Dudu Mimran, the CTO of Cyber Security Labs, blogged on Monday, "BitWhisper is a demonstration for a covert bi-directional communication channel between two close by air-gapped computers communicating via heat. The method allows bridging the air-gap between the two physically adjacent and compromised computers using their heat emissions and built-in thermal sensors to communicate."
Dudu Mimran told The Hacker News in an email that Its "not easy (to install Malware,) but possible i.e via USB or bad firmware or infection via other computers in the internal network. Such malware can be installed long time before activation so there are quite a few chances. Our base assumption that air gapped computers can be infected."
"Once a bridging attempt is successful, a logical link between the public network and the internal network in established," researchers explained. "At this stage, the attacker can communicate with the formerly isolated network, issuing commands and receiving responses."
- The proof-of-concept attack requires both systems to first be compromised with malware.
- The attack currently allows for just 8 bits of data to be reliably transmitted over an hour, which is sufficient for an attacker to siphon a password or secret keys.
- The attack works only if the air-gapped system is within 40 centimeters/about 15 inches from the other computer controlled by an attacker.