Air Gap flaw

[maypo]

Just saw the air gap show. Very nice idea. Problem is, if your main machine is owned, and they put a script on it that writes a keylogger to any attached flash, plugging in a flash drive could transfer that script over to your pristine box. Info can get back to the net box over the same flash drive, jumping the gap. I can't believe the NSA would use this technique.

[roobixx]

"At best, an air gap is a high-latency connection" -Ed Skoudis - DerbyCon 3.0

[Chimera-Security]

Environments where I have worked with air-gapped systems commonly use an intermediary system of some kind, running a different AV suite to both the networked system and the standalone. This increases the chance of detecting malicious payload on removable media before reaching the air-gapped system. Of course, there is always the risk of the payload not being flagged by the AV.

To be fair, if an adversary knows you have an air-gapped host and has gone to the length of creating fresh payload unknown to AV you're pretty much screwed anyway. This kind of attack would be highly targeted.

- J

http://www.chimera-security.com

[Mr-Protocol]

"At best, an air gap is a high-latency connection" -Ed Skoudis - DerbyCon 3.0

Nice, missed that quote. Could have been that I wasn't sober much at DerbyCon.

[barry99705]

Nice, missed that quote. Could have been that I wasn't sober much at DerbyCon.

Yea, that was a shit ton of beer.