Everything you need to know about air gapped systems and their security
If you follow cyber security for long enough you’re bound to come across the term “air gapped computer.” As it relates to computer networking, air gapping is a security measure to ensure that a computer network is physically isolated from unsecured networks like the internet and local area networks.
The name derives from the conceptual air gap that should exist with physical separation.
What is an air gapped computer?
An air-gapped computer is isolated from unsecured networks, meaning that it is not directly connected to the internet, nor is it connected to any other system that is connected to the internet. A true air gapped computer is also physically isolated, meaning data can only be passed to it physically (via USB, removable media or a firewire with another machine).
Some companies will market that a network or computer is air gapped despite the fact that the systems are only separated with a software firewall. Be cautious of this, firewalls can be breached as a result of both security failures and mis-configurations.
A true air gapped computer is physically isolated.
Here’s a good example from pop culture. Do you remember the scene from the movie Mission Impossible where Tom Cruise rappels down from the ceiling?
It’s one of the most famous scenes in movie history. In it, Cruise lowers himself from an air vent and dangles just feet above the floor as he steals a list from a computer in FBI headquarters.
That is an air gapped computer.
Who uses air gapped computers/networks?
You will tend to find air gapped computers implemented in high security environments, think classified military networks and payment networks. Here are some more examples of networks or systems that might be air gapped:
- Military computer systems and networks
- Government computer systems and networks
- Financial computer systems and networks
- Industrial control systems:
- Life-critical systems:
- Nuclear power plants
- Aviation Computers:
- Medical Equipment
Interestingly, as more and more devices come online and become “smart,” a number of products that have traditionally been air gapped like thermostats, electronic sprinklers and automobile components are now connecting to the public internet.
Are air gapped computers completely secure?
No. At least not from Tom Cruise. Seriously though, while you definitely don’t need to freak out and go find an alternative to air gapping, it would be silly to pretend that nothing can go wrong. Air gapped computers can still be breached. Granted, it’s a hell of a lot harder to do when a computer is air gapped, but methods exist.
The easy way to breach an air gapped computer
Good old fashioned social engineering. That’s right, the easiest way to breach an air gapped computer is to find a human intermediary to wittingly (or possibly unwittingly) breach the computer. To do this they will need to access the computer themselves and attach a USB device like a flash drive or a Wi-Fi dongle.
That’s the easy way.
Other ways to breach air gapped computers
If you want to get a bit more scientific, there are other way channels to extract data from an air gapped computer, they include:
Electromagnetic channels are the oldest attack vector of the group. These techniques include eavesdropping on EM radiation from the computer’s memory bus and monitoring leakage from USB ports and cables. Because electromagnetic channels have been widely studied, EM shielding has become a fairly common defensive measure.
Recently, acoustic channels have become a popular attack vector on account of the proliferation of hackable smartphones that are capable of picking up audio signals that the human ear can’t differentiate from background noise. The most cutting-edge area involves the use of ultrasonic sound waves with higher frequencies that are both inaudible and provide greater bandwidth.
Unlike the other categories, thermal hacks are more theoretical than anything at this point. While they have been demonstrated, the bandwidth is low, measuring in the low tens of bits per second over a very short distance. It’s unclear whether this will ever become a practical attack vector.
The most recent channel to be explored, optical transmission is bolstered by the advent and widespread availability of easily-hacked surveillance cameras. The cameras include LEDs on almost every system and can transmit substantial amounts of information.
How difficult is it to breach an air gapped computer?
It’s extremely challenging. The common theme with all of these attacks is that they require physical proximity. We’re talking about being close enough to record Electromagnetic radiation, pick up inaudible sound waves or rappel down from the ceiling.
Beyond that, most of what I’ve just described are proof-of-concept attacks. That means they’re all:
- Difficult to execute
- Contingent upon numerous conditions being met
- Developed by security researchers… for research purposes
That last point is especially salient. These exploits were pulled off primarily to raise awareness, they’re not things you are likely to find in the wild. On the flip-side, most cybercriminals don’t provide proofs of concept, so there could be other methods we don’t even know about.
Regardless, the best, most reliable method continues to be social engineering.
Six tips for better securing air gapped computers
As we’ve covered, just having a computer air gapped doesn’t provide quite the level of security as it used to. Again, that’s not to say that air gapping isn’t still a phenomenal security mechanism. It is. But could you do more to make your air gapped systems safer?
Here are six tips for air gap security:
- Secure the machine off-site or in a fully-secured room
- Make sure all cables to the machine are properly shielded
- Use USB Port Blockers to plug any unused USB ports
- Turn the machine off and unplug it from the power source when not in use
- Replace all standard drives with SSD
- Encrypt all data