The weak-point is the shared USB device that copies from one machine to another which seems to defeat the whole purpose of being air-gapped - you could have printed-and-OCR'd data three decades ago so the air-gapped machine is never reading anything from outside at all, these days a video stream and AI could probably automate that?
I created such a system (though to transfer Bitcoin Transactions/Signatures from an airgapped system). The problem is that if you have a lot of bi-directional traffic, you'd want to automate the process of scanning/storing the information. Suddenly, you just have a slow USB device.
What you want is to minimize your data to less than a 1Kb so that it can be manually transmitted.
The things are much easier: two parts, one has blinking LED, another is photosensor. This is called "data diode" and there is a lot of them.
Here is a random vendor with nice pictures: https://owlcyberdefense.com/learn-about-data-diodes/
An optic fiber.
I can definitely imagine use cases where a network is air gapped internally for security but bidirectional transfer still takes place. The point is that humans are supposed to be in control of exactly what is transferred, in both directions (not feasible with a network connection, to my knowledge).
Surely some government has come up with physically-unidirectional data transmission mechanisms for getting data onto airgapped networks. There has to be something more sophisticated than single-use CD-ROMs, even if it's just a blinking LED on one end and a photosensor on the other end.
> There has to be something more sophisticated than single-use CD-ROMs
But why, when a DVD-R handles most use cases at a cost of < $0.25 each, are reliable and ubiquitous, the hardware is likely already there (unless you are using Apple - caveat emptor) and they close the threat vector posed by read/write USB devices.
Sometimes the simplest solution is the best solution.
I would guess having a CD/DVD drive opens another attack surface. Similar to why people gluing their USB ports closed.
Right — but the question isn’t CD/DVD versus nothing. It’s CD/DVD versus USB; and which has a smaller attack surface.
I’d argue that read-only CD/DVD has a smaller attack surface than USB, so of the two, it’s preferable. I’d further argue that a CD/DVD (ie, the actual object moved between systems) is easier to inspect than USB devices, to validate the behavior.
DVD-R is read/write unless you are very careful to have read-only hardware on the destination device.
Data diodes are commonly used: https://csrc.nist.gov/glossary/term/data_diode
I don't know if people class something connected using a data diode as airgapped or not.
Regular two-way IR diodes and sensors were standard on 90's business laptops for ordinary RS-232 file transfer between machines wirelessly. Before wifi or even ethernet was everywhere, and before USB and Bluetooth came along. The first smartphones had it too so you could dial up the internet on the road in the years before phones had a browser and stuff like that.
Yes. …and, indeed, that used to be a vector for hacking “air gapped” systems back in the day
Yeah they exist. Data diodes or data guards. They operate at currently available line speeds and there are 100s of thousands in operation. Data diodes are favored by OT companies. For government, Data Guards as they tend to have more robust inspection
I have heard (on HN) of... 100 MBit ethernet with the transmit wires cut. Probably in the context of in-flight infotainment: plane data to infotainment yes, infotainment anything to plane control anything no. If it's stupid but it works...
Which ironically describes them evolving into software driven gateways.
Good old UART without the RX connected on one side.
Lol. Even if it's with the QR code, it will not be safe. If you can read a bit, you can read a file. Security is a mote, and the hacker is a catapult. Any sufficiently complex system, any metric of security will be incomplete or ignoring that Turning complete and uncomputable. Security is about intelligence in all layers of the stack, from the electron to the application and even the front door. A USB exploit attacks a driver or the OS. A QR code attacks the application. There are other ways to exploit besides breaking and entering. Sometimes it's about influence. In the age of AI, the entire internet and all knowledge could be shifted to reframe a single organization to make an exploit possible. Pandora's box is wide open. It's pouring out. Even a machine on the internet can be secure, but an air gap is only the transport layer. It's a false sense of security. You need to be worried about the full stack because that's the only way to be safe, to never be safe, the eternal guard and gaze. The vigilance. Security in layers. Security in depth.
Arguably the qr-code based approach would be much safer, as it would be much simpler to implement and audit.
Moving a USB key between two windows machines sounds as bad of an idea as it can get for airgapped data exchange.
Only if it's done right; when I first made this image, the scanners built into phones straight up executed the JavaScript: https://benwheatley.github.io/blog/2017/04/2017-04-10-11-15-...
> The weak-point is the shared USB device that copies from one machine to another which seems to defeat the whole purpose of being air-gapped...
Yup. I was going to post that TFA and the people at these embassies apparently have a very different definition of what people consider an air-gapped system.
Pushing the non-sense a bit further you could imagine they'd recreate ethernet, but air-gapped, using some hardware only allowing one packet in at a time, but both ways:
"Look ma, at this point in time it's not talking to that other machine, so it's air-gapped. Now it got one packet, but it's only a packet in, so it's air-gapped! Now it's sending only a packet out, so it's air-gapped!".
Yeah. But no.
> TFA and the people at these embassies apparently have a very different definition of what people consider an air-gapped system.
And Wikipedia? Which says:
> To move data between the outside world and the air-gapped system, it is necessary to write data to a physical medium such as a thumbdrive, and physically move it between computers.
Source: https://en.m.wikipedia.org/wiki/Air_gap_(networking)#Use_in_...
Reminds me of the time I was looking after a SECURE system: One of the tasks was the daily update of the antivirus. So I would grab the blessed stick, insert it into the Internet-PC, and using FTP would download the latest antivirus update. Then I'd walk over to the SECURE system, insert the stick, and run the exe from the stick. There, system SECURED for today!
Norton, trust no other!
That sounds like an ideal attack vector! Norton and other AV have elevated privileges with an opaque data format ready to be exploited.
Unless I'm missing something, this doesn't rely on something really advanced and low-level like USB drive firmware, but a classic flaw that's existed in Windows for almost 30 years:
It is probable that this unknown component finds the last modified directory on the USB drive, hides it, and renames itself with the name of this directory, which is done by JackalWorm. We also believe that the component uses a folder icon, to entice the user to run it when the USB drive is inserted in an air-gapped system, which again is done by JackalWorm.
It's just another variant of the classic .jpg.exe scam. Stop hiding files and file extensions and this hole can be easily closed.
I’m a bit disappointed the mechanism to exfiltrate data is based on sharing the USB between an internet-connected and air gapped devices. It would have been cool if it used some other side channel like acoustic signals.
I felt like the article spent way too many words to explain the idea of "the agency shared data across the air gap using USB drives, and a vulnerability was used to surreptitiously copy the malware onto the USB and then onto the target machine", and AFAICT none on explaining what that vulnerability is or why it exists (or existed). Then the rest is standard malware-reversing stuff that doesn't say anything interesting except to other malware reverse engineers. The inner workings of the tools aren't interesting from a security perspective; the compromise of the air gap is.
(As for acoustic etc. side-channel attacks: these would require a level of physical access at which point the air gap is moot. E.g. if you can get a physical listening device into the room to listen to fan noise etc. and deduce something about the computation currently being performed, and then eventually turn that into espionage... you could far more easily just directly use the listening device for espionage in the form of listening to the humans operating the computers.)
There was no novel vulnerability. The pwned machine just replaced a recently-accessed folder on the stick with an exe to trick the user into executing it on the target machine.
Such side channel attacks are academic. In fact someone on HN pointed out there's a researcher that invents new ones by the dozen and media run with it whenever he presents another one.
I mean, someone who researches security of airgap computers continually coming up with new ways to break them, seems like the expected outcome. Its their job after all.
I would start by asking what they need computers for.
You don't really need one to read text from a screen. Of that most would be old documents that for the most part should be public. What remains besides reading is most likely 95% stuff they shouldn't be doing.
The most secure part is the stuff we wish they were doing.
I’m having a real hard time understanding what this comment is saying. Are you asking what high side computers are used for besides reading classified information?
The foundations of computer science were once, mostly academic.
You probably mean Dr. Moderchai Guri - all his Arxiv mentions (a lot!) are for unconventional tactics for compromising airgapped systems.
One of my favorite hacks of yore was somehow some folks managed to compromise the iPod to that point that they could run some of their code, and make a beep.
They compressed the ROM, and "beeped" it out, wrapping the iPod in an acoustic box, recording it, and then decoding it to decode the ROM.
Just wait till neuralink gets hacked and people themselves become the side channel.
This is the plot of most of Ghost in the Shell. That series looks more and more prescient as time goes on. Another big plot point is that most of the internet is just AIs talking to each other. 10 years ago that sounded ridiculous, now not so much.
"Ralfi was sitting at his usual table. Owing me a lot of money. I had hundreds of megabytes stashed in my head on an idiot savant basis, information I had no conscious access to. Ralfi had left it there. He hadn't, however, came back for it." -- Johnny Mnemonic, William Gibson, 1981
Also how super-sensitive may be kept on physical books and papers, albeit in a form scannable by optic implants.
It is my view that television and other propaganda can hack persons.
You might like the movie Videodrome[0].
the-computer-wears-sneakers-net
I am not sure why you are being downvoted. Just like fridges, cars, ovens gained internet access, enhanced humans will be extremely likely to be, eventually -- and possibly with interesting consequences -- hacked.
Like the January 6 question, I’m assuming that anyone who had a neuralink would likely be ineligible for any sort of clearance to access information like this.
I am not as certain. Sure, Musk and his product are no longer 'cool' given his move to US political right faction, but tech is tech. Some tried banning cell phones and whatnot and the old guard there had to adjust their expectations.
In short, I am not sure you are right about it. If anything, and I personally see it as a worst case scenario, use of that contraption will be effectively mandatory the way having cell phone is now ( edit: if you work for any bigger corp that and and want to log from your home ).
That's not really true, in that context security will largely be a solved problem.
Using chips with a secure architecture, safe languages and safe protocols is going to result in secure implants.
Not to say there might not be some new vulnerability, but I disagree with this idea people love to repeat that security is impossible.
What are you smoking, we hear about breaches of super important databases all the time and that doesn't seem to convince any company to give a single shit more than just enough to avoid negligence. Not to mention social media's entire business model is hacking people - keep them on your platform by any means necessary.
Security will never be a "largely solved problem", when there are humans involved (and probably even when humans are not involved).
There is no technical solution to people uploading high res photos with location metadata to social network de jour. Or the CEO who wants access to all his email on his shiny new gadget. Or the three letter agency who think ubiquitous surveillance is a great way to do their job. Or the politician who can be easily convinced the backdoors that can only be used by "the good guys" exist. Or the team who does all their internal chat including production secrets in a 3rd party chat app, only to have them popped and their prod credentials leaked on some TOR site. Or the sweatshop IT outsourcing firm that browbeats underpaid devs into meeting pointless Jira ticket closure targets. Or the "move fast and break things" startup culture that's desperately cutting corners to be first-to-market.
None of the people involved in bringing "enhanced human" tech to market will be immune to any of those pressures. (I mean, FFS, in the short term we're really talking about a product that _Elon_ is applying his massive billionaire brain to, right? I wonder what the media friendly equivalent term to "Rapid Unscheduled Disassembly" for when Nerualink starts blowing up people's brains is going to be?)
> Security will never be a "largely solved problem", when there are humans involved (and probably even when humans are not involved).
It absolutely will. I didn't say completely solved, I said largely solved.
> There is no technical solution to people uploading high res photos with location metadata to social network de jour.
Bad example honestly, since most social media sites strip out exif data by default these days. Not sure there are any that don't.
> Or the CEO who wants access to all his email on his shiny new gadget. Or the three letter agency who think ubiquitous surveillance is a great way to do their job. Or the politician who can be easily convinced the backdoors that can only be used by "the good guys" exist. Or the team who does all their internal chat including production secrets in a 3rd party chat app, only to have them popped and their prod credentials leaked on some TOR site. Or the sweatshop IT outsourcing firm that browbeats underpaid devs into meeting pointless Jira ticket closure targets. Or the "move fast and break things" startup culture that's desperately cutting corners to be first-to-market.
Yes yes, humans can be selfish and take risks and be bribed and negligent and blah blah blah.
The context of the comment was in neuralink implants getting hacked the way an out of date smart tv might. As when it comes to the actual tech, security will be a solved problem, because most of the problems we see today are due to everything being built on top of insecure foundations on top of insecure foundations.
You can already hack people by just telling them things. Many of them will do dumb shit if you just use the right words.
Isn't doomed. Over and above, one must employ language that will disorient in punctuated chronology.
I like the analogy. Lets explore it a little.
<< You can already hack people by just telling them things.
True, but language fluctuates, zeitgeist changes and while underlying techniques remain largely the same, what nationstate would not dream of being able to simply have people obey when it tells them to do behave in a particular way. Yes, you can regimen people through propaganda, but what if it you could do it more easily this way?
To offer a contributory not-really-metaphor for viewing things: After a "grey goo" apocalypse covers the world in ruthlessly replicating nanobots, eventually there arise massive swarms of trillions of allied units that in turn develop hivemind intelligences, which attempt to influence and "hack" one-another.
I am one of them, so are you, and I just made you think of something against--or at least without--your will.
> True, but language fluctuates, zeitgeist changes and while underlying techniques remain largely the same
This applies to software as well
> Yes, you can regimen people through propaganda, but what if it you could do it more easily this way?
Widespread use of BCIs would help with this for sure, but don’t be under the impression that individual and population level manipulation techniques haven’t progressed well past simple propaganda.
<< don’t be under the impression that individual and population level manipulation techniques haven’t progressed well past simple propaganda.
I absolutely buy it based merely on the glimpse of the document from various whistleblowers over the years. At this point, I can only imagine how well oiled a machine it must be.
Certainly people would like an API for others without needing to reverse engineer them. Agreed that there is a threshold of simplicity past which it becomes easier to organize than having to give speeches and run propaganda.
> I am not sure why you are being downvoted.
Trigger-happy emotional non-intelligence.
if Neuralink became pervasive like smartphones I'd join the Amish
tldr: The breach relied on careless human(s) using USB key to and from the air-gapped systems. All the clever technology would have been for naught had the staff used robust physical security procedures.
What protocol would you have recommended?
I don't know, but maybe DO NOT USING systems with ShowSuperHidden features would help ?
Such thing just MUST BE a helper for creating malwares, what else it could be ? Definitely for circumventing human users.
Good job Microsoft ! Autoexec.bat is proud of you ! /s
