Digital security is a top priority at First Look Media and we sometimes use air gapped systems for particularly sensitive projects. Working with air gapped machines can make you feel like you’re back in the 80s, though – and not in a good way. So, a few months ago our IT team decided to have some fun while removing the wireless cards from a stack of MacBook Airs. The result is this short but awesome video!
Air Gapping Basics
If you’re not familiar with air gapping, it’s the process of ensuring a system or local network is physically isolated from all other networks, including the office LAN and the Internet.
You typically want to use an air gapped system when you work with data that you need to protect from technically sophisticated actors.
Air gapping is beneficial because it makes a system more difficult to hack than a comparable networked device, since an attacker must have physical access to the machine to even attempt to hack it.
Simple air gapping can be quickly accomplished by disabling networking services at an operating system level. This is far from foolproof, however, since you could accidentally turn the networking back on or malware could activate the wireless networking hardware without alerting the OS (or you).
To mitigate against mistakes and latent threats alike, it’s recommended that you physically remove a system’s networking hardware, especially the wireless hardware.
To go further, once a system is physically separated from other networks, it needs to be isolated from all other non-air gapped devices – including printers, scanners, and removable USB device such as flash drives, DVD drives, etc.
This is a critical step because other hardware can be exploited to either exfiltrate data from an isolated machine back out to a network, or to deliver malware packages onto the machine. To ensure the device’s safety, you want the air gap to be a completely closed system.
In extreme situations air gapped machines can be additionally protected by exclusive use in a strictly controlled secure room. This type of room is often called a Sensitive Compartmented Information Facility (SCIF).
Hardware and Software Challenges
Two challenges have arisen with air gapping as wireless networking becomes ubiquitous and computing platforms become more cloud-centric:
- It’s becoming harder to find hardware with a removable wireless card, as wireless chipsets are now just being soldered right into a device’s main board
- Some vendors of commercial software either require Internet access to activate a license, or demand a hefty price for versions of programs that run offline
The software problem is easier to solve for because you can either agree to the higher cost or explore open source and air gap friendly alternatives – including writing your own tools as we have started to do – but solving for hardware is much harder.
If you need to run macOS, MacBook Airs make for the best air gapped devices because the wireless card removal process is straightforward. Their lightweight size and portability also makes them both easy to work with and to store securely when not in use.
On top of that, the MacBook Air is the only laptop that Apple currently sells with a removable wireless card. Newer MacBook and MacBook Pro models all have integrated wireless chipsets which exempt them from air gapping. Rumor has is that Apple plans to release an updated MacBook Air sometime in 2018 and it’s unknown whether the new model will have a removable wireless card.
If you prefer to run Windows or a security-focused operating system such as Tails, it is still relatively easier to find inexpensive PC laptops with removable wireless cards. As with the trend toward integrated wireless chipsets in Apple laptops, we’re concerned what the future holds for the PC world.
We’ve already seen this move happen with Intel NUCs. The NUC’s Wireless cards were optional add-ons or easily removable from early models, but newer models have integrated chipsets. Our old SecureDrop servers were NUCs with the wireless networking card removed, as recommended by the docs, but we had to go on a hardware scavenger hunt when we rebuilt those servers last year.
We also like the idea behind the hardware kill switches in Purism’s Librem laptops, but the ability to toggle the radio on and off only makes sense when you want to temporarily protect a machine from snooping and not when you need to permanently air gap one.
Air Gapping vs Human Nature
Of course, even air gapped systems can be hacked. Despite all the precautions taken, people make mistakes and isolated devices can still be breached.
The Stuxnet incident provides a prime example of an air gapped systems falling victim to an extremely well crafted attack. In this case, the virus was spread via USB flash drives, and caused debilitating hardware failure in gas centrifuges used in Iran’s uranium enrichment program.
To appreciate the skill required to pull off this attack, it’s worth reading John Byrd’s argument that Stuxnet is “the most sophisticated software in history.”
Next Up … Mystery Chip Paranoia
For most people a computer without network access is as useful as a doorstop, so air gapped systems only really make sense when you’re exceptionally worried about unauthorized access or data leaks, and if you’re exceptional worried, odds are that you cross over into paranoia now and again.
Part two of this post will tell you how our mild paranoia steered us down a deepish rabbit hole and how we ultimately solved an Internet hardware mystery!
Read Part Two Now! Air Gapping a MacBook Air: The Great BCM15700A2 Mystery