Air-gapped secured systems

Into_Oblivion1 · Feb 13, 2025

Dear all

In regard of linked articles:
RAMBO attack uses RAM in air-gapped computers to steal data

Researchers warn about new "SATAn" that can hack air-gapped PCs using SATA cables

Attacking Air-Gap-Segregated Computers

1.
All the methods to hack air-gapped systems, do they all require malware on the targeted system to work?
Also the one with SATA-cables?

2.
Those mentioned devices that can hack air-gapped systems, are they easily available to the average hacker?

3.
All the mentioned methods of hacking an air-gapped system, is it NSA-level or something the average hacker could do?

Thank you

neemobeer · Feb 13, 2025

1. Typically yes some type of malware or purpose built device is involved in airgap attacks and often there are two points of infection, but not always.

2. Since nearly all of these attacks require intimate knowledge of mechanisms beyond your tradition "computer person or pen tester" they're much rarer to be executed by your average pen tester or threat actor

3. Same as # 2

Caveats, there are companies out that build purpose built devices, but still require some knowledge to use not to mention overcoming the challenges typically faced with physical security controls and procedures in place to keep them air gapped and accessed only by approved personnel.

Tester · Feb 13, 2025

Well if malware gets into the supply system, and those engineers from external company's are infected. And they are going to do there updates on locations, then malware can come with them into an airgapped system.

NSA has a saying, no airgapped system is really airgapped and can still be misused.

Good documentary about the stuxnet, that explains a bit about this topic: Zero Days (2016).

Steve C · Feb 14, 2025

An inside job will always be hard to police

Into_Oblivion1 · Feb 17, 2025

neemobeer said:
1. Typically yes some type of malware or purpose built device is involved in airgap attacks and often there are two points of infection, but not always.

"built device" - as a receiver?

"there are two points of infection" - what does that mean? Can you come with an example?

Into_Oblivion1 · Feb 17, 2025

There a no methods to hack an airgapped system, without the airgapped system gets compromised by malware or some kind of physical manipulation?

A computer can't transmit the necessary signals, without being compromised by malware or some kind of physical manipulation?

Into_Oblivion1 · Mar 13, 2025

Would anyone please answer my remaining questions:

"Typically yes some type of malware or purpose built device is involved in airgap attacks and often there are two points of infection, but not always."

"built device" - as a receiver?

"there are two points of infection" - what does that mean? Can you come with an example?

There a no methods to hack an airgapped system, without the airgapped system gets compromised by malware or some kind of physical manipulation?

A computer can't transmit the necessary signals, without being compromised by malware or some kind of physical manipulation?

Thank you

Tester · Mar 13, 2025

Into_Oblivion1 said:
"there are two points of infection" - what does that mean? Can you come with an example?

1 Infected Machine <-- airgap --> 2. Other infected machine nearby --> communication to outside world.
1 and 2 communicate over the airgap.

Not always, infected machine in airgapped envoirment, infected by usb by engineer, a few months later he comes back, plugs in usb device, collected data is written to usb device, and travels back with engineer. (Engineer maybe comprimised, or does not know he is used as piggybag.) then plugs in back usb at workmachine, and then data is being send back to attackers.

Into_Oblivion1 said:
There a no methods to hack an airgapped system, without the airgapped system gets compromised by malware or some kind of physical manipulation?

A computer can't transmit the necessary signals, without being compromised by malware or some kind of physical manipulation?

Where those 2 statements coming from?

I guess, when a system is airgapped and propperly configured, it won't send out any signels. When it is comprimised it could send out signals, even if it has no wireless/bluethooth, or other wireless card installed. Can't find the whitepaper now, but 25years ago during my studies, they had a working model, that they used the cpu to produce frequency noise, that could be intercepted by a other lisening machine. And so that broke the airgap.

Edit not the whitepaper, but more about the topic: Acoustic cryptanalysis - Wikipedia

TairikuOkami · Mar 14, 2025

Into_Oblivion1 said:
A computer can't transmit the necessary signals, without being compromised by malware or some kind of physical manipulation?

PC can be hacked remotely, even if it has no internet, but you would have to be a special target, since those methods take a lot of resources. Every electronic device generates EMF, which can be read and modified remotely. What you are typing can be seen using infra/x-ray, but also based on the sound keyboard gives away. Lately I have not seen many news about this topic, I guess they do not want to give hackers any ideas. And lets not forget that everything is interconnected, like this:

Logitech flaw lets hackers control your mouse and see everything you type

Security research discovers vulnerability affecting wireless products dating back to 2009.

www.gearbrain.com

Into_Oblivion1 · Mar 14, 2025

TairikuOkami said:
Every electronic device generates EMF, which can be read and modified remotely.

Also a laptop fresh from the vendor?

So the EMF a laptop generates could be read somehow, and from that, the hacker could somehow read the data on the laptop - without manipulating with the laptop first?

TairikuOkami said:
And lets not forget that everything is interconnected, like this:

Logitech flaw lets hackers control your mouse and see everything you type

Security research discovers vulnerability affecting wireless products dating back to 2009.

www.gearbrain.com

I don't use wireless keyboard or wireless mouse when using my "air-gapped" laptop, I only use a corded mouse.

Into_Oblivion1 · Mar 14, 2025

Tester said:
1 Infected Machine <-- airgap --> 2. Other infected machine nearby --> communication to outside world.
1 and 2 communicate over the airgap.

Not always, infected machine in airgapped envoirment, infected by usb by engineer, a few months later he comes back, plugs in usb device, collected data is written to usb device, and travels back with engineer. (Engineer maybe comprimised, or does not know he is used as piggybag.) then plugs in back usb at workmachine, and then data is being send back to attackers.

What you are saying is, the "air-gap" can only be broken by physical access?

Tester said:
There a no methods to hack an airgapped system, without the airgapped system gets compromised by malware or some kind of physical manipulation?

A computer can't transmit the necessary signals, without being compromised by malware or some kind of physical manipulation?

Where those 2 statements coming from?

Those are just my questions.

Tester said:
I guess, when a system is airgapped and propperly configured, it won't send out any signels. When it is comprimised it could send out signals, even if it has no wireless/bluethooth, or other wireless card installed. Can't find the whitepaper now, but 25years ago during my studies, they had a working model, that they used the cpu to produce frequency noise, that could be intercepted by a other lisening machine. And so that broke the airgap.

There a no methods to hack an airgapped system, without the airgapped system gets compromised by malware or some kind of physical manipulation?
A computer can't transmit the necessary signals, without being compromised by malware or some kind of physical manipulation?
-
In regard of your answer, it is "No" to both questions?

Thank you

Tester · Mar 14, 2025

Into_Oblivion1 said:
So the EMF a laptop generates could be read somehow, and from that, the hacker could somehow read the data on the laptop - without manipulating with the laptop first?

Correct.
It's the same, you can capture / record the data from your neighbours wifi. The data that is collected is however encrypted. 20years ago it was easy to crack and retrieve the wifi password from the recored data... Now it takes a lot of time to crack... However everything that is send out by the device, can be recieved/record by a other device that lisens to those freq.
So if you have a reciever pointed to wireless keyboard and you can capute the data, you can record the data transmitted between laptop and wireless keyboard. Hover i guess most of them are encrypted now, and nog easy hacked, however i doubt all systems are that good.

A year ago i went to go to a birthday party. A friend came with his new Kia also. When he entred the birtday party, he said there where strange persons hanging around near the parking lot. Not talked much about it. But when birtday was over, he went to go to his car, and it was gone... Called police.
After 10min, someone else noticed his car at the end of the street half in a parking spot.
Somehow they record his remote to lock/unlock his car, they got it, drove it away, and engine shutoff by itself. Police comfired that that happens a fair bit with those models...

Into_Oblivion1 said:
What you are saying is, the "air-gap" can only be broken by physical access?

No.

Into_Oblivion1 said:
A computer can't transmit the necessary signals, without being compromised by malware or some kind of physical manipulation?

I would word this:

A computer can transmit the necessary signals, without being compromised by malware or some kind of physical manipulation.

Into_Oblivion1 said:
There a no methods to hack an airgapped system, without the airgapped system gets compromised by malware or some kind of physical manipulation?

Can't really awnser this sentece as i cannot translate and don't know what this part means. "There a no methods to hack"
Do you mean, "There is no method to hack" or?

Into_Oblivion1 · Mar 25, 2025

Tester said:
It's the same, you can capture / record the data from your neighbours wifi. The data that is collected is however encrypted. 20years ago it was easy to crack and retrieve the wifi password from the recored data... Now it takes a lot of time to crack... However everything that is send out by the device, can be recieved/record by a other device that lisens to those freq.

Your example of wifi, that is a type of signal that is made to be sent and received.

What kind of signals does a laptop emit, that can be received outside of the laptop?

Some of the hardware parts emits signals, that can be received?
If yes, why should the hardware parts do that, when they are connected, and there is no need of them sending anything airborne?

Tester said:
So if you have a reciever pointed to wireless keyboard and you can capute the data, you can record the data transmitted between laptop and wireless keyboard. Hover i guess most of them are encrypted now, and nog easy hacked, however i doubt all systems are that good.

I only use a corded mouse and the laptops own keyboard.

------------------------------------------------------------------------------------------------------------

A computer can't transmit the necessary signals, without being compromised by malware or some kind of physical manipulation?

Tester said:
I would word this:
A computer can transmit the necessary signals, without being compromised by malware or some kind of physical manipulation.

According to you, it is possible to get the data from an air-gapped system - without the air-gapped system being manipulated by malware or physical access first.
How is that possible?

Thank you

jimbo45 · Mar 25, 2025

Steve C said:
An inside job will always be hard to police

Quis custodiet ipsos custodes ? !!!

(Latin from way back to 2nd century so a problem even then - although I'd imagine hacking at that time meant chopping bits off people's bodies-- but in plain English -- Who guards the guards).

Particularly in big organisations with loads of staff - they are the most likely ones who will have air gapped systems - there's usually people who can be bought if the price is high enough.

Cheers
jimbo

garlin · Mar 25, 2025

1. Move your PC into a SCIF (Sensitive Compartmented Information Facility).

Which is spy talk for a metal-lined room (including walls, floor, ceiling, and door). Basically a room-sized Faraday cage. If you wrap your phone in aluminum foil, making sure the foil touches itself and leaves no air gaps, most signals don't get out.

A real world example is where you to hide your car's key remote inside a refrigerator to prevent snooping. The fridge is a closed metal box.

2. Users who have legitimate security concerns can purchase a TEMPEST-rated PC. TEMPEST is a U.S. security certification program which repackages electronics in enclosures which limit EMI leakage. Such devices are ridiculously expensive.

You're paying for the packaging, and product testing that it actually doesn't leak EMI.

TEMPEST RATED PC MEETS MIL STANDARDS - Equipto Electronics, Corp.

Each Equipto TEMPEST system is fully customizable. Turnkey systems typically include (but are not limited to) an Intel® i7 processor, ATX motherboard to

www.equiptoelec.com

Steve C · Mar 26, 2025

jimbo45 said:
Quis custodiet ipsos custodes ? !!!

(Latin from way back to 2nd century so a problem even then - although I'd imagine hacking at that time meant chopping bits off people's bodies-- but in plain English -- Who guards the guards).

Particularly in big organisations with loads of staff - they are the most likely ones who will have air gapped systems - there's usually people who can be bought if the price is high enough.

Cheers
jimbo

Apart from employees or contractors having access to air gapped systems, the software upgrade procedures can be hacked to insert malware. Experts who probe such vulnerabilities are called 'penetration testers', Sounds like a great job!

russ6100 · Mar 27, 2025

garlin said:
1. Move your PC into a SCIF (Sensitive Compartmented Information Facility).

Which is spy talk for a metal-lined room (including walls, floor, ceiling, and door). Basically a room-sized Faraday cage. If you wrap your phone in aluminum foil, making sure the foil touches itself and leaves no air gaps, most signals don't get out.

A real world example is where you to hide your car's key remote inside a refrigerator to prevent snooping. The fridge is a closed metal box.

2. Users who have legitimate security concerns can purchase a TEMPEST-rated PC. TEMPEST is a U.S. security certification program which repackages electronics in enclosures which limit EMI leakage. Such devices are ridiculously expensive.

You're paying for the packaging, and product testing that it actually doesn't leak EMI.

TEMPEST RATED PC MEETS MIL STANDARDS - Equipto Electronics, Corp.

Each Equipto TEMPEST system is fully customizable. Turnkey systems typically include (but are not limited to) an Intel® i7 processor, ATX motherboard to

www.equiptoelec.com

My box leaks like a sieve.

I can hear CPU / GPU "chatter" when I sit at my desk playing an electric guitar with single-coil pickups into a slightly gained-up amplifier.

It's fun to try to correlate different actions with the emitted sounds.

Ed Tittel · Monday at 4:29 PM

Great discussion of "Van Eck phreaking" in Neal Stephenson's Cryptonomicon. Where there's a will, physical proximity, and a big budget it's amazing what signals a sniffer can pick up!
--Ed--

Air-gapped secured systems

Member

My Computer

Well-known member

My Computer

Well-known member

My Computer

Well-known member

My Computer

Member

My Computer

Member

My Computer

Member

My Computer

Well-known member

My Computer

Microsoft 365 Basic

My Computer

Member

My Computer

Member

My Computer

Well-known member

My Computer

Member

My Computer

Well-known member

My Computer

Well-known member

My Computer

Well-known member

My Computer

Member

My Computer

Well-known member

My Computer

Similar threads