However, these networks have been a regular target in recent years for researchers, who have been trying to demonstrate every possible attack scenarios that could compromise the security of such isolated networks.
Security researchers from Ben-Gurion University in Israel have previously demonstrated several ways to extract sensitive information from air-gapped computers.
Now, the same University researchers have discovered another way to steal confidential information from air-gapped computers – this time with the help of infrared-equipped CCTV cameras that are used for night vision.
Researchers have developed a new attack scenario, dubbed aIR-Jumper, which includes an infected air-gapped computer (from which data needs to be stolen) and an infected CCTV network (that has at least one CCTV installed inside the premises facing the infected computer and one outside the premises), assuming that both networks are isolated from each other, and none of them is Internet-connected.
Ignoring the fact that how an air-gapped computer and CCTV network got infected with malware in the first place, the new research focused on, once infected, how the malware would be able to transfer the stolen data back to the attackers (waiting outside the premises).
To read and send data, the aIR-Jumper malware installed on air-gapped computer and CCTV network blink IR LEDs in morse-code-like patterns to transmit files into the binary data, i.e. 0 and 1.
Since the attack is meant to steal files in binary data, attackers wouldn't be able to steal any large files but could get their hands on passwords, cryptographic keys, PIN codes and other small bits of sensitive data stored on the targeted computer.
"In an infiltration scenario, an attacker standing in a public area (e.g., in the street) uses IR LEDs to transmit hidden signals to the surveillance camera(s)," the researchers say. "Binary data such as command and control (C&C) and beacon messages are encoded on top of the IR signals."The researchers also published two videos demonstration, showing two attack scenarios.
Become an Incident Response Pro!
Unlock the secrets to bulletproof incident response – Master the 6-Phase process with Asaf Perlman, Cynet's IR Leader!Don't Miss Out – Save Your Seat!
In the first video, the researchers demonstrated how the malware installed on the air-gap computer collected data, converted it into binary and then blinked LED accordingly. At the same time, the infected camera captured this pattern and the malware installed on the camera converted the morse-code back into the binary data.
Here the infected CCTV camera is working as a bridge between the air-gapped computer and the remote attackers, offering a bi-directional covert channel.
It's not the first time Ben-Gurion researchers came up with the technique to target air-gapped computers. Their previous research of hacking air-gap computers include:
- USBee attack that can be used steal data from air-gapped computers using radio frequency transmissions from USB connectors.
- DiskFiltration attack that can steal data using sound signals emitted from the hard disk drive (HDD) of the targeted air-gapped computer;
- BitWhisper that relies on heat exchange between two computer systems to stealthily siphon passwords or security keys;
- AirHopper that turns a computer's video card into an FM transmitter to capture keystrokes;
- Fansmitter technique that uses noise emitted by a computer fan to transmit data; and
- GSMem attack that relies on cellular frequencies.
For more details on the latest aIR-Jumper attack, you can head onto the paper [PDF] titled, 'aIR-Jumper: Covert Air-Gap Exfiltration/Infiltration via Security Cameras & Infrared (IR).'