Pierluigi Paganini
August 12, 2016
We are aware that air-gapped networks aren’t totally secure, security experts have devised several methods to exfiltrate information across the years.
The last technique presented by a group of researchers was dubbed ‘DiskFiltration’ and relies on acoustic signals emitted from the hard drive of computers in air-gapped networks to exfiltrate data.
The DiskFiltration technique was devised by Mordechai Guri, Yosef Solewicz, Andrey Daidakulov, and Yuval Elovici from the Ben-Gurion University.
The team of researchers also published a detailed analysis of its technique is paper titled “DiskFiltration: Data Exfiltration from Speakerless Air-Gapped Computers via Covert Hard Drive Noise.”
The DiskFiltration technique works by manipulating the movements of the hard drive’s actuator, which is the arm that accesses specific parts of disk allowing read or write data.
The movements of the actuator are called seek operations, they could be used to discover the content access on the hard drive, including passwords and cryptographic keys.
The researchers also published a video Proof-of-Concept of the method.
The attack method is effective in a range of six feet, it could be used to transfer 180 bits per minute, a speed that could allow exfiltrating a 4096-bit key in about 25 minutes.
The DiskFiltration technique is effective works even the hard drive has in place systems to reduce acoustic noise. The experts noticed that casual noise emissions from other running processes can sometimes interfere with their technique.
“Since our covert channel is based on HDD activity, casual file operations of other running processes may interfere with the transmissions and interrupt them.” the researchers wrote in their paper.
The DiskFiltration technique, like other used to steal data from air-gapped networks, could be useful also to exfiltrate information from Internet-connected systems whose network traffic is carefully monitored and inspected.
