BitWhisper: Covert Signaling Channel between Air-Gapped Computers using Thermal Manipulations
This addresses a security vulnerability for systems relying on physical isolation, demonstrating a novel covert channel that could enable data infiltration and exfiltration in compromised environments.
The paper tackles the problem of covert data exchange between air-gapped computers by introducing BitWhisper, a method that uses heat emissions and thermal sensors to create a bidirectional communication channel without extra hardware, achieving an effective rate of 1-8 bits per hour over distances of 0-40 cm.
It has been assumed that the physical separation (air-gap) of computers provides a reliable level of security, such that should two adjacent computers become compromised, the covert exchange of data between them would be impossible. In this paper, we demonstrate BitWhisper, a method of bridging the air-gap between adjacent compromised computers by using their heat emissions and built-in thermal sensors to create a covert communication channel. Our method is unique in two respects: it supports bidirectional communication, and it requires no additional dedicated peripheral hardware. We provide experimental results based on implementation of BitWhisper prototype, and examine the channel properties and limitations. Our experiments included different layouts, with computers positioned at varying distances from one another, and several sensor types and CPU configurations (e.g., Virtual Machines). We also discuss signal modulation and communication protocols, showing how BitWhisper can be used for the exchange of data between two computers in a close proximity (at distance of 0-40cm) at an effective rate of 1-8 bits per hour, a rate which makes it possible to infiltrate brief commands and exfiltrate small amount of data (e.g., passwords) over the covert channel.