Air-gap malware is

malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, de ...

that is designed to defeat the air-gap isolation of secure computer systems using various air-gap covert channels.

Operation

Because most modern computers, especially

laptops A laptop, laptop computer, or notebook computer is a small, portable personal computer (PC) with a screen and alphanumeric keyboard. Laptops typically have a clam shell form factor with the screen mounted on the inside of the upper l ...

, have built-in microphones and speakers, air-gap malware can be designed to communicate secure information acoustically, at frequencies near or beyond the limit of human hearing. The technique is limited to computers in close physical proximity (about ), and is also limited by the requirement that both the transmitting and receiving machines be infected with the proper malware to form the communication link. The physical proximity limit can be overcome by creating an acoustically linked

mesh network A mesh network is a local area network topology in which the infrastructure nodes (i.e. bridges, switches, and other infrastructure devices) connect directly, dynamically and non-hierarchically to as many other nodes as possible and cooperate wit ...

, but is only effective if the mesh network ultimately has a traditional

Ethernet Ethernet () is a family of wired computer networking technologies commonly used in local area networks (LAN), metropolitan area networks (MAN) and wide area networks (WAN). It was commercially introduced in 1980 and first standardized in ...

connection to the outside world by which the secure information can be removed from the secure facility. In 2014, researchers introduced ″AirHopper″, a bifurcated attack pattern showing the feasibility of data exfiltration from an isolated computer to a nearby

mobile phone A mobile phone, cellular phone, cell phone, cellphone, handphone, hand phone or pocket phone, sometimes shortened to simply mobile, cell, or just phone, is a portable telephone that can make and receive telephone call, calls over a radio freq ...

, using FM frequency signals. In 2015, "BitWhisper", a covert signaling channel between air-gapped computers using thermal manipulations, was introduced. "BitWhisper" supports bidirectional communication and requires no additional dedicated peripheral hardware. Later in 2015, researchers introduced "GSMem", a method for exfiltrating data from air-gapped computers over cellular frequencies. The transmission - generated by a standard internal bus - renders the computer into a small cellular transmitter antenna. In 2016, researchers categorized various "out-of-band covert channels" (OOB-CCs), which are malware communication channels that require no specialized hardware at the transmitter or receiver. OOB-CCs are not as high-bandwidth as conventional radio-frequency channels; however, they are capable of leaking sensitive information that require low data rates to communicate (e.g., text, recorded audio, cryptographic key material). In 2020, researchers of ESET Research reported

Ramsay Malware Ramsay, also referred to as Ramsay Malware, is a cyber espionage framework and toolkit that was discovered by ESET Research in 2020. Ramsay is specifically tailored for Windows systems on networks that are not connected to the internet and that ...

, a cyber espionage framework and toolkit that collects and steals sensitive documents like Word documents from systems on air-gapped networks. In general, researchers demonstrated that air-gap covert channels can be realized over a number of different mediums, including: * acoustic * light * seismic * magnetic * thermal * radio-frequency * physical media

Operation

See also

References

Further reading