The weak-point is the shared USB device that copies from one machine to another which seems to defeat the whole purpose of being air-gapped - you could have printed-and-OCR'd data three decades ago so the air-gapped machine is never reading anything from outside at all, these days a video stream and AI could probably automate that?
I can definitely imagine use cases where a network is air gapped internally for security but bidirectional transfer still takes place. The point is that humans are supposed to be in control of exactly what is transferred, in both directions (not feasible with a network connection, to my knowledge).
Surely some government has come up with physically-unidirectional data transmission mechanisms for getting data onto airgapped networks. There has to be something more sophisticated than single-use CD-ROMs, even if it's just a blinking LED on one end and a photosensor on the other end.
> There has to be something more sophisticated than single-use CD-ROMs
But why, when a DVD-R handles most use cases at a cost of < $0.25 each, are reliable and ubiquitous, the hardware is likely already there (unless you are using Apple - caveat emptor) and they close the threat vector posed by read/write USB devices.
Sometimes the simplest solution is the best solution.
Right — but the question isn’t CD/DVD versus nothing. It’s CD/DVD versus USB; and which has a smaller attack surface.
I’d argue that read-only CD/DVD has a smaller attack surface than USB, so of the two, it’s preferable. I’d further argue that a CD/DVD (ie, the actual object moved between systems) is easier to inspect than USB devices, to validate the behavior.
Regular two-way IR diodes and sensors were standard on 90's business laptops for ordinary RS-232 file transfer between machines wirelessly. Before wifi or even ethernet was everywhere, and before USB and Bluetooth came along. The first smartphones had it too so you could dial up the internet on the road in the years before phones had a browser and stuff like that.
I have heard (on HN) of... 100 MBit ethernet with the transmit wires cut. Probably in the context of in-flight infotainment: plane data to infotainment yes, infotainment anything to plane control anything no. If it's stupid but it works...
> The weak-point is the shared USB device that copies from one machine to another which seems to defeat the whole purpose of being air-gapped...
Yup. I was going to post that TFA and the people at these embassies apparently have a very different definition of what people consider an air-gapped system.
Pushing the non-sense a bit further you could imagine they'd recreate ethernet, but air-gapped, using some hardware only allowing one packet in at a time, but both ways:
"Look ma, at this point in time it's not talking to that other machine, so it's air-gapped. Now it got one packet, but it's only a packet in, so it's air-gapped! Now it's sending only a packet out, so it's air-gapped!".
Reminds me of the time I was looking after a SECURE system: One of the tasks was the daily update of the antivirus. So I would grab the blessed stick, insert it into the Internet-PC, and using FTP would download the latest antivirus update. Then I'd walk over to the SECURE system, insert the stick, and run the exe from the stick. There, system SECURED for today!
I’m a bit disappointed the mechanism to exfiltrate data is based on sharing the USB between an internet-connected and air gapped devices. It would have been cool if it used some other side channel like acoustic signals.
I felt like the article spent way too many words to explain the idea of "the agency shared data across the air gap using USB drives, and a vulnerability was used to surreptitiously copy the malware onto the USB and then onto the target machine", and AFAICT none on explaining what that vulnerability is or why it exists (or existed). Then the rest is standard malware-reversing stuff that doesn't say anything interesting except to other malware reverse engineers. The inner workings of the tools aren't interesting from a security perspective; the compromise of the air gap is.
(As for acoustic etc. side-channel attacks: these would require a level of physical access at which point the air gap is moot. E.g. if you can get a physical listening device into the room to listen to fan noise etc. and deduce something about the computation currently being performed, and then eventually turn that into espionage... you could far more easily just directly use the listening device for espionage in the form of listening to the humans operating the computers.)
There was no novel vulnerability. The pwned machine just replaced a recently-accessed folder on the stick with an exe to trick the user into executing it on the target machine.
Such side channel attacks are academic. In fact someone on HN pointed out there's a researcher that invents new ones by the dozen and media run with it whenever he presents another one.
I mean, someone who researches security of airgap computers continually coming up with new ways to break them, seems like the expected outcome. Its their job after all.
One of my favorite hacks of yore was somehow some folks managed to compromise the iPod to that point that they could run some of their code, and make a beep.
They compressed the ROM, and "beeped" it out, wrapping the iPod in an acoustic box, recording it, and then decoding it to decode the ROM.
This is the plot of most of Ghost in the Shell. That series looks more and more prescient as time goes on. Another big plot point is that most of the internet is just AIs talking to each other. 10 years ago that sounded ridiculous, now not so much.
"Ralfi was sitting at his usual table. Owing me a lot of money. I had hundreds of megabytes stashed in my head on an idiot savant basis, information I had no conscious access to. Ralfi had left it there. He hadn't, however, came back for it." -- Johnny Mnemonic, William Gibson, 1981
I am not sure why you are being downvoted. Just like fridges, cars, ovens gained internet access, enhanced humans will be extremely likely to be, eventually -- and possibly with interesting consequences -- hacked.
What are you smoking, we hear about breaches of super important databases all the time and that doesn't seem to convince any company to give a single shit more than just enough to avoid negligence. Not to mention social media's entire business model is hacking people - keep them on your platform by any means necessary.
Security will never be a "largely solved problem", when there are humans involved (and probably even when humans are not involved).
There is no technical solution to people uploading high res photos with location metadata to social network de jour. Or the CEO who wants access to all his email on his shiny new gadget. Or the three letter agency who think ubiquitous surveillance is a great way to do their job. Or the politician who can be easily convinced the backdoors that can only be used by "the good guys" exist. Or the team who does all their internal chat including production secrets in a 3rd party chat app, only to have them popped and their prod credentials leaked on some TOR site. Or the sweatshop IT outsourcing firm that browbeats underpaid devs into meeting pointless Jira ticket closure targets. Or the "move fast and break things" startup culture that's desperately cutting corners to be first-to-market.
None of the people involved in bringing "enhanced human" tech to market will be immune to any of those pressures. (I mean, FFS, in the short term we're really talking about a product that _Elon_ is applying his massive billionaire brain to, right? I wonder what the media friendly equivalent term to "Rapid Unscheduled Disassembly" for when Nerualink starts blowing up people's brains is going to be?)
> Security will never be a "largely solved problem", when there are humans involved (and probably even when humans are not involved).
It absolutely will. I didn't say completely solved, I said largely solved.
> There is no technical solution to people uploading high res photos with location metadata to social network de jour.
Bad example honestly, since most social media sites strip out exif data by default these days. Not sure there are any that don't.
> Or the CEO who wants access to all his email on his shiny new gadget. Or the three letter agency who think ubiquitous surveillance is a great way to do their job. Or the politician who can be easily convinced the backdoors that can only be used by "the good guys" exist. Or the team who does all their internal chat including production secrets in a 3rd party chat app, only to have them popped and their prod credentials leaked on some TOR site. Or the sweatshop IT outsourcing firm that browbeats underpaid devs into meeting pointless Jira ticket closure targets. Or the "move fast and break things" startup culture that's desperately cutting corners to be first-to-market.
Yes yes, humans can be selfish and take risks and be bribed and negligent and blah blah blah.
The context of the comment was in neuralink implants getting hacked the way an out of date smart tv might. As when it comes to the actual tech, security will be a solved problem, because most of the problems we see today are due to everything being built on top of insecure foundations on top of insecure foundations.
Like the January 6 question, I’m assuming that anyone who had a neuralink would likely be ineligible for any sort of clearance to access information like this.
I am not as certain. Sure, Musk and his product are no longer 'cool' given his move to US political right faction, but tech is tech. Some tried banning cell phones and whatnot and the old guard there had to adjust their expectations.
In short, I am not sure you are right about it. If anything, and I personally see it as a worst case scenario, use of that contraption will be effectively mandatory the way having cell phone is now ( edit: if you work for any bigger corp that and and want to log from your home ).
<< You can already hack people by just telling them things.
True, but language fluctuates, zeitgeist changes and while underlying techniques remain largely the same, what nationstate would not dream of being able to simply have people obey when it tells them to do behave in a particular way. Yes, you can regimen people through propaganda, but what if it you could do it more easily this way?
To offer a contributory not-really-metaphor for viewing things: After a "grey goo" apocalypse covers the world in ruthlessly replicating nanobots, eventually there arise massive swarms of trillions of allied units that in turn develop hivemind intelligences, which attempt to influence and "hack" one-another.
I am one of them, so are you, and I just made you think of something against--or at least without--your will.
> True, but language fluctuates, zeitgeist changes and while underlying techniques remain largely the same
This applies to software as well
> Yes, you can regimen people through propaganda, but what if it you could do it more easily this way?
Widespread use of BCIs would help with this for sure, but don’t be under the impression that individual and population level manipulation techniques haven’t progressed well past simple propaganda.
<< don’t be under the impression that individual and population level manipulation techniques haven’t progressed well past simple propaganda.
I absolutely buy it based merely on the glimpse of the document from various whistleblowers over the years. At this point, I can only imagine how well oiled a machine it must be.
Certainly people would like an API for others without needing to reverse engineer them. Agreed that there is a threshold of simplicity past which it becomes easier to organize than having to give speeches and run propaganda.
tldr: The breach relied on careless human(s) using USB key to and from the air-gapped systems. All the clever technology would have been for naught had the staff used robust physical security procedures.
The weak-point is the shared USB device that copies from one machine to another which seems to defeat the whole purpose of being air-gapped - you could have printed-and-OCR'd data three decades ago so the air-gapped machine is never reading anything from outside at all, these days a video stream and AI could probably automate that?
I can definitely imagine use cases where a network is air gapped internally for security but bidirectional transfer still takes place. The point is that humans are supposed to be in control of exactly what is transferred, in both directions (not feasible with a network connection, to my knowledge).
The things are much easier: two parts, one has blinking LED, another is photosensor. This is called "data diode" and there is a lot of them.
Here is a random vendor with nice pictures: https://owlcyberdefense.com/learn-about-data-diodes/
Surely some government has come up with physically-unidirectional data transmission mechanisms for getting data onto airgapped networks. There has to be something more sophisticated than single-use CD-ROMs, even if it's just a blinking LED on one end and a photosensor on the other end.
> There has to be something more sophisticated than single-use CD-ROMs
But why, when a DVD-R handles most use cases at a cost of < $0.25 each, are reliable and ubiquitous, the hardware is likely already there (unless you are using Apple - caveat emptor) and they close the threat vector posed by read/write USB devices.
Sometimes the simplest solution is the best solution.
I would guess having a CD/DVD drive opens another attack surface. Similar to why people gluing their USB ports closed.
Right — but the question isn’t CD/DVD versus nothing. It’s CD/DVD versus USB; and which has a smaller attack surface.
I’d argue that read-only CD/DVD has a smaller attack surface than USB, so of the two, it’s preferable. I’d further argue that a CD/DVD (ie, the actual object moved between systems) is easier to inspect than USB devices, to validate the behavior.
Data diodes are commonly used: https://csrc.nist.gov/glossary/term/data_diode
I don't know if people class something connected using a data diode as airgapped or not.
Regular two-way IR diodes and sensors were standard on 90's business laptops for ordinary RS-232 file transfer between machines wirelessly. Before wifi or even ethernet was everywhere, and before USB and Bluetooth came along. The first smartphones had it too so you could dial up the internet on the road in the years before phones had a browser and stuff like that.
I have heard (on HN) of... 100 MBit ethernet with the transmit wires cut. Probably in the context of in-flight infotainment: plane data to infotainment yes, infotainment anything to plane control anything no. If it's stupid but it works...
https://docs.aws.amazon.com/whitepapers/latest/cross-domain-...
https://en.wikipedia.org/wiki/Unidirectional_network
Which ironically describes them evolving into software driven gateways.
Good old UART without the RX connected on one side.
> The weak-point is the shared USB device that copies from one machine to another which seems to defeat the whole purpose of being air-gapped...
Yup. I was going to post that TFA and the people at these embassies apparently have a very different definition of what people consider an air-gapped system.
Pushing the non-sense a bit further you could imagine they'd recreate ethernet, but air-gapped, using some hardware only allowing one packet in at a time, but both ways:
"Look ma, at this point in time it's not talking to that other machine, so it's air-gapped. Now it got one packet, but it's only a packet in, so it's air-gapped! Now it's sending only a packet out, so it's air-gapped!".
Yeah. But no.
Reminds me of the time I was looking after a SECURE system: One of the tasks was the daily update of the antivirus. So I would grab the blessed stick, insert it into the Internet-PC, and using FTP would download the latest antivirus update. Then I'd walk over to the SECURE system, insert the stick, and run the exe from the stick. There, system SECURED for today!
Norton, trust no other!
I’m a bit disappointed the mechanism to exfiltrate data is based on sharing the USB between an internet-connected and air gapped devices. It would have been cool if it used some other side channel like acoustic signals.
I felt like the article spent way too many words to explain the idea of "the agency shared data across the air gap using USB drives, and a vulnerability was used to surreptitiously copy the malware onto the USB and then onto the target machine", and AFAICT none on explaining what that vulnerability is or why it exists (or existed). Then the rest is standard malware-reversing stuff that doesn't say anything interesting except to other malware reverse engineers. The inner workings of the tools aren't interesting from a security perspective; the compromise of the air gap is.
(As for acoustic etc. side-channel attacks: these would require a level of physical access at which point the air gap is moot. E.g. if you can get a physical listening device into the room to listen to fan noise etc. and deduce something about the computation currently being performed, and then eventually turn that into espionage... you could far more easily just directly use the listening device for espionage in the form of listening to the humans operating the computers.)
There was no novel vulnerability. The pwned machine just replaced a recently-accessed folder on the stick with an exe to trick the user into executing it on the target machine.
Such side channel attacks are academic. In fact someone on HN pointed out there's a researcher that invents new ones by the dozen and media run with it whenever he presents another one.
I mean, someone who researches security of airgap computers continually coming up with new ways to break them, seems like the expected outcome. Its their job after all.
The foundations of computer science were once, mostly academic.
You probably mean Dr. Moderchai Guri - all his Arxiv mentions (a lot!) are for unconventional tactics for compromising airgapped systems.
One of my favorite hacks of yore was somehow some folks managed to compromise the iPod to that point that they could run some of their code, and make a beep.
They compressed the ROM, and "beeped" it out, wrapping the iPod in an acoustic box, recording it, and then decoding it to decode the ROM.
Just wait till neuralink gets hacked and people themselves become the side channel.
This is the plot of most of Ghost in the Shell. That series looks more and more prescient as time goes on. Another big plot point is that most of the internet is just AIs talking to each other. 10 years ago that sounded ridiculous, now not so much.
"Ralfi was sitting at his usual table. Owing me a lot of money. I had hundreds of megabytes stashed in my head on an idiot savant basis, information I had no conscious access to. Ralfi had left it there. He hadn't, however, came back for it." -- Johnny Mnemonic, William Gibson, 1981
Also how super-sensitive may be kept on physical books and papers, albeit in a form scannable by optic implants.
the-computer-wears-sneakers-net
I am not sure why you are being downvoted. Just like fridges, cars, ovens gained internet access, enhanced humans will be extremely likely to be, eventually -- and possibly with interesting consequences -- hacked.
That's not really true, in that context security will largely be a solved problem.
Using chips with a secure architecture, safe languages and safe protocols is going to result in secure implants.
Not to say there might not be some new vulnerability, but I disagree with this idea people love to repeat that security is impossible.
What are you smoking, we hear about breaches of super important databases all the time and that doesn't seem to convince any company to give a single shit more than just enough to avoid negligence. Not to mention social media's entire business model is hacking people - keep them on your platform by any means necessary.
Security will never be a "largely solved problem", when there are humans involved (and probably even when humans are not involved).
There is no technical solution to people uploading high res photos with location metadata to social network de jour. Or the CEO who wants access to all his email on his shiny new gadget. Or the three letter agency who think ubiquitous surveillance is a great way to do their job. Or the politician who can be easily convinced the backdoors that can only be used by "the good guys" exist. Or the team who does all their internal chat including production secrets in a 3rd party chat app, only to have them popped and their prod credentials leaked on some TOR site. Or the sweatshop IT outsourcing firm that browbeats underpaid devs into meeting pointless Jira ticket closure targets. Or the "move fast and break things" startup culture that's desperately cutting corners to be first-to-market.
None of the people involved in bringing "enhanced human" tech to market will be immune to any of those pressures. (I mean, FFS, in the short term we're really talking about a product that _Elon_ is applying his massive billionaire brain to, right? I wonder what the media friendly equivalent term to "Rapid Unscheduled Disassembly" for when Nerualink starts blowing up people's brains is going to be?)
> Security will never be a "largely solved problem", when there are humans involved (and probably even when humans are not involved).
It absolutely will. I didn't say completely solved, I said largely solved.
> There is no technical solution to people uploading high res photos with location metadata to social network de jour.
Bad example honestly, since most social media sites strip out exif data by default these days. Not sure there are any that don't.
> Or the CEO who wants access to all his email on his shiny new gadget. Or the three letter agency who think ubiquitous surveillance is a great way to do their job. Or the politician who can be easily convinced the backdoors that can only be used by "the good guys" exist. Or the team who does all their internal chat including production secrets in a 3rd party chat app, only to have them popped and their prod credentials leaked on some TOR site. Or the sweatshop IT outsourcing firm that browbeats underpaid devs into meeting pointless Jira ticket closure targets. Or the "move fast and break things" startup culture that's desperately cutting corners to be first-to-market.
Yes yes, humans can be selfish and take risks and be bribed and negligent and blah blah blah.
The context of the comment was in neuralink implants getting hacked the way an out of date smart tv might. As when it comes to the actual tech, security will be a solved problem, because most of the problems we see today are due to everything being built on top of insecure foundations on top of insecure foundations.
Like the January 6 question, I’m assuming that anyone who had a neuralink would likely be ineligible for any sort of clearance to access information like this.
I am not as certain. Sure, Musk and his product are no longer 'cool' given his move to US political right faction, but tech is tech. Some tried banning cell phones and whatnot and the old guard there had to adjust their expectations.
In short, I am not sure you are right about it. If anything, and I personally see it as a worst case scenario, use of that contraption will be effectively mandatory the way having cell phone is now ( edit: if you work for any bigger corp that and and want to log from your home ).
You can already hack people by just telling them things. Many of them will do dumb shit if you just use the right words.
I like the analogy. Lets explore it a little.
<< You can already hack people by just telling them things.
True, but language fluctuates, zeitgeist changes and while underlying techniques remain largely the same, what nationstate would not dream of being able to simply have people obey when it tells them to do behave in a particular way. Yes, you can regimen people through propaganda, but what if it you could do it more easily this way?
To offer a contributory not-really-metaphor for viewing things: After a "grey goo" apocalypse covers the world in ruthlessly replicating nanobots, eventually there arise massive swarms of trillions of allied units that in turn develop hivemind intelligences, which attempt to influence and "hack" one-another.
I am one of them, so are you, and I just made you think of something against--or at least without--your will.
> True, but language fluctuates, zeitgeist changes and while underlying techniques remain largely the same
This applies to software as well
> Yes, you can regimen people through propaganda, but what if it you could do it more easily this way?
Widespread use of BCIs would help with this for sure, but don’t be under the impression that individual and population level manipulation techniques haven’t progressed well past simple propaganda.
<< don’t be under the impression that individual and population level manipulation techniques haven’t progressed well past simple propaganda.
I absolutely buy it based merely on the glimpse of the document from various whistleblowers over the years. At this point, I can only imagine how well oiled a machine it must be.
Certainly people would like an API for others without needing to reverse engineer them. Agreed that there is a threshold of simplicity past which it becomes easier to organize than having to give speeches and run propaganda.
> I am not sure why you are being downvoted.
Trigger-happy emotional non-intelligence.
if Neuralink became pervasive like smartphones I'd join the Amish
tldr: The breach relied on careless human(s) using USB key to and from the air-gapped systems. All the clever technology would have been for naught had the staff used robust physical security procedures.
What protocol would you have recommended?