Research emerged during 2015 that air-gapped computers might not be as secure as many once thought. This breakthrough has significant implications for corporate cyber security, especially within companies that are using the air-gapping method to protect their vital data and their networks.
What is air-gapping?
Air-gapping is basically a security measure that involves removing a computer from the network, so that it can’t establish an external connection. Physically segregated and incapable of forming wireless connections, the computer has an ‘air gap’ between it and the next device, in order to protect its contents.
Air-gapping is most commonly used by military and government organisations, as well as financial systems within stock exchanges and banks. Anyone handling sensitive information, including reports or human rights organisations working abroad, is also encouraged to use air-gapping to maintain a stable software environment that is supposedly immune to hacking.
Why is it not secure?
Researchers from various universities and institutes have discovered ways to steal information from air-gapped devices. A team from Ben-Gurion University in Israel found that old-fashioned 2G mobile phones can target air-gapped computers – and though the amount of data that the phone can extract is small, it can still be used to pull passwords, encryption keys and other essential data within minutes.
Researchers from the university also found that they could extra data from greater distances if they used a dedicated receiver. They could be as many as 30m away, and still able to extract data.
A separate team at Georgia Institute of Technology also found that they could exploit ‘side-channels’ to capture keystrokes from a certain computer. Side-channels come in various different types: acoustic, power, electromagnetic, and cache, and they can be emitted from any air-gapped computer. If picking up the signals with the right device, hackers could potentially pick up on keystrokes from the computer itself, which could also enable them to steal essential data.
The bigger picture for cyber security
Air-gaps can’t be exploited to extract large amounts of data – but sensitive data nowadays is often locked down in smaller amounts of data. This could allow hackers to access various pieces of sensitive data – passwords, encryption keys and much more. With this information in their hands, the potential for cybercrime would skyrocket.