Bridging airgaps for amateurs

I’ve pointed out before that air gapping (for example, keeping military networks physically separated from the internet) is a very weak mechanism in a world where most devices have microphones and speakers. Devices can communicate using audio, at frequencies humans in the room can’t hear; so that real air gapping requires keeping the two networks separated by distances or soundproofing good enough to prevent this kind of covert channel. The significance of this channel is underappreciated — it’s common even in secure environments to find internet-connected devices in the same room as secure devices.

The ante has been upped a bit by Google’s introduction of Tone, a Chrome add-on that communicates via the audio channel to allow sharing of URLs, in sort of the same way that Palm Pilots used to communicate using infrared. Adapting this app to communicate even more content is surely straightforward, so even amateurs will be able to use the audio channel. Quite apart from the threat to military and intelligence systems, there are many other nasty possibilities, including exfiltrating documents and infecting with malware that can exploit this new channel. And it doesn’t help that its use is invisible (inaudible).

The introduction of LiFi, which will bring many benefits, also introduces a similar side channel when most devices have a camera and a screen.

A world in which cybersecurity is conceived of as a mechanism of walls and gates is looking increasingly obsolete when the network is everywhere, and every gate has holes in it.


0 Responses to “Bridging airgaps for amateurs”

  1. Leave a Comment

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s


%d bloggers like this: