• United States




6 reasons why heat-based attacks won’t happen

Mar 31, 20154 mins
Data and Information SecurityHackingSecurity

Oh, those security researchers, always coming up with exotic new ways to penetrate systems -- but the BitWhisper attack on air-gapped systems is especially far-fetched

I love the computer security world. I really do. It encourages everyone to get fired up about fantastical, unlikely threats. The latest dream attack, which emerged from Israel’s Ben-Gurion University, is way, way out there.

I’ve been to Israel and met Ben-Gurion computer security students. Many of them are scary good. Last year I taught a weeklong class in Israel about honeypots, and the students almost taught me more than I taught them. In the end I felt I’d endured the mental equivalent of being arm-barred by Ronda Rousey.

But the heat-based side-channel attack recently cooked up by the folks at Ben-Gurion was a bit much. Dubbed BitWhisper, it’s fun to speculate about, but unlikely to be much of a threat in the real world.

Researchers were able to demonstrate they could generate heat from one computer to communicate with another, nearby air-gapped computer. BitWhisper essentially uses temperature as a digital smoke signal to send bits from sender to receiver.

Bridging air-gapped computers is the Holy Grail for attackers who focus on ultrasecure targets, such as military bases and government facilities. But as you might guess, for such a scheme to work, both computers would need to be compromised by special malware already.

Wired posted a great article on this, complete with a demo video, but it made the attack seem way too plausible. This is not an attack you need to worry about. Here’s why.

1. Teeny bandwidth

At best, BitWhisper transmits at 8 bits per hour. A turtle escaping a lava flow would be faster. Attacks always get better over time, but this one would need to up its game by magnitudes to do much of anything. In the video demo, the researchers move a toy missile launcher and fire the missiles, in an attempt to impress upon people how dangerous the new side method could be. Want to impress me? Control one of those $30 plastic helicopters. I guarantee you it would take more than 8 bits of information to do anything interesting.

2. Better alternatives

Other researchers have demonstrated faster side-channel attacks using radio waves, speaker sounds, light sensors, and other techniques employing standard computer components. Each of these works far better than a heat-based side channel. They also work over bigger gaps, in some cases through walls.

3. Special conditions

Heat-based side-channel attacks work under a specific set of circumstances. The computers must be within 30 centimeters of each other, neither can be running other processes that impact heat generation, and so on. BitWhisper’s creators note the maximum distance between computers, but they don’t mention there needs to be a minimum physical gap for one to detect heat changes in another efficiently. If the two are too close together, variability becomes a problem because both computers need to monitor their own temperatures as well as changes in nearby ambient air temperature.

4. Noise

The more devices in the room that generate heat, the harder it will be to transmit those bits at maximum speed. Plus, let’s not talk about what happens if a fan or an air conditioning unit sits nearby — or a temperature-activated cooling unit, like the one I use at home.

5. Malware first

This one really cracks me up. Both computers must already have been infected by the same program — which assumes the attack already crossed the air gap at least once. In other words, all you need to do to cross the air gap is, first, cross the air gap! Air-gapped computers are typically the most secure computers in the world. They rotate administration rights, they often run whitelisting programs, and so on. If you can infect one of these babies with malware, why on earth would you then resort to an attack that can move eight bits per hour at best?

6. Easy defense

If a heat-based side channel attack ever happened in the wild, the intended victims — that is, high-security sites — would all put barriers in place to defeat the attacks. A piece of plastic between computers would do the trick.

The bottom line is that if potential victims actually have to worry about heat-based side-channel attacks, they have far bigger issues to deal with — like how the requisite malware got on the air-gapped computers in the first place.

Don’t get me wrong, I love the fact that university researchers found a way to transmit data successfully via fans and heat sensors. But I don’t think we need to worry about misdirected ballistic missiles yet. Me, I’d work harder on my patching before I’d worry about heat sinks and plastic shields.


Roger A. Grimes is a contributing editor. Roger holds more than 40 computer certifications and has authored ten books on computer security. He has been fighting malware and malicious hackers since 1987, beginning with disassembling early DOS viruses. He specializes in protecting host computers from hackers and malware, and consults to companies from the Fortune 100 to small businesses. A frequent industry speaker and educator, Roger currently works for KnowBe4 as the Data-Driven Defense Evangelist and is the author of Cryptography Apocalypse.

More from this author