Random Thoughts‎ > ‎

Communication from an air gapped machine

By definition air-gapped devices are on a separate network from the rest of the internet.

How could you communicate from an air gapped machine to the rest of the world?
(Based on a conversation I had with an author in 2013)

Power Modulation.

Modulating the current consumption of a computer would make a device capable of measuring the load on a buildings power supply detect the presence of a program modulating the load on a computer (CPU load, Disk activity, GPU load, etc). You could possibly defend against this by isolating the machine from the power supply of the building by inserting a UPS or just have it run from a generator. Bandwidth - extremely low, unidirectional.

The agent you may be communicating with may attempt to modulate the air gapped machines power supply (brown outs/power interruption) to communicate back. But obviously this will certainly be detected. 

[Update August 2014] Indeed you can even extract keys this way. http://www.tau.ac.il/~tromer/handsoff/


If the air gapped machine has a sound device generating seemingly random noises that are not audible by humans may be able to be picked up by a non-air gapped device. Assuming both machines have microphones as well as loudspeakers, you could have bidirectional communications. Obviously the two devices need to be close enough to "hear" each other, and ramping up the data rate will risk detection. (BadBIOS is a prime example of this)

Sound generating devices need not be "loudspeakers", a hard or floppy disk drive and even case fans may be able to be utilised.

[Update August 2014] And again more key extraction: http://www.cs.tau.ac.il/~tromer/acoustic/


Monitor/Cameras - quite unlikely here to avoid detection. Potentially high bandwidth, with error correction. Think QR codes.

Blinkenlights - eg activity from hard disks etc. http://cyber.bgu.ac.il/advanced-cyber/system/files/LED-it-GO_0.pdf


Modulating a motor and even CPU usage will be able to transmit low bandwidth radio noise. Detection is somewhat more difficult.