The lights would flicker at specific rates and these flickers could transmit data that could be seen by a telescope-like instrument from outside the lab. The most recent subject of their research was using ordinary light bulbs. The BGU researchers have come up with more than a dozen different ways to bridge these air gaps by using other ways to transmit data over the air, typically by using light, sound and radio frequencies.
In the movie, one of the NSA analysis claims that they could always find a way around air gaps, and Stuxnet is a good example of how hard they had to work to do so. It was released in 2016 and goes into a lot more detail about how the worm came to be created. If you want to learn more about Stuxnet, you can rent the movie called ZeroDay s that was written and produced by Alex Gibney. Obviously, someone went to great lengths to create Stuxnet – which only worked under these limited circumstances and only could cause harm to a particular Siemens centrifuge controller – but still it is an example of how even the best planned air gaps can have their weaknesses. It was accomplished by infecting an Internet-attached PC that was looking for USB thumb drives attached to the infected PCs.Įven though the centrifuges were controlled by air-gapped PCs, Stuxnet’s designers knew that eventually the firmware for the controllers had to be updated, and to do that required the code to be first downloaded to a USB drive from an Internet-connected PC and then carry the USB drive into the plant’s protected area. It contained specialized code to take over the nuclear centrifuges that were running in this plant and deliberately overspin and damage them. It was specifically designed to get inside the Iranian nuclear facility at Natanz. I wrote about its creation for ReadWrite here and we blogged about its implications here. The most infamous air gap situation surrounded the use of the Stuxnet worm. There are many secure installations that I have visited over the years where I have seen the two computers sitting side-by-side on someone’s desk. Information that resides on the latter PC is supposed to be “air gapped” – meaning that it is unreachable because it isn’t connected to anything other than its source of electric power. The basic concept is to have two computers: one is connected online, and one isn’t. Air gaps are a funny thing because they give folks a false sense of security.
0 kommentar(er)
