The test was performed at Ben-Gurion University and resulted in an air-gapped computer being hacked. Air-gapping is a method of protecting information on computer systems by cutting off all access to the internet and is often used by secret military networks to ensure that no information makes it into the public domain.
The researchers managed to manipulate the thermal sensors of the air-gapped computers by blasting air at a specific temperature onto them. They then wrote a malware that made the computers detect these bursts of hot air as binary code, allowing them to send messages to the “secure” computer and ultimately launch a model missile-launch toy.
The method would also allow hackers to steal passwords and user authentication keys from compromised systems and send them to an internet-connected device nearby. This secondary computer could then broadcast the information on to the attackers.
Previously, air-gapped systems could only be compromised by connecting them to another computer or adding removable storage to transfer files off the system with. The new exploit highlights how this could change in the future.
The hack isn’t currently a major issue. For it to work, the systems need to be infected with malware, a hard task when no internet connection is present. They also need to be very close together at under 15 inches. Another issue is that currently a maximum of eight bits of data can be sent.
It does indicate how air-gapping is not a perfect solution though. With the internet of things just around the corner, if an air-gapped computer was left near to a connected smart heater then this exploit could become a lot more notable.