Israeli researchers have discovered a new threat to critical infrastructure by finding a way to steal data from air-gapped computers using a simple cellphone. Air-gapped computing is used for the most sensitive work environments like critical infrastructure such as nuclear power plants. The air-gapping computers prevent workers from inserting USB sticks into the computers. Many times, smartphones are banned from the workspace to prevent them from being turned into listening devices.
Lane Thames, Security Research and Software Development Engineer at Tripwire says that with IoT, air gapped computing is quickly becoming a thing of the past and will pose a huge risk for high security environments.
Lane Thames, Security Research and Software Development Engineer at Tripwire :
“Indeed, this research is quite interesting. The important point here to me, however, is that we all need to recognize that air-gapped-ness is quickly becoming a thing of the past. Ubiquitous computing and communication technologies and its associated devices, such as those driving the growth of the Internet of Things, will cause many headaches for enterprises who require high-levels of security, and this is especially true for organizations that manage critical infrastructures. We currently have plenty of very powerful, small-footprint devices that, in theory, could be used to penetrate physically secure, air-gapped environments (think miniature drones and micro-robotics). Essentially, we in the security industry will need to devise new ways of handling this emerging threat scenario. The physical security problems and solutions of tomorrow will absolutely be different than what we have today.”[su_box title=”About Tripwire” style=”noise” box_color=”#336588″]Tripwire, Inc., a global provider of risk-based security and compliance management solutions, today announced Tripwire® Enterprise™ version 8.3 featuring a new, stand-alone Policy Manager™. Tripwire Policy Manager provides the detailed visibility into system configurations critical to minimizing security risks and ensuring compliance.[/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.