Recently a researcher from Ben-Gurion University located a shocking IT security attack. He discovered that computers without internet connections are vulnerable and can be compromised.

The Attack

For security reasons, computers in high-risk environments such as energy infrastructure, government, and weapon control units are isolated from the internet.

The attack works like this:

• plant custom-made malware on the target computer through physical access.

• use a receiver, such as a mobile device antenna connected to the audio jack

• the mobile device captures the transmission and decodes the secret

Such attacks sound strange, but they have happened already in the past. Remember the Stuxnet hack or several more in which air-gapped systems have been compromised, manipulated, and destroyed.

The Countermeasures

How can we protect our air-gapped high-risk systems from COVID-bit attacks?

Given the complexity of such attacks, we need multiple countermeasures, such as

1. Prevent the installation of malware

2. Monitoring CPU core usage that doesn't match the expected behavior

3. Lock the CPU core frequency to make the generation of data-carrying signals harder

Your Takeaway

Be aware that the mentioned risk mitigations are challenging to implement, will reduce performance, and create false positives.

But it shows that we can no longer rely on Security monitoring to detect such critical attacks. Instead, we need a holistic Observability approach to collect workload patterns and CPU core usage and feed this data to AI-powered problem and root cause detection platforms.

Keep up the great work! Happy Performace & Security Engineering!

More details about this COVID-bit attack are on this link https://arxiv.org/pdf/2212.03520.pdf