Steal Data From Air-Gapped Industrial Networks via PLCs!! [source: securityweek]
by CIRT Team
Researchers have discovered a method that hackers could use to stealthily exfiltrate data from air-gapped industrial networks by manipulating the radio frequency (RF) signal emitted by programmable logic controllers (PLCs).
Attackers may be able to plant a piece of malware on an isolated network, including via compromised update mechanisms or infected USB drives, but using that malware to send valuable data outside the organization poses its own challenges.
In the past few years, Israeli researchers have found several methods that can be used to jump the air gap, including via infrared cameras, scanners, the LEDs on routers and hard drives, heat emissions, radio signals, and the noise made by hard drives and fans. One of their proof-of-concept (PoC) malware, named AirHopper, uses electromagnetic signals emitted by a computer’s graphics card to send data to a nearby receiver.
Researchers at CyberX, a company that specializes in protecting industrial control systems (ICS), have found a way to apply a similar data exfiltration method to systems in air-gapped industrial networks. The method was first disclosed in October at SecurityWeek’s ICS Cyber Security Conference by CyberX VP of Research David Atch.
For more, click here.