
Stealing Data from Computers Using Heat - sergeant3
http://www.wired.com/2015/03/stealing-data-computers-using-heat/
======
mankyd
Not quite "stealing". Rather, both computers are running special software used
to transmit information between them using heat. The bandwidth is also
incredibly low:

> [...] currently, the attack allows for just eight bits of data to be
> reliably transmitted over an hour [...]

It works by intentionally generating heat in one computer, and then detecting
that heat increase with the one sitting next to it. Patterns in the rise and
fall of the heat allow you to send information.

You can't use this method to steal arbitrary information from a computer that
you do not already have access to. This title is sensationalized.

~~~
kedean
This is really more of a practical demonstration of using the thermal channel
for transmission than any sort of security news.

------
trafnar
They installed software on one computer that generates heat by running the
CPU. They installed software on the other computer which detects heat through
the computer's existing heat sensors, and when detected, moves a little foam
dart gun.

Not as scary as I thought.

~~~
k2enemy
Exactly. They just came up with a way of transmitting information from one
computer to another with the appropriate software running on each computer.

From the headline, I was imagining some tempest like result where data could
be read from the heat signature of any computer. But this is just more click-
bait from Wired.

~~~
fuzzywalrus
Indeed, requiring the air-gapped machine to first running malware doesn't
exactly make this revolutionary, and the bandwidth is so incredibly low. Also,
likelihood of ambient interference is quite high that the reliability of this
seems suspect best.

------
userbinator
In the early days of desktop PCs, the CPU was essentially running at full load
all the time (in an idle polling loop) and the temperature would stabilise
after a warm-up period, so this type of attack wouldn't be possible. This was
when processors only consumed a few watts. Now they vary between a few watts
at idle and 100+ at full load, and can make such power transitions in a few
microseconds.

I think the acoustic method is more clever (and has a higher bandwidth):

[https://news.ycombinator.com/item?id=6927905](https://news.ycombinator.com/item?id=6927905)

~~~
AlyssaRowan
The optical method is also quite smart, if you happen to, say, have an
activity LED wired to a bus without much of a filter in between. LEDs switch
faster than you might have thought¹.

This kind of thing is intelligence-agency home turf; they have decades of
experience, not necessarily relating to computers.

[1] Joe Loughry and David A. Umphress [2002] "Information Leakage from Optical
Emanations." ACM Trans. Info. Sys. Security, Vol. 5, No. 3, pp. 262-289
<[http://www.foo.be/docs-
free/tempest/optical_tempest.pdf>](http://www.foo.be/docs-
free/tempest/optical_tempest.pdf>)

------
moey
"Air-gapped systems are used in classified military networks, the payment
networks that process credit and debit card transactions for retailers, "

Payment systems are most definitely not air gapped.

------
logfromblammo
Firstly, 40 cm isn't much of an air gap. If your secured and networked
machines are that close together, maybe consider larger cubicles. Otherwise,
this attack is probably mitigated by a cheap electric fan aimed at the gap.

It almost seems as though it would be worth designing your own isolation
boxes, because a mere air gap is not enough any more. A commercial version
could secure kiosk computers and ATMs.

~~~
nine_k
An 'air gap' is basically a bit of perfectly permeable, transparent air.

I suppose that a real air-gapped system would be behind some less-transparent
wall, or several, possibly with some electromagnetic insulation layer (foil,
mesh), with no paths of direct optical contact, and some sources of noise of
many sorts: wide-spectrum RF white noise, wide-spectrum acoustic white noise,
random IR flicker, etc.

------
mey
The payment networks by their very function are not air-gapped.

------
pvaldes
So if you go to a protected place and put some hardware in a computer with
secrets that you want to spy you could... err, spy it (and this only will take
you about forthy years). Or you could just take the laptop with you and run.

I have a better idea. Design a keyboard that mecanically plays a little
different ultrasound each time you tip some specific key, thus you could steal
passwords and data in real time using a trained bat (or a ultrasound register,
what you prefer).

The heat approach sounds slow, teorical, and too prone to false positives to
be taken seriously. Good history for films or making jokes about people
looking at porno in front of the computer, or your cat taking a nap and
launching a missile, not much more IMHO.

------
deutronium
Silly question, could you put a telescopic sight, on a thermal camera to
detect the bits of output. Or would the IR get absorbed by glass windows etc,
making that impossible.

~~~
jkaunisv1
In my computer security class in uni, my professor quickly listed various ways
your computer could be compromised in ways you wouldn't expect and this was
one of them. He didn't get into detail unfortunately, just that things could
be inferred from the heat of your monitor/computer. He also mentioned driving
a truck with a receiver into the path of a Line of Sight connection, and just
plain using the telescope to look at your monitor if it's facing a window.

Reading about Starfighter recently reminds me of that class..our assignments
were to perform buffer overflow and other attacks, it was a lot of fun!

