I’ve been reading up on malware that can bridge air gaps between computers, like GSMem, Funtenna, etc. In the papers and articles I’ve been reading, the researchers mostly talking about getting files and data out of air-gapped computers using parts and components of the computer not normally used for networkingor sending and receiving data.
My questions are:
- How do attackers know which files to exfiltrate out of the air-gapped computer, since in the methods seem to only be able to get data out instead of also allowing the attacker to send communications TO the target computer?
- Is it possible at all for attackers using these kinds of malware to send commands to or control air-gapped computers?