%0 Journal Article %1 mjs:Mirsky:Hvac %A Mirsky, Yisroel %A Guri, Mordechai %A Elovici, Yuval %D 2017 %K air_gap ds17 hvac mjsarticle physical_separation %N 2 %P 815-829 %T HVACKer %U http://www.sicherheitsforschung-magdeburg.de/uploads/journal/MJS_055_Mirsky_AirgapTemperature.pdf %V 14 %X Modern corporations physically separate their sensitive computational infrastructure from public or other accessible networks in order to prevent cyber-attacks. However, attackers still manage to infect these networks, either by means of an insider or by infiltrating the supply chain. Therefore, an attacker’s main challenge is to determine a way to command and control the compromised hosts that are isolated from an accessible network (e.g., the Internet). In this paper, we propose a new adversarial model that shows how an air gapped network can receive communications over a covert thermal channel. Concretely, we show how attackers may use a compromised air-conditioning system (connected to the internet) to send commands to infected hosts within an air-gapped network. Since thermal communication protocols are a rather unexplored domain, we propose a novel lineencoding and protocol suitable for this type of channel. Moreover, we provide experimental results to demonstrate the covert channel’s feasibility, and to calculate the channel’s bandwidth. Lastly, we offer a forensic analysis and propose various ways this channel can be detected and prevented. We believe that this study details a previously unseen vector of attack that security experts should be aware of. This article appears in the special edition „In Depth Security – Proceedings of the DeepSec Conferences Vol. 2“. Edited by Stefan Schumacher and René Pfeiffer

@article{mjs:Mirsky:Hvac, abstract = {Modern corporations physically separate their sensitive computational infrastructure from public or other accessible networks in order to prevent cyber-attacks. However, attackers still manage to infect these networks, either by means of an insider or by infiltrating the supply chain. Therefore, an attacker’s main challenge is to determine a way to command and control the compromised hosts that are isolated from an accessible network (e.g., the Internet). In this paper, we propose a new adversarial model that shows how an air gapped network can receive communications over a covert thermal channel. Concretely, we show how attackers may use a compromised air-conditioning system (connected to the internet) to send commands to infected hosts within an air-gapped network. Since thermal communication protocols are a rather unexplored domain, we propose a novel lineencoding and protocol suitable for this type of channel. Moreover, we provide experimental results to demonstrate the covert channel’s feasibility, and to calculate the channel’s bandwidth. Lastly, we offer a forensic analysis and propose various ways this channel can be detected and prevented. We believe that this study details a previously unseen vector of attack that security experts should be aware of. This article appears in the special edition „In Depth Security – Proceedings of the DeepSec Conferences Vol. 2“. Edited by Stefan Schumacher and René Pfeiffer }, added-at = {2021-09-19T18:42:17.000+0200}, author = {Mirsky, Yisroel and Guri, Mordechai and Elovici, Yuval}, biburl = {https://www.bibsonomy.org/bibtex/27491620ac80cf52629009418983fe506/steschum}, interhash = {a929c3367f27e55b30a16ad375460878}, intrahash = {7491620ac80cf52629009418983fe506}, issn = {2192-4260}, journaltitle = {Magdeburger Journal zur Sicherheitsforschung}, keywords = {air_gap ds17 hvac mjsarticle physical_separation}, language = {DE}, number = 2, pages = {815-829}, subtitle = {Bridging the Air-Gap by Manipulating the Environment Temperature}, timestamp = {2021-10-22T17:15:30.000+0200}, title = {HVACKer}, url = {http://www.sicherheitsforschung-magdeburg.de/uploads/journal/MJS_055_Mirsky_AirgapTemperature.pdf}, urldate = {2017-08-18}, volume = 14, year = 2017 }