The idea that standalone computers – not connected to the web – and a web that is beyond, above and below our existing, known www is an appealing idea for those who are concerned about protecting data from prying eyes.
Where ultra-high security is needed, air-gapped systems are standalone computers, not connected to any other device which is itself connected to the web.
At Ben Gurion University in Israel, researchers have just come up with a way to retrieve data from air-gapped systems ‘using only heat emissions and a computer’s built-in thermal sensors.’
And those who thought if there was another internet fed by servers not connected to the one we know about, then we’ll be safe – criminals will not know about it – can now get into the Deep Web, but it will not be secret. Criminals and/or law enforcement will still know.
Stealing Data Through Heat
As we know, computers produce vast amounts of heat, especially when processing at every possible level. The built-in thermal sensors trigger internal fans as they monitor heat fluctuations.
According to a report from security writer Kim Zetter on Wired those researchers at Ben Gurion have now harnessed the sensors ‘to send commands to an air-gapped system or siphon data from it.’
This could be made into an attack. They are calling it BitWhisper and it works like Morse Code with temperature changes translated into a binary 1 or 0. She said, ‘to siphon data from an air-gapped system generally requires physical access to the machine, using removable media like a USB flash drive or a firewire cable to connect the air-gapped system directly to another computer.’
The nub of it is: a way ‘to surreptitiously siphon passwords or security keys from a protected system and transmit the data to an internet-connected system that’s in close proximity and that the attackers control. They could also use the internet-connected system to send malicious commands to the air-gapped system using the same heat and sensor technique.’
As it stands, both systems need to be infected with malware and any attack will only transmit eight bits of data over an hour. Also, the air-gapped standalone must be no more about 15 inches (40 centimeters) from the one the attackers control. This of course, is easy to see in offices where workers have two systems side by side on their desks.
It can only develop further with gaps between the standalone and connected devices getting bigger and the capacity and speed of transmission to grow. Other research is ongoing using acoustic, inaudible, optical and electromagnetic channels.
The suggestion is that the Internet of Things could become ‘an attack vector’ and that other institutions and security services must also be experimenting along these lines.
Deep Web Is Unchartered Waters
Most people have heard of the Deep Web. CNN Money (USA) have a good explanation of it in which they reckon only about 1% of the entire World Wide Web is occupied by all the bits we know – Facebook, Google, Apple, Amazon, Wikipedia, you and me.
The article claims ‘when you surf the Web, you really are just floating at the surface. Dive below and there are tens of trillions of pages — an unfathomable number — that most people have never seen. They include everything from boring statistics to human body parts for sale (illegally).’
When you search or ask a question, dynamic pages are not captured. ‘When the web crawler arrives at a database, it typically cannot follow links into the deeper content behind the search box. Google and others also don’t capture pages behind private networks or standalone pages that connect to nothing at all. These are all part of the Deep Web.’
But as CNN Money said, ‘Then there’s Tor, the darkest corner of the Internet. It’s a collection of secret websites ending in .onion that require special software to access them. People use Tor so that their Web activity can’t be traced – it runs on a relay system that bounces signals among different Tor-enabled computers around the world.’
It’s the nearest thing to a standalone web system that we know a little about. But we can rest assured that security services everywhere (along with criminals and terrorists, presumably) are trawling into it to make sure it is no longer standalone, but part of the network they need to protect us all.
And advertise to us.
Other related blogs you should see:
Fighting to Hold On to Your Personal Data, 9 March 2015
China’s Great Wall of Encryption Keys, Hacker-proof Cyber Security, 1 December 2014
Indestructible Cloud-Systems Inspired by the Cockroach, 23 September 2014
Image: Harland Quarrington/MOD
The standalone computer or web may not be safe
tags: standalone computers, Tor, Dark Web, air-gapped systems