While air gaps are probably the closest thing to actual computer security I can imagine, even that didn’t work out so well for the guys at Natanz…
And once you have systems on both sides of the air gap infected, you can even use esoteric techniques like ultrasound from the internal speaker to open up a low bandwith connection to the outside.
Even if you don’t have systems on the far side of the air gap infected, you can still e.g. steal private keys from their CPUs by analyzing EM or acoustic leakage. So in addition to an air gap, you need an EM gap (Faraday cage) and an acoustic gap (a room soundproofed for all the right frequencies).
In general, any physical channel that leaks information might be exploited.
A fancy way of saying “don’t have a wire or path of wires leading to the internet”.
While air gaps are probably the closest thing to actual computer security I can imagine, even that didn’t work out so well for the guys at Natanz… And once you have systems on both sides of the air gap infected, you can even use esoteric techniques like ultrasound from the internal speaker to open up a low bandwith connection to the outside.
Even if you don’t have systems on the far side of the air gap infected, you can still e.g. steal private keys from their CPUs by analyzing EM or acoustic leakage. So in addition to an air gap, you need an EM gap (Faraday cage) and an acoustic gap (a room soundproofed for all the right frequencies).
In general, any physical channel that leaks information might be exploited.