An air-gapped system is designed to be very secure. It is not connected to any other system, network or internet – literally a physical gap between it and the rest of the IT world. If it is not connected, then threat actors cannot connect to it.
Mordechai Guri, from Ben-Gurion University in Israel, has written a paper demonstrating the “SATAn” attack on an experimental air-gapped system, that uses malware to enable SATA cables to act as Wi-Fi antennas to illicitly connect the air-gapped system to the threat actor’s system. However the receiving system has to be very close to the system being attacked – for consistent results no more than 120cms away – making this an attack that would also require the threat actor to have physical access to the air-gapped system, something that for these types of very secure systems would be heavily controlled.
Here is the paper:
SATAn: Air-Gap Exfiltration Attack via Radio Signals From SATA Cables – (arxiv.org)
Here is an article about the attack from Ben-Gurion University Advanced Cyber-Security Research Lab:
Air-Gap Research | Advanced Cyber-Security Research Lab (bgu.ac.il)
Clive Catton MSc (Cyber Security) – by-line and other articles
