Air gap security no longer immune from hackers

"Air gap" security, which isolates computers from insecure networks, is not as immune to hacking as was once thought according to security company Symantec.

Researchers at the firm found that cybercriminals are now able to attack secluded machines by analysing radio frequencies emitted by graphics cards, transmitting data through ultrasound and using lasers to interfere with a printer.

John-Paul Power, information developer at Symantec, said: "Industries that deal with sensitive information rely heavily on air-gapped systems to protect their critical data."

"While these systems are more secure than most others, there are ways to compromise them, potentially allowing attackers to steal the affected organisations’ highly sensitive data."

Attacking air-gapped computers is more laboured than mainstream hacking such as phishing and malware dropping, often requiring a mole inside the organisation to work.

One example involving graphics card radio emissions, required an insider to install malware onto an air-gapped computer through a USB stick, instructing the computer to broadcast data and then picking it up through a wireless receiver.

"This technique is the most plausible for data exfiltration," Power said. "Compromising smartphones is something that is well within the capabilities of cybercriminals and nation states, so exfiltrating the stolen data would not be a major hurdle."

Another method used speakers to transmit data at frequencies above the range of human hearing, with hackers able to rope computers together to relay data across a greater distance.

Attackers could also use a laser beam to send malware instructions through a scanner, though Power said that unless there was a window in the room and the scanner was in use such an attack would be impossible.