Air-gap malware is

malware Malware (a portmanteau of ''malicious software'')Tahir, R. (2018)A study on malware and malware detection techniques . ''International Journal of Education and Management Engineering'', ''8''(2), 20. is any software intentionally designed to caus ...

that is designed to defeat the air-gap isolation of secure computer systems using various air-gap covert channels.

Operation

Because most modern computers, especially

laptops A laptop computer or notebook computer, also known as a laptop or notebook, is a small, portable personal computer (PC). Laptops typically have a clamshell form factor with a flat-panel screen on the inside of the upper lid and an alpha ...

, have built-in microphones and speakers, air-gap malware can be designed to communicate secure information acoustically, at frequencies near or beyond the limit of human hearing. The technique is limited to computers in close physical proximity (about ), and is also limited by the requirement that both the transmitting and receiving machines be infected with the proper malware to form the communication link. The physical proximity limit can be overcome by creating an acoustically linked

mesh network A mesh network is a local area network topology in which the infrastructure nodes (i.e. bridges, switches, and other infrastructure devices) connect directly, dynamically and non-hierarchically to as many other nodes as possible and cooperate wit ...

, but is only effective if the mesh network ultimately has a traditional

Ethernet Ethernet ( ) is a family of wired computer networking technologies commonly used in local area networks (LAN), metropolitan area networks (MAN) and wide area networks (WAN). It was commercially introduced in 1980 and first standardized in 198 ...

connection to the outside world by which the secure information can be removed from the secure facility. In 2014, researchers introduced ″AirHopper″, a bifurcated attack pattern showing the feasibility of data exfiltration from an isolated computer to a nearby

mobile phone A mobile phone or cell phone is a portable telephone that allows users to make and receive calls over a radio frequency link while moving within a designated telephone service area, unlike fixed-location phones ( landline phones). This rad ...

, using FM frequency signals. In 2015, "HELLONE", a covert signaling channel between air-gapped computers using thermal manipulations, was introduced. "BitWhisper" supports bidirectional communication and requires no additional dedicated peripheral hardware. Later in 2015, researchers introduced "GSMem", a method for exfiltrating data from air-gapped computers over cellular frequencies. The transmission - generated by a standard internal bus - renders the computer into a small cellular transmitter antenna. In 2016, researchers categorized various "out-of-band covert channels" (OOB-CCs), which are malware communication channels that require no specialized hardware at the transmitter or receiver. OOB-CCs are not as high-bandwidth as conventional radio-frequency channels; however, they are capable of leaking sensitive information that require low data rates to communicate (e.g., text, recorded audio, cryptographic key material). In 2020, researchers of ESET Research reported

Ramsay Malware Ramsay, also referred to as Ramsay Malware, is a cyber espionage framework and toolkit that was discovered by ESET Research in 2020. Ramsay is specifically tailored for Windows systems on networks that are not connected to the internet and that ...

, a cyber espionage framework and toolkit that collects and steals sensitive documents like Word documents from systems on air-gapped networks.

Operation

See also

References

Further reading