Air-gapped secured systems

Tester said:

One thing to understand that a signal does not have to be something programmed.

A very simplistic example, heat is is signal. With the right equipment you can see a device getting hotter or cooler. Program a program, that sends S.O.S with interval of 1minute, 1minute hot(full load cpu), 1min cool(no cpu activity), then 1min full load again etc. Then someone who is looking at the heat signature and see it getting hotter, cooler, hotter in a patern, it can receive a message like that.
The device that is getting hotter and cooler, was not designed to broadcast a signal like that, however it could.
Same goes with some of the noise an device gives off, controlling the fan speed. Or creating a workload that changes cpu frequenes that can be lisend to. Or the EM redation a device gives off.

Click to expand...

But what you desribe are big things, like an ON / OFF switch or.
The processes inside a computer with bits all over the place in CPU, GPU, memory, flash drive etc. - that is millions of 1 and 0 / + and - / ON and OFF per second.
And that is was makes it hard for me to understand, that it can be possible?

Tester said:

One thing to understand that a signal does not have to be something programmed.

Same goes with some of the noise an device gives off, controlling the fan speed. Or creating a workload that changes cpu frequenes that can be lisend to. Or the EM redation a device gives off.

Click to expand...

The not-programmed signals, that still can be intercepted.
Can they be received through walls etc.?

And the receiver, what is that?
Some super advanced equipment, that like only NSA has?

Would anyone please help me with my remaining questions in #21 / above.

Thank you

Real examples of attacks devised by security researchers.

Using audio frequencies to transmit data.
Using monitors to encode data by refreshing the screen and decoding from video surveillance equipment.
Even using fluctuations in power supplies.

Basically any form of energy that can be manipulated and read/measured can be used as a means of transmission.

Air gapped usually just means, no Internet access or no direct Internet access

Into_Oblivion1 said:

- that is millions of 1 and 0 / + and - /

Click to expand...

The fasted wifi 7+ can send more 1.073.741.824 bit in one second. So don't be surpised what can be done with non consumer stuff.

neemobeer said:

Real examples of attacks devised by security researchers.

Using audio frequencies to transmit data.
Using monitors to encode data by refreshing the screen and decoding from video surveillance equipment.
Even using fluctuations in power supplies.

Basically any form of energy that can be manipulated and read/measured can be used as a means of transmission.

Air gapped usually just means, no Internet access or no direct Internet access

Click to expand...

And the instrument / receiver, what would that be like?
Some super advanced equipment, that like only NSA has or some other high level gouverment stuff?

No, can be a mic or a webcam. Depends on the transmission type

neemobeer said:

No, can be a mic or a webcam. Depends on the transmission type

Click to expand...

The webcam records the screen?

What about the mic, that would receive the sounds from the laptop?

Or could you elaborate please?

Break out the tinfoil hats. I don't think any of our systems have enough important data to get concerned about these techniques.

Is it safe to say, that if it were easy, every hacker would do it?
Gouverments would do it to eachother etc.?

Into_Oblivion1 said:

Could anyone help me further with above questions?

Thank you

Click to expand...

To give you a ruffly taste on what it is..
Do you own a small portable radio that has AM and FM?

If you do. Switch it to AM and stand a few meters away from anything electronic.. turn up the volume a bit... turn the tune button until you find it as quiet as possible. Now take the radio and walk around your apartment/house.. get close up to the computer, TV lamps, the router... and you will hear the sound changing.
This is the signals that you pick up and then you decode it to get useful information from it.
To build a decoder yourself.. then you need to be a electronic wizard and really understand electronic.. So I'm guessing one or perhaps two people of all members in here on elevenforum is on that level.

Now when you walk around with the radio, you will get a hint of what pore range it has and that is why this isn't really a threat.
With building a really advanced directional antenna you might get a range of 5-10meters and up to 20-30 meters if there is free line of sight (No walls etc)
Higher effects gives longer range.. but we are talking milliamps on low voltage... not an 400kV powerline

Edit
If i want to steal data.. Spyware on a device with internet connection or wifi.... if offline... then i would place a camera in the room or just outside the window that see the screen.
No one do it the hard way... the hard way is only done if there is test and a Proof of Concept..

Edit2 oh, and you can also use the AM radio as a cheap bug-detector