Modechai Guri: the guy who gets data out of airgapped computers

Computers that are isolated from the internet and local networks are said to be "airgapped," and it's considered a best practice for securing extremely sensitive systems.


Ben Gurion University Cybersecurity Research Center director Mordechai Guri (previously) has built a career on finding clever ways to bridge the airgap: writing proof-of-concept malware that transmits sensitive data by modulating the hum of a computer's fan, or the heat radiating off of its chassis, or the pattern of blinkenlights from its hard-drive LEDs.

Guri's research began after he observed that while there was a lot of security research devoted to theoretical ways to get data into a computer that has been airgapped, no one was thinking about exfiltration (getting the data out). He operates on the assumption that the target airgapped computer has already been infected (say, via a BadUSB-borne attack, or by infecting it in transit to its user).

A new attack from Guri's team, MAGNETO, "that
controls
the
magnetic
fields
emanating
from the computer by regulating
workloads
on
the
CPU
cores," while "a smartphone
located
near
the
computer
receives
the
covert
signals
with
its
magnetic
sensor." This works even with phones and computers that are protected by Faraday cages, and can be effected even by programs running inside virtual machines.


Guri says he remains so fixated on the specific challenge of air gap escapes in part because it involves thinking creatively about how the mechanics of every component of a computer can be turned into a secret beacon of communication. "It goes way beyond typical computer science: electrical engineering, physics, thermodynamics, acoustic science, optics," he says. "It requires thinking 'out of the box,' literally."

And the solution to the exfiltration techniques he and his team have demonstrated from so many angles? Some of his techniques can be blocked with simple measures, from more shielding to greater amounts of space between sensitive devices to mirrored windows that block peeping drones or other cameras from capturing LED signals. The same sensors in phones that can receive those sneaky data transmissions can also be used to detect them. And any radio-enabled device like a smartphone, Guri warns, should be kept as far as possible from air-gapped devices, even if those phones are carefully stored in a Faraday bag.

But Guri notes that some even more "exotic" and science fictional exfiltration methods may not be so easy to prevent in the future, particularly as the internet of things becomes more intertwined with our daily lives. What if, he speculates, it's possible to squirrel away data in the memory of a pacemaker or insulin pump, using the radio connections those medical devices use for communications and updates? "You can't tell someone with a pacemaker not to go to work," Guri says.

Systems
and
Nearby Smartphones
via
CPU-Generated
Magnetic
Fields
[Mordechai Guri,
Andrey Daidakulov and Yuval Elovici/Ben-Gurion University of the Negev
Cyber Security Research Center]

ODINI : Escaping Sensitive Data from
Faraday-Caged, Air-Gapped Computers via
Magnetic Fields
[Mordechai Guri, Boris Zadov, Andrey Daidakulov and Yuval Elovici/Ben-Gurion University of the Negev
Cyber Security Research Center

Mind the Gap: This Researcher Steals Data With Noise, Light, and Magnets [Andy Greenberg/Wired]