The Air-Gap Jumpers

Presented at Black Hat USA 2018, Aug. 8, 2018, 5:05 p.m. (25 minutes)

The term 'air-gap' in cyber security refers to a situation in which a sensitive computer, classified network, or critical infrastructure is intentionally physically isolated from public networks such as the Internet. Air-gap isolation is mainly used to maintain trade secrets, protect confidential documents, and prevent personal information from being leaked out, accidently or intentionally.

In this talk, we focus on 'Bridgeware', a type of malware which allows attackers to overcome ('bridge') air-gap isolation in order to leak data. We talk about various covert channels proposed over the years, including electromagnetic, magnetic, acoustic, thermal, electrical and optical methods (and introduce new air-jumping technique from our recent research). We examine their characteristics and limitations, including bandwidth and effective distance. We also discuss the relevance of these threats and the likelihood of related cyber-attacks in the modern IT environment. Finally, we present different types of countermeasures to cope with this type of threat. We will include demo videos.

Presenters:

• Mordechai Guri - PhD. Head of R&D Cyber-Security Research Center, Ben-Gurion University of the Negev, Israel, Ben-Gurion University of the Negev,
  Mordecai Guri, PhD, is the head of R&D at Ben-Gurion University of the Negev's Cyber-Security Research Center. He earned his B.Sc. and M.Sc, from the Computer Science Department at Hebrew University and received his PhD from BGU. He was awarded the prestigious IBM PhD International Fellowship in 2015. Mordechai manages academic research in various aspects of cyber security for the commercial and governmental sectors. He has led a number of breakthrough research projects in cyber security, focusing primarily on state of the art challenges in the fields of cyber attack and cyber defense. Mordechai examines current paradigms and develops new methods for improved mitigation of security problems in the modern cyber environment. His research topics include OS security, advanced malware, moving target defense (MTD), mobile security, and embedded systems.

Links:

• https://www.blackhat.com/us-18/briefings/schedule/#the-air-gap-jumpers-10967
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2018/The Air-Gap Jumpers.mp4
• https://www.youtube.com/watch?v=YKRtFgunyj4

Similar Presentations:

• CackalackyCon 1 (2019) / Gotta Keep Em Separated! Wait, but do we though? Well maybe not so much.
• DeepSec 2015 „DeepSec No. 9“ / Bridging the Air-Gap: Data Exfiltration from Air-Gap Networks
• GrrCON 2016 / Piercing the Air Gap: Network Steganography for Everyone