Security researchers just found a way to hack into specially secured computer systems by sending messages using blasts of air. This is another example of how even the most walled-off systems can still get hacked.

By messing with a computer's thermal sensor, researchers at Ben-Gurion University were able to hack into air-gapped computers. Air-gapping is a computer security technique that keeps information safe by cutting off all access to the internet. It's a way to isolate super-sensitive data used by top secret military networks, as well as bankers, journalists, and anyone with information they desperately want to keep private.


But, as this demonstration shows, it's not foolproof. In fact, a heater positioned the wrong way could screw everything up.

Since air-gapped computers are protected from typical network attacks, the researchers manipulated their thermal sensors—the sensors that determine when a computer is getting too hot—by blasting air at specific temperatures using a nearby computer. The researchers designed a malware that made the "safe" computers receive these hot air emissions as a binary code, so a blast of air 1 degree above the standard temperature would get translated as a "1."


Simply by adding heat, the researchers tricked an air-gapped computer into turning a model missile-launch toy. Watch the hack in action above.

Now, this isn't something that anybody running an air-gapped system needs to freak out about. For this hack to work, both systems need to be infected with malware. And they need to be very close together, fifteen inches or less. This isn't a hugely applicable trick.


But it is worth paying attention to as evidence that air-gapping is not a magical solution either, and that hackers are going to get creative with the internet of things. The researchers used another computer here, but any internet-connected system will do. That means an air-gapped computer left near a smart home heater, for instance, would be a prime candidate for this sort of hacking.

As more of the stuff around us is connected, it's inevitable that there will be more opportunities for hacking. People taking the time to secure their computers by air-gapping will also have to be careful about securing their larger connected environment if they really want to keep people out.


[via Wired]

Contact the author at
Public PGP key
PGP fingerprint: FF8F 0D7A AB19 6D71 C967 9576 8C12 9478 EE07 10C