My uncle described the air gapped facility he worked in… when they said no EM out, they meant nothing in or out except humans and filtered air. It was behind dual interlocking nuclear blast doors and concrete. Even the water was sourced and recycled on site to prevent documents or capsules exfiltration via the sewer.
I would think that a much more likely exfiltration method (assuming a compromised employee) would be via a capsule in the metaphorical "prison wallet" rather than the sewer.
Can you bring in a lunch (is that a Coke bottle or a secret camera?)? Are there trash bins? If there is water, does that mean there are bathrooms (who does the restocking?)? Is there coffee?! Who/how do you get data into the network? Who/how do you get data out of the network? Can you bring in printed reference materials from a slightly less secure facility?
Bottom line: probably a huge pain in the butt if you have to work like that.
Honestly I’ve never asked him, this was me listening as a 12 year old at the dinner table as he ranted about another search as he went into work. Now I have questions haha.
Actually, it's probably the opposite. The searches are more than likely to make sure you're not bringing anything in that could exfiltrate data like a camera, usb drive, or even pen and paper.
I work in a similar, secure environment. We are not allowed to bring any items in other than our persons, smart card that we scan on enter/exit, and the clothes on our back. We have to leave the facility to use the bathroom, eat, drink, etc.
The typical SCIF is configured with the break room, bathrooms and maybe lockers outside of the secure perimeter, the "regular" office space. Along with a wall mounted shelf area for people to put their wallets and phones.
That just blew me away! I didn't think I was going to hear anything, but yeah, immediately it gave an almost pulse-width modulated high pitch tone. I'm not surprised, but it is also awesome. I'm so many years old yet I can still hear the hum from CRT's, but I'd say that tone is much higher frequency.
Two meters seems like a pretty short distance to bypass an airgap.
At that point, in the kind of situation where someone is actively trying to exfiltrate data, couldn't they point their phone camera at a screen?
Like, maybe there are scenarios where the exit device is compromised without the wearer knowing, or the spy wants to remain discrete, but they seem a bit niche.
- It is possible that the airgapped system still has a publicly viewable screen displaying harmless information. But you use this technique to leak secret information from the system.
- If the authors established that 2m is the maximum distance that you can reliably leak information this way, then that is in principle useful information for someone designing the security system. No audio recording software allowed within 2m of the screen!
In some alternate timeline, there's yet another attack vector of noise from still-in-use floppy drives. (In addition to other less-obsoleted things like flatbed scanners.)
Much the same way that people have used them to make music.
Not an alternate timeline, I went to a blackhat talk that was exfiltrating data from airgapped computers with unconnected parallel port pins, printers (exact same thing as making them make music but faster and with EM), and other peripherals. At a usable distance of some meters too.
There's also a recent "RAMBO" paper about using code to control how memory is accessed so that standard DRAM chips/circuitry will emit decode-able radio signals, at least enough to extract private keys from otherwise air-gapped computers.
This author appears to be quite focused on side channel attacks against various computer components. It appears nearly all of his 32 publications are regarding side channel attacks.
I mean, that's how academia works. You find your niche and then publish a bunch of articles around it. Much harder to publish on a bunch of unrelated topics.
My uncle described the air gapped facility he worked in… when they said no EM out, they meant nothing in or out except humans and filtered air. It was behind dual interlocking nuclear blast doors and concrete. Even the water was sourced and recycled on site to prevent documents or capsules exfiltration via the sewer.
I would think that a much more likely exfiltration method (assuming a compromised employee) would be via a capsule in the metaphorical "prison wallet" rather than the sewer.
The original backdoor.
All sorts of practical questions.
Can you bring in a lunch (is that a Coke bottle or a secret camera?)? Are there trash bins? If there is water, does that mean there are bathrooms (who does the restocking?)? Is there coffee?! Who/how do you get data into the network? Who/how do you get data out of the network? Can you bring in printed reference materials from a slightly less secure facility?
Bottom line: probably a huge pain in the butt if you have to work like that.
It is a huge PITA. I recently quit a job where I helped out with a PKI environment that was air-gapped.
We employed a lot of improvised quality of life solutions that management doesn't want to know about.
Oh gosh. PKI environments are the worst. I've worked at ZRM and KES type environments, but PIK, those are awful.
I guess it would be just like in nuclear power stations. You can't bring food in, not even toilets are inside the big "sphere".
Honestly I’ve never asked him, this was me listening as a 12 year old at the dinner table as he ranted about another search as he went into work. Now I have questions haha.
if he sometimes got searched when he went into work then he was probably permitted to bring things in such as lunch
Actually, it's probably the opposite. The searches are more than likely to make sure you're not bringing anything in that could exfiltrate data like a camera, usb drive, or even pen and paper.
I work in a similar, secure environment. We are not allowed to bring any items in other than our persons, smart card that we scan on enter/exit, and the clothes on our back. We have to leave the facility to use the bathroom, eat, drink, etc.
The typical SCIF is configured with the break room, bathrooms and maybe lockers outside of the secure perimeter, the "regular" office space. Along with a wall mounted shelf area for people to put their wallets and phones.
i see, thanks!
Depends on the site.
What facility was that?
For those unindoctrinated with the underlying phenomenon being exploited, this demo[1] was shared almost a decade ago.
Also, undiscussed mitigation techniques[2] relevant to this general class of nuisance that circuit designers may find of value.
[1] https://news.ycombinator.com/item?id=8862689
[2] https://news.ycombinator.com/item?id=41505772
That just blew me away! I didn't think I was going to hear anything, but yeah, immediately it gave an almost pulse-width modulated high pitch tone. I'm not surprised, but it is also awesome. I'm so many years old yet I can still hear the hum from CRT's, but I'd say that tone is much higher frequency.
Yeah, this is absolutely WILD. You can definitely hear it... wow.
I wonder if the neurons in my eyes are also making tiny sounds when viewing the pattern. :)
Heed the warning on that first link. The pattern can really hurt your eyes.
Two meters seems like a pretty short distance to bypass an airgap.
At that point, in the kind of situation where someone is actively trying to exfiltrate data, couldn't they point their phone camera at a screen?
Like, maybe there are scenarios where the exit device is compromised without the wearer knowing, or the spy wants to remain discrete, but they seem a bit niche.
Two ways this is useful:
- It is possible that the airgapped system still has a publicly viewable screen displaying harmless information. But you use this technique to leak secret information from the system.
- If the authors established that 2m is the maximum distance that you can reliably leak information this way, then that is in principle useful information for someone designing the security system. No audio recording software allowed within 2m of the screen!
"Attacks only get better." It's 2m... now.
[dead]
In some alternate timeline, there's yet another attack vector of noise from still-in-use floppy drives. (In addition to other less-obsoleted things like flatbed scanners.)
Much the same way that people have used them to make music.
https://www.theverge.com/24034551/floppy-disk-music-scene-un...
Not an alternate timeline, I went to a blackhat talk that was exfiltrating data from airgapped computers with unconnected parallel port pins, printers (exact same thing as making them make music but faster and with EM), and other peripherals. At a usable distance of some meters too.
You can broadcast FM radio over short distances by doing PWM over GPIO pins, so that does not suprise me!
I used this for switching radio controlled power outlets which had 433mhz receivers. [2]
[1] https://github.com/markondej/fm_transmitter?tab=readme-ov-fi...
[2] https://github.com/F5OEO/rpitx
There's also a recent "RAMBO" paper about using code to control how memory is accessed so that standard DRAM chips/circuitry will emit decode-able radio signals, at least enough to extract private keys from otherwise air-gapped computers.
This author appears to be quite focused on side channel attacks against various computer components. It appears nearly all of his 32 publications are regarding side channel attacks.
https://arxiv.org/search/cs?searchtype=author&query=Guri,+M
I mean, that's how academia works. You find your niche and then publish a bunch of articles around it. Much harder to publish on a bunch of unrelated topics.
TEMPEST met Funtenna and had a baby!
See also: https://news.ycombinator.com/item?id=32139827
This is really just publication spam.