How to Attack a Disconnected Computer

Abstract

This poster presents how a disconnected computer, that has no network access, can be attacked to retrieve data. Air-gapped devices are thought to be an impenetrable setup because the device is disconnected from the network and cannot be reached by an attacker. Therefore, an infected air-gapped computer cannot affect others around it preventing any potential information leaks. People believe/assume that leaking information from an air-gapped machine is impossible. This research effort invalidates this assumption by exploring possible covert channels to get data from victim machines. We take advantage of a hidden acoustic channel that employs the computer speakers and a tiny audio recording device to communicate sensitive data over inaudible near-ultrasonic signals. Data stored on this device can then be processed and displayed as useful information on the attacker's computer. Hacking methods and the search for new system exploits are being continuously developed and new techniques to obtain data unlawfully are on the rise. Therefore, this work alerts organizations regarding potential threats that they typically ignore by assuming that air-gapped systems are safe. In the past, security researchers have not devoted sufficient time and effort to innovate counter measures for such niche but capable attacks. Spreading awareness is one of the main objectives of this project. This is done by demonstrating that data can be stolen from an 'air-gapped' computer, by using methods that people neglect to consider when coming up with plans to protect their computers from attackers. An experiment, such as this, will hopefully push the security field researchers and developers to explore the uncommon methods of unlawful data acquisition and their prevention.