Researchers have hacked an air-gapped computer using a mobile phone, posing a serious threat to critical infrastructure. The attack requires both the targeted computer and the mobile phone to have malware installed on them, but once this is done the attack exploits the natural capabilities of each device to exfiltrate data. Lane Thames, Software Development Engineer and Security Researcher at Tripwire, discusses what this means for the future of critical infrastructure.
Lane Thames, Software Development Engineer and Security Researcher at Tripwire :
“Indeed, this research is quite interesting. The important point here to me, however, is that we all need to recognize that air-gapped-ness is quickly becoming a thing of the past. Ubiquitous computing and communication technologies and its associated devices, such as those driving the growth of the Internet of Things, will cause many headaches for enterprises who require high-levels of security, and this is especially true for organizations that manage critical infrastructures. We currently have plenty of very powerful, small-footprint devices that, in theory, could be used to penetrate physically secure, air-gapped environments (think miniature drones and micro-robotics). Essentially, we in the security industry will need to devise new ways of handling this emerging threat scenario. The physical security problems and solutions of tomorrow will absolutely be different than what we have today.”