A superhuman AI will break your security, no matter what
Do you think you can box a superhuman AI? Think again:
Turning a computer into a cellphone by moving data between RAM and CPU: "GSMem: Data Exfiltration from Air-Gapped Computers over GSM Frequencies", Guri et al 2015 https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-guri.pdf
"Hard Drive of Hearing: Disks that Eavesdrop with a Synthesized Microphone", Kwong et al 2019 https://spqr.eecs.umich.edu/papers/Kwong-HDDphone-IEEE-SP-2019.pdf
'Glowworm Attack' Recovers Audio From Devices' Power LEDs https://arstechnica.com/gadgets/2021/08/new-glowworm-attack-recovers-audio-from-devices-power-leds/
BitWhisper: Covert Signaling Channel between Air-Gapped Computers Using Thermal Manipulations", Guri et al 2015 https://ieeexplore.ieee.org/document/7243739
Biohackers Encoded Malware in a Strand of DNA https://www.wired.com/story/malware-dna-hack/
Hackers can now clone your keys just by listening to them with a smartphone https://mashable.com/article/spikey-house-keys-listening-smartphone/
Eavesdropping on Sound Using Variations in Light Bulbs: "New research is able to recover sound waves in a room by observing minute changes in the room's light bulbs." https://schneier.com/blog/archives/2020/06/eavesdropping_o_9.html
Malware Lets a Drone Steal Data by Watching a Computer’s Blinking LED https://www.wired.com/2017/02/malware-sends-stolen-data-drone-just-pcs-blinking-led/
A scary new hack created by researchers can accurately guess your password by listening to the sound of your fingers tapping the phone screen https://arxiv.org/abs/1903.11137
Single Particles of Light Can Be Used for Remote 3D Surveillance [New Scientist] https://archive.is/qd7oE
ESET researchers uncover several instances of malware that uses various attack vectors to target systems isolated by an air gap https://www.welivesecurity.com/2020/05/13/ramsay-cyberespionage-toolkit-airgapped-networks/
Stalker finds pop star’s home by studying the reflections on her pupils in selfies https://nypost.com/2019/10/11/stalker-finds-pop-stars-home-by-studying-the-reflections-on-her-pupils-in-selfies/
Inmates built computers hidden in ceiling, connected them to prison network https://arstechnica.com/tech-policy/2017/04/inmates-built-computers-hidden-in-ceiling-connected-them-to-prison-network/
Initial Analysis of Underhanded Source Code: Source code that appears benign to human review but is actually malicious. https://ida.org/-/media/feature/publications/i/in/initial-analysis-of-underhanded-source-code/d-13166.ashx
A Single Laser Fired Through a Keyhole Can Expose Everything Inside a Room https://gizmodo.com/a-single-laser-fired-through-a-keyhole-can-expose-every-1847638281
"We present a passive non-line-of-sight method that infers the number of people or activity of a person from the observation of a blank wall in an unknown room." https://arxiv.org/abs/2108.13027
Creating Wireless Signals with Ethernet Cable to Steal Data from Air-Gapped Systems https://thehackernews.com/2021/10/creating-wireless-signals-with-ethernet.html
Using deep learning to infer a PIN even if someone covers their hand when using an ATM. They claim 30% of 5-digit PINs were guessed in 3 tries using hidden camera and CNN/LSTM model (while humans only guessed 8%). https://arxiv.org/abs/2110.08113
A deep dive into an NSO zero-click iMessage exploit: “JBIG2 doesn't have scripting capabilities, but when combined with a vulnerability, it does have the ability to emulate circuits of arbitrary logic gates operating on arbitrary memory. So why not just use that to build your own computer architecture and script that!? That's exactly what this exploit does. Using over 70,000 segment commands defining logical bit operations, they define a small computer architecture with features such as registers and a full 64-bit adder and comparator which they use to search memory and perform arithmetic operations. (...) It's pretty incredible, and at the same time, pretty terrifying.” https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html
More: Air-Gap Research Page https://cyber.bgu.ac.il/advanced-cyber/airgap