Once upon a time, air-gapped computers were impossible to breach. That is no longer the case. Jack Wallen offers security advice for those who deploy such machines.
Air gapping is a technique that dates back to pre-internet computers. Effectively, an air-gapped computer stands alone, with no network connection. By isolating a computer from the internet, it is thought the data contained within the air-gapped computer is 100% safe from hacking.
Understand this...when humans are involved, nothing is 100%. However, does that mean you should reconsider that air-gapped solution for uber-sensitive data? Not necessarily.
Let's consider a few things.
SEE: Special report: Cyberwar and the future of cybersecurity (free ebook) (TechRepublic)
How an air-gapped machine is breached: The easy method
First, I'll explain the easiest and most common method of breaching an air-gapped computer.
In order to gain access to an air-gapped machine, one would need a human to serve as the intermediary. For instance, gain the trust of an employee, and have them attach USB devices (a Wi-Fi dongle, a flash drive, etc.) and that machine is breached. This method requires a willing subject to do the bidding of those in need of hacking that particular system to exfiltrate the data.
How do you avoid this? Depending upon the nature of the data contained within the air-gapped system, you should only allow certain staff members access to the machine. This might require the machine to be locked away in your data center or in a secured room on the premises. If you don't have a data center or a dedicated room that can be locked, house the computer in the office of a high-ranking employee.
Ah, but there's the rub...that employee is still human and, thereby, a weak link in the chain. This is where air gapping shows its glaring problem: accountability. Are your employees trustworthy? Have they been vetted thoroughly enough that you can trust them with that air-gapped machine?
There's one thing you can do to help prevent this: lock up USB ports. A company called Lindy makes a product called a USB Port Blocker that blocks access to USB ports. If you're really unsure about those employees, purchase a few of these blockers and insert them into the USB ports of the air-gapped machine. No, it's not a perfect solution—someone could come along, pull out the USB mouse, and insert the offending tech. And you certainly don't want to get around this by employing a Bluetooth keyboard/mouse, because Bluetooth signals can be hacked.
How an air-gapped machine is breached: The difficult method
There have been a number of proof-of-concept attacks on air-gapped computers.
- Using an FM receiver, a hacker can tune into the FM signal emitted from the graphics card to spy on what is displayed on the computer display (this is called a TEMPEST attack).
- Covert acoustical mesh networks are created within a machine by inaudible (to the human ear) sounds. Using built-in microphones and speakers, an attacker can transmit data to a distance of roughly 65 feet.
- A light attack was highlighted at the 2014 Black Hat Europe conference wherein a hacker could shine a light (visible or infrared) into the room where the air-gapped computer was connected to a multi-function printer scanner (while a scan is in progress) to receive and send attacks.
Let's think about these attacks. The fact that these are all proof-of-concept means they:
- are challenging to execute at best;
- are dependent upon numerous conditions to be in place; and
- have been developed by security experts for research purposes only.
Most of these air-gapped breaches were pulled off simply to raise security awareness. However, cybercriminals don't tend to make their work known until it's too late, which means there could be air-gapped attacks in the works we don't know about. Even so, the perfect execution involved in such an attack makes them less likely than a simple act of socially engineering a staff member to insert a USB drive into the air-gapped machine. Now for the big question: Is it likely or unlikely that your staff could be conned?
How to secure air-gapped machines
Many users and companies rest easy, assuming their networks and servers are secure. Why? Because they pay staff to ensure that protection.
But even the best IT staff can become complacent, miss a configuration option, or be completely unaware of a next-level hack such as these proof-of-concept air-gap hacks. And considering humans are fallible, it is not beyond the realm of possibility that your air-gapped machine is one USB drive from being hacked.
If you're concerned about the data on your air-gapped machine, I highly recommend that you:
- secure that machine either offsite or in a safeguarded room;
- make sure all cables to the machine are properly shielded (don't cut corners on cables here);
- plug unused USB slots with the USB Port Blocker;
- turn the machine off when it is not in use (and unplug it from power);
- replace standard drives with SSD; and
- encrypt your data.
Ultimately, air-gapping machines should be considered a viable solution for sensitive data that doesn't need to be accessed over a network. With a few simple precautions, you can avoid that data getting into the wrong hands.
- Air-gapped computers are no longer secure (TechRepublic)
- Interview with a hacker: Gh0s7, leader of Shad0wS3c (TechRepublic)
- Interview with a hacker: S1ege from Ghost Squad Hackers (TechRepublic)
- The 18 most frightening data breaches (TechRepublic)
- Experts predict 2017's biggest cybersecurity threats (TechRepublic)
- Security awareness and training policy (Tech Pro Research)