the graphics, processing unit and several other components on the motherboard also generate significant amount of heat. Since the system is simultaneously downloading files, streaming videos and browsing the web therefore, it is understandable that this multi-tasking involves a lot of power consumption and results in excessive heat generation.

Computers are equipped with numerous built-in thermal sensors for monitoring temperature. These sensors detect heat fluctuations and activate an internal fan to keep the system cool when required and these many even shut down the system for preventing damage.

BitWhisper utilizes these particular thermal sensors for sending commands to an air-gapped system in order to retrieve siphon data or perform any other operation. This method resembles the Morse Code since it involves transmitting system through controlled heat fluctuations for connecting with the receiving device. The receiving system utilizes its own built-in thermal sensors for detecting the changes in temperature and translating it into binary digits, that is, 1 or 0.