| Recurring |
unknown |
<Article 34480> does not provide information about a specific software failure incident happening again at a particular organization or multiple organizations. Therefore, the information related to the software failure incident happening again at one organization or multiple organizations is unknown. |
| Phase (Design/Operation) |
unknown |
The articles do not provide information about a software failure incident related to the development phases, specifically design or operation. |
| Boundary (Internal/External) |
within_system |
(a) within_system: The software failure incident described in the article is related to a technique called BitWhisper, developed by security researchers at Ben Gurion University in Israel. This technique involves using heat emissions and a computer's built-in thermal sensors to communicate with air-gapped systems. The failure originates from within the system as the malware designed by the researchers manipulates the heat emissions of the transmitting computer to send commands to the air-gapped system [34480].
(b) outside_system: The software failure incident is not directly attributed to contributing factors originating from outside the system. The attack described in the article involves manipulating heat emissions and thermal sensors within the system to communicate with air-gapped systems, rather than relying on external factors for the failure [34480]. |
| Nature (Human/Non-human) |
non-human_actions |
(a) The software failure incident in the article is related to non-human actions. The incident involves a method called BitWhisper, developed by security researchers at Ben Gurion University in Israel, which allows attackers to retrieve data from an air-gapped computer using only heat emissions and a computer's built-in thermal sensors. This method enables attackers to surreptitiously siphon passwords or security keys from a protected system and transmit the data to an internet-connected system controlled by the attackers. The attack requires both systems to be compromised with malware and works by using controlled increases of heat to communicate binary code between the transmitting and receiving systems. The malware on each system can search for nearby PCs by emitting thermal pings to establish a connection for data transmission [34480].
(b) The software failure incident is not directly related to human actions causing the failure. The attack method described in the article, BitWhisper, relies on exploiting the heat emissions and thermal sensors of computers to communicate between air-gapped and internet-connected systems. While the attack itself involves malware and controlled heat emissions, the failure is not attributed to specific human actions introducing contributing factors that led to the incident [34480]. |
| Dimension (Hardware/Software) |
hardware, software |
(a) The software failure incident related to hardware can be seen in the article where researchers at Ben Gurion University in Israel found a way to retrieve data from an air-gapped computer using only heat emissions and a computer's built-in thermal sensors. This method involves manipulating the hardware components, specifically the thermal sensors, to communicate with the air-gapped system [34480].
(b) The software failure incident related to software can be observed in the same article where the researchers developed malware to take advantage of the hardware vulnerability. The malware was designed to manipulate the thermal sensors and control the heat emissions of the computers to communicate and transmit data between the air-gapped system and an internet-connected system. This software-based attack exploited the hardware vulnerability for data exfiltration and command transmission [34480]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The objective of the software failure incident was malicious. The researchers at Ben Gurion University in Israel developed a method called BitWhisper to retrieve data from air-gapped computers using only heat emissions and thermal sensors. This method would allow attackers to surreptitiously siphon passwords or security keys from a protected system and transmit the data to an internet-connected system controlled by the attackers. They could also send malicious commands to the air-gapped system using the same heat and sensor technique [34480]. The attack required both systems to be compromised with malware, and the researchers demonstrated how they could send commands from one computer to an adjacent air-gapped machine to re-position a missile-launch toy controlled by the air-gapped system [34480].
(b) The software failure incident was non-malicious. The researchers at Ben Gurion University in Israel were conducting a proof-of-concept experiment to demonstrate the vulnerability of air-gapped systems to attacks using heat emissions and thermal sensors. Their objective was to show the potential security risks associated with such systems and to highlight the need for improved security measures to protect against such attacks [34480]. |
| Intent (Poor/Accidental Decisions) |
unknown |
The intent of the software failure incident described in the article is not related to poor decisions or accidental decisions. Instead, the article discusses a sophisticated method developed by security researchers at Ben Gurion University in Israel to retrieve data from air-gapped systems using heat emissions and thermal sensors, highlighting potential security vulnerabilities in such systems [34480]. |
| Capability (Incompetence/Accidental) |
unknown |
The articles do not provide information about a software failure incident related to development incompetence or accidental factors. |
| Duration |
unknown |
The articles do not mention any specific software failure incident related to either a permanent or temporary duration. |
| Behaviour |
other |
(a) crash: The articles do not mention any software failure incident related to a crash where the system loses state and does not perform any of its intended functions.
(b) omission: The articles do not mention any software failure incident related to an omission where the system omits to perform its intended functions at an instance(s).
(c) timing: The articles do not mention any software failure incident related to timing where the system performs its intended functions correctly, but too late or too early.
(d) value: The articles do not mention any software failure incident related to a failure due to the system performing its intended functions incorrectly.
(e) byzantine: The articles do not mention any software failure incident related to a byzantine failure where the system behaves erroneously with inconsistent responses and interactions.
(f) other: The articles describe a software failure incident where researchers at Ben Gurion University in Israel demonstrated a method called BitWhisper that allows attackers to surreptitiously siphon passwords or security keys from an air-gapped system using heat emissions and a computer's built-in thermal sensors. This behavior of using heat emissions to communicate and transmit data between air-gapped systems represents a unique and unconventional method of compromising system security [34480]. |