Hacking The Aether: How Data Crosses The Air-Gap | Hackaday [BETTER]
In 2013, Michael Hanspach and Michael Goetz used the computer speakers and microphones to construct a covert channel utilizing audio modulation/demodulation on the near ultrasonic frequency range (17kHz-20kHz) and demonstrated how a covert acoustical mesh network can be conceived via ultrasonic audio communications. Fansmitter is a malware that can acoustically exfiltrate data from air-gapped computers, even when audio hardware and speakers are not present, because it utilizes the noise emitted from the CPU and chassis fans. DiskFiltration is another software that is able to exfiltrate data but it uses acoustic signals emitted from the hard drive by manipulating the movements of the hard drive actuator, using seek operations so that it moves in specific ways, generating sound.
Hacking the Aether: How Data Crosses the Air-Gap | Hackaday
So, what if you are a hacker or a government spy and you want to install malware (malicious computer software) on an air-gapped computer? How could you do it? One method involves using social engineering to trick people into inserting removable media (like a CD or USB flash drive) into the computer. This is a way to physically transport data to the computer without an internet connection, and was used to spread the Stuxnet virus in Iran (see Wired.com article in bibliography). That might be a good way to get data on to a computer, but how do you get data off the computer? What if you cannot get the USB flash drive back?
What high-tech, ultra-secure data center would be complete without dozens of video cameras directed both inward and outward? After all, the best informatic security means nothing without physical security. But those eyes in the sky can actually serve as a vector for attack, if this air-gap bridging exploit using networked security cameras is any indication.