Abstract
Modern corporations physically separate their sensitive computational infrastructure from public or other accessible networks in order to prevent cyber-attacks. However, attackers still manage to infect these networks, either by means of an insider or by infiltrating the supply chain. Therefore, an
attacker’s main challenge is to determine a way to command and control the compromised hosts that are isolated from an accessible network (e.g., the Internet). In this paper, we propose a new adversarial model that shows how an air gapped network can receive communications over a covert thermal channel. Concretely, we show how attackers may use a compromised air-conditioning system (connected to the internet) to send commands to infected hosts within an air-gapped network. Since thermal communication protocols are a rather
unexplored domain, we propose a novel line-encoding and
protocol suitable for this type of channel. Moreover, we provide
experimental results to demonstrate the covert channel's
feasibility, and to calculate the channel’s bandwidth. Lastly, we
offer a forensic analysis and propose various ways this channel can
be detected and prevented.
We believe that this study details a previously unseen vector of
attack that security experts should be aware of.
attacker’s main challenge is to determine a way to command and control the compromised hosts that are isolated from an accessible network (e.g., the Internet). In this paper, we propose a new adversarial model that shows how an air gapped network can receive communications over a covert thermal channel. Concretely, we show how attackers may use a compromised air-conditioning system (connected to the internet) to send commands to infected hosts within an air-gapped network. Since thermal communication protocols are a rather
unexplored domain, we propose a novel line-encoding and
protocol suitable for this type of channel. Moreover, we provide
experimental results to demonstrate the covert channel's
feasibility, and to calculate the channel’s bandwidth. Lastly, we
offer a forensic analysis and propose various ways this channel can
be detected and prevented.
We believe that this study details a previously unseen vector of
attack that security experts should be aware of.
Original language | English |
---|---|
Title of host publication | Depth Security |
Pages | 1-10 |
Number of pages | 10 |
Volume | II |
DOIs | |
State | Published - Mar 2017 |