HVACKer: Bridging the Air-Gap by Attacking the Air Conditioning System

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review


Modern corporations physically separate their sensitive computational infrastructure from public or other accessible networks in order to prevent cyber-attacks. However, attackers still manage to infect these networks, either by means of an insider or by infiltrating the supply chain. Therefore, an
attacker’s main challenge is to determine a way to command and control the compromised hosts that are isolated from an accessible network (e.g., the Internet). In this paper, we propose a new adversarial model that shows how an air gapped network can receive communications over a covert thermal channel. Concretely, we show how attackers may use a compromised air-conditioning system (connected to the internet) to send commands to infected hosts within an air-gapped network. Since thermal communication protocols are a rather
unexplored domain, we propose a novel line-encoding and
protocol suitable for this type of channel. Moreover, we provide
experimental results to demonstrate the covert channel's
feasibility, and to calculate the channel’s bandwidth. Lastly, we
offer a forensic analysis and propose various ways this channel can
be detected and prevented.
We believe that this study details a previously unseen vector of
attack that security experts should be aware of.
Original languageEnglish GB
Title of host publicationDepth Security
StatePublished - 2017


Dive into the research topics of 'HVACKer: Bridging the Air-Gap by Attacking the Air Conditioning System'. Together they form a unique fingerprint.

Cite this