top of page
Writer's pictureJosef Mayrhofer

Advanced Observability is Emerging as a Countermeasure from the Analysis of the COVID-bit Attack

Recently a researcher from Ben-Gurion University located a shocking IT security attack. He discovered that computers without internet connections are vulnerable and can be compromised.


The Attack


For security reasons, computers in high-risk environments such as energy infrastructure, government, and weapon control units are isolated from the internet.


The attack works like this:

  • plant custom-made malware on the target computer through physical access.

  • use a receiver, such as a mobile device antenna connected to the audio jack

  • the mobile device captures the transmission and decodes the secret


Such attacks sound strange, but they have happened already in the past. Remember the Stuxnet hack or several more in which air-gapped systems have been compromised, manipulated, and destroyed.


The Countermeasures

How can we protect our air-gapped high-risk systems from COVID-bit attacks?


Given the complexity of such attacks, we need multiple countermeasures, such as

  1. Prevent the installation of malware

  2. Monitoring CPU core usage that doesn't match the expected behavior

  3. Lock the CPU core frequency to make the generation of data-carrying signals harder


Your Takeaway

Be aware that the mentioned risk mitigations are challenging to implement, will reduce performance, and create false positives.


But it shows that we can no longer rely on Security monitoring to detect such critical attacks. Instead, we need a holistic Observability approach to collect workload patterns and CPU core usage and feed this data to AI-powered problem and root cause detection platforms.


Keep up the great work! Happy Performace & Security Engineering!


More details about this COVID-bit attack are on this link https://arxiv.org/pdf/2212.03520.pdf




18 views0 comments

Recent Posts

See All

Comments


bottom of page