Data from an isolated computer learned to transmit on the noise of the hard disk.

This method allows to obtain information of small volume. For example, cryptographic keys

A group of Israeli scientists has developed a new technology for data theft from PCs, which are isolated from the Internet and local networks with a low level of security. This method of protecting computer systems is called an “air gap” (air gap) and consists of physical isolation. A “gap” is considered to be various kinds of cryptographic devices that provide data transmission over a separate communication channel or a method of transmitting information on different drives instead of transmitting over a network.

Similar methods have previously been proposed by information security experts. For example, the AirHopper technology involves the use of the FM module of a mobile device to intercept and analyze the electromagnetic radiation of a PC graphics adapter. Even ordinary coolers can become a source of data leakage from a PC (the Fansmitter method). The method of obtaining private information proposed by Israeli experts, called DiskFiltration.

It involves the installation of a special program that will manipulate the disk positioner (actuator arm). The purpose of all this is to make the actuator perform movements in a certain way, making sounds in a certain order. The length of the sound wave in this case will change, and when deciphering the signals of the positioner, the specialists will receive zeros and ones. To get this information, you need to place a mobile device with a microphone near the target device. It can be a smartphone, laptop or some other device.
')
“The air gap is considered to be an almost perfect measure of PC isolation, which helps prevent data leakage. Personal information, business data - all this is stored in isolated networks. We showed that despite the degree of isolation, the data can be extracted, ” says Mordechai Guri, head of the research team.

This method can be applied not only to physically isolated from computer systems networks. It can also be used to steal data from computers that are connected to the Internet, but are protected by special software (firewalls, cryptographic systems). The results of their work, scientists outlined in an already published article.

The method developed by Israeli specialists is not too fast. So far, it should be taken as evidence of the possibility of data theft from physically isolated networks. The fact is that using this method involves installing malware on a protected computer. After installing this software, it will control the operation of the disk positioner. The data transfer rate during the experiments was 180 bits per minute. And at the same time, it should be noted that a mobile device with a microphone and a special program for intercepting sound signals should be located next to the PC from which it is necessary to steal information.



The authors who developed DiskFiltration argue that with its help it will not be possible to steal any volume data. Too slow data transfer. But secret keys, passwords - it is quite possible to consider such information. It will take a quarter of an hour to transfer a 4096-bit key.

“It has already been proven that malicious software can extract data from a PC that is protected by an“ air gap ”by transmitting ultrasound through the speakers of a protected PC. But this method depends on whether the computer has speakers. Our method, DiskFiltration, makes it possible to leak data from a PC without speakers, using acoustic signals that are generated by hard drives, ”the researchers say. In 2013, the possibility of theft of information from an isolated PC using ultrasound was shown by specialists from Germany.

DiskFiltration works even if the hard disk is very quiet. The most effective method of protection against DiskFiltration is using SSD instead of hard drives and hybrid SHDD drives. If this is not possible for some reason, the sound that makes a mechanical disc can be jammed with a special protective housing. The acoustic method of protection also performed well - in this case it is enough to generate a static acoustic signal. And the last thing that DiskFiltration developers advise is to avoid the appearance of devices with a microphone near isolated PCs.