Air-gap malware is
malware
Malware (a portmanteau of ''malicious software'')Tahir, R. (2018)A study on malware and malware detection techniques . ''International Journal of Education and Management Engineering'', ''8''(2), 20. is any software intentionally designed to caus ...
that is designed to defeat the
air-gap isolation of secure computer systems using various air-gap covert channels.
Operation
Because most modern computers, especially
laptops
A laptop computer or notebook computer, also known as a laptop or notebook, is a small, portable personal computer (PC). Laptops typically have a clamshell form factor with a flat-panel screen on the inside of the upper lid and an alpha ...
, have built-in microphones and speakers, air-gap malware can be designed to communicate secure information acoustically, at frequencies near or beyond the limit of human hearing. The technique is limited to computers in close physical proximity (about
[), and is also limited by the requirement that both the transmitting and receiving machines be infected with the proper malware to form the communication link. The physical proximity limit can be overcome by creating an acoustically linked ]mesh network
A mesh network is a local area network topology in which the infrastructure nodes (i.e. bridges, switches, and other infrastructure devices) connect directly, dynamically and non-hierarchically to as many other nodes as possible and cooperate wit ...
, but is only effective if the mesh network ultimately has a traditional Ethernet
Ethernet ( ) is a family of wired computer networking technologies commonly used in local area networks (LAN), metropolitan area networks (MAN) and wide area networks (WAN). It was commercially introduced in 1980 and first standardized in 198 ...
connection to the outside world by which the secure information can be removed from the secure facility. In 2014, researchers introduced ″AirHopper″, a bifurcated attack pattern showing the feasibility of data exfiltration from an isolated computer to a nearby mobile phone
A mobile phone or cell phone is a portable telephone that allows users to make and receive calls over a radio frequency link while moving within a designated telephone service area, unlike fixed-location phones ( landline phones). This rad ...
, using FM frequency signals.
In 2015, "HELLONE", a covert signaling channel between air-gapped computers using thermal manipulations, was introduced. "BitWhisper" supports bidirectional communication and requires no additional dedicated peripheral hardware.
Later in 2015, researchers introduced "GSMem", a method for exfiltrating data from air-gapped computers over cellular frequencies. The transmission - generated by a standard internal bus - renders the computer into a small cellular transmitter antenna.
In 2016, researchers categorized various "out-of-band covert channels" (OOB-CCs), which are malware communication channels that require no specialized hardware at the transmitter or receiver. OOB-CCs are not as high-bandwidth as conventional radio-frequency channels; however, they are capable of leaking sensitive information that require low data rates to communicate (e.g., text, recorded audio, cryptographic key material).
In 2020, researchers of ESET Research reported Ramsay Malware
Ramsay, also referred to as Ramsay Malware, is a cyber espionage framework and toolkit that was discovered by ESET Research in 2020.
Ramsay is specifically tailored for Windows systems on networks that are not connected to the internet and that ...
, a cyber espionage framework and toolkit that collects and steals sensitive documents like Word documents from systems on air-gapped networks.
See also
* Air gap (networking)
An air gap, air wall, air gapping or disconnected network is a network security measure employed on one or more computers to ensure that a secure computer network is physically isolated from unsecured networks, such as the public Internet or an ...
* BadBIOS
References
Further reading
*
*
* {{cite conference , first1=Samuel Joseph , last1=O'Malley , first2=Kim-Kwang Raymond , last2=Choo , title=Bridging the Air Gap: Inaudible Data Exfiltration by Insiders , date=May 1, 2014 , conference=20th Americas Conference on Information Systems , publisher=Association for Information Systems , ssrn=2431593
Types of malware