Four researchers from the Ben-Gurion University disclosed a new covert channel. A covert channel is a mean to transfer information through a channel that was not supposed to transfer information. Covert channels are at the heart of side channel attacks. Many covert channels have been investigated, e.g. power supply, radio frequency, or sound.
Their system coined BitWhisper uses temperature as the carrying ‘media.’ The interesting feature of BitWhisper is that it may cross air-gapped computers. Air-gapped computers have no digital connections (wired or wireless). Air-gap is the ultimate isolation between networks or computers.
In BitWhisper, the attacker owns one computer on each side of the air-gap. Furthermore, both computers are in the same vicinity. Modern computers are equipped with thermal sensors that can be read by software. On the emitter computer, the attacker increases or decreases the computation effort drastically, thus creating a variation of the internal temperature, for instance by using CPU and GPU stress tests. The higher the computation effort, the higher the internal temperature. The receiving computer monitors stays with a constant computing power and measures the variation of its internal thermal probes.
Obviously, this covert channel has a big limitation. The distance separating both computers should not exceed 40 cm. At 35 cm, they succeeded to induce a one degree Celsius variation in the receiving computer. The system would probably not work in a data center. The orientation of the computers is also impacting. The overall throughput is of a few bits per day.
Nevertheless, it is an interesting idea, although not practical. In another setup where the attacker could use an external thermal camera as a receiver, rather than a generic computer, the efficiency of this covert channel could be increased.
Guri, Mordechai, Matan Monitz, Yisroel Mirski, and Yuval Elovici. “BitWhisper: Covert Signaling Channel between Air-Gapped Computers Using Thermal Manipulations.” arXiv, March 26, 2015. http://arxiv.org/abs/1503.07919.
PS: this draft version does not describe the communication protocol