»

There goes your airgap.

This latest leak details how the NSA accessed targets by inserting tiny circuit boards or USB cards into computers and using radio waves to transmit data without the need for the machine to be connected to a wider network.

It is a significant revelation in that it undermines what was seen to be one of the simplest but most effective methods of making a system secure: isolating it from the internet.

In other words: the NSA planted tranmitters (or tranceivers) and effectively turned air-gapped machines into machines transmitting to (/receiving from) their systems. Somewhat different from actually snooping on ‘offline’ machines, ala Tempest, as what many ‘news’ organizations hinted at by using inaccurate titles (the BBC, quoted above from this article, included).

Unless all your offices are room-sized Faraday cages, with physical security and extensive background checks of the machine operators, the NSA just invalidated your airgap policy. But then again, your security was probably flawed anyway, especially against an adversary that competent/determined/resourceful.

Have your say.

Write in the language of the post. Comments are meant to encourage on-topic discussion. For general comments, observations, complaints (e.g. about the site), you can use the form found in the Contact page. Make sure you've read the Terms of Use before commenting.

Comments Feed for this post Comments Feed for this entry.