Home / News & Videos / News / Homeland & Cyber Security /

BitWhisper: Putting the Heat on Air-Gapped Computers

BitWhisper: Putting the Heat on Air-Gapped Computers

March 24, 2015

Homeland & Cyber Security, Press Releases

BEER-SHEVA, Israel, March 24, 2015 – Ben-Gurion University of the Negev (BGU) researchers have discovered a new method to breach air-gapped computer systems called “BitWhisper” which enables two-way communications between adjacent, unconnected PC computers using heat.

Two air-gapped PCs positioned in the parallel layout. Using BGU’s BitWhisper, the left computer transmits a command that instructs the right computer to calibrate and fire a USB game rocket.

Two air-gapped PCs positioned in the parallel layout. Using BGU’s BitWhisper, the left computer transmits a command that instructs the right computer to calibrate and fire a USB game rocket.

The research, conducted by Mordechai Guri, Ph.D. is part of an ongoing focus on air-gap security at the BGU Cyber Security Research Center. Computers and networks are air-gapped when they need to be kept highly secure and isolated from unsecured networks, such as the public Internet or an unsecured local area network. Typically, air-gapped computers are used in financial transactions, mission critical tasks or military applications.

According to the researchers, “The scenario is prevalent in many organizations where there are two computers on a single desk, one connected to the internal network and the other one connected to the Internet. BitWhisper can be used to steal small chunks of data (e.g. passwords) and for command and control. View BitWhisper video demo.

BGU’s BitWhisper bridges the air-gap between the two computers, approximately 15 inches (40 cm) apart that are infected with malware by using their heat emissions and built-in thermal sensors to communicate. It establishes a covert, bi-directional channel by emitting heat from one PC to the other in a controlled manner. By regulating the heat patterns, binary data is turned into thermal signals. In turn, the adjacent PC uses its built-in thermal sensors to measure the environmental changes. These changes are then sampled, processed, and converted into data.

“These properties enable the attacker to hack information from inside an air-gapped network, as well as transmit commands to it,” the BGU researchers explain. “Only eight signals per hour are sufficient to steal sensitive information such as passwords or secret keys. No additional hardware or software is required. Furthermore, the attacker can use BitWhisper to directly control malware actions inside the network and receive feedback.”

Mordechai Guri, Ph.D., a student researcher in BGU’s Department of Information Systems Engineering, working under Prof. Yuval Elovici, director of the Cyber Security Research Center, recently received the prestigious 2015-2016 IBM Ph.D. Fellowship Award.

American Associates, Ben-Gurion University of the Negev

American Associates, Ben-Gurion University of the Negev plays a vital role in sustaining David Ben-Gurion’s vision, creating a world-class institution of education and research in the Israeli desert, nurturing the Negev community and sharing the University’s expertise locally and around the globe. With some 20,000 students on campuses in Beer-Sheva, Sede Boqer and Eilat in Israel’s southern desert, BGU is a university with a conscience, where the highest academic standards are integrated with community involvement, committed to sustainable development of the Negev.

Media Contact:
Andrew Lavin
A. Lavin Communications
516-944-4486
alc@alavin.com