Since 2008, the Korean government has instituted network separation technology, which physically isolates external internet networks from internal networks, aiming to thwart cyber-attacks. Consequently, the domestic financial sector was largely unaffected during global crises (2017 WannaCry ransomware outbreak and the 2021 Log4j vulnerability incident). However, there exist certain vulnerabilities owing to the presumption of their relative safety against cyber intrusions and the integration of cloud and Internet of Things (IoT) technologies in the current smart revolution. The existing network separation measures only mitigate one facet of potential cyber threats, rendering a comprehensive defense elusive. The rise of “air-gap” attacks, which exploit the isolated space between closed and external networks to illicitly transfer data and the existing research primarily substantiating the potential for data breaches from closed networks to their external counterparts are problems yet to be addressed. Thus, our study proposed a tangible optical air-gap attack methodology, harnessing readily available optical mediums within closed networks. Intricate measurement metrics that consider vital factors of the transmission environment were proposed. Moreover, acknowledging the proliferating integration of IoT devices, such as smart bulbs, to facilitate automation within closed networks, this study demonstrated the viability of optical air-gap attacks using these devices.

中文翻译：

---

光气隙攻击：分析和物联网威胁影响


自 2008 年以来，韩国政府制定了网络隔离技术，将外部互联网与内部网络物理隔离，旨在阻止网络攻击。因此，在全球危机期间（2017年WannaCry勒索软件爆发和2021年Log4j漏洞事件），国内金融部门基本没有受到影响。然而，由于其针对网络入侵的相对安全性的假设以及当前智能革命中云和物联网（IoT）技术的融合，存在一定的漏洞。现有的网络隔离措施只能缓解潜在网络威胁的一个方面，使得全面的防御难以实现。 “气隙”攻击的兴起，利用封闭网络和外部网络之间的隔离空间来非法传输数据，而现有的研究主要证实了从封闭网络到外部网络的数据泄露的可能性，这些都是尚未解决的问题。因此，我们的研究提出了一种有形的光学气隙攻击方法，利用封闭网络内现成的光学介质。提出了考虑传输环境重要因素的复杂测量指标。此外，由于认识到智能灯泡等物联网设备的集成激增，以促进封闭网络内的自动化，因此这项研究证明了使用这些设备进行光学气隙攻击的可行性。