3 min read

How malware could steal data from an air-gapped PC - via its fan

Graham CLULEY

June 24, 2016

How malware could steal data from an air-gapped PC - via its fan

Imagine you’re a cybercriminal and you want to steal information from a malware-infected PC that isn’t connected to the internet, isn’t connected to any other computers, and that you don’t have any physical access to.

How would you do it?

Without being able to physically reach the isolated computer, and without any network connections, you’re going to have to use your imagination.

And that’s precisely what researchers from the Ben-Gurion University of the Negev in Israel have done, dreaming up the the concept of the Fansmitter malware, capable of transmitting sensitive information from the PC by adjusting its fan speed.

In their technical paper, entitled “Fansmitter: Acoustic data exfiltration from (speakerless) air-gapped computers”, Mordechai Guri, Yosef Solewicz, Andrey Daidakulov, Yuval Elovici describe how such an attack works:

“Our method utilizes the noise emitted from the CPU and chassis fans which are present in virtually every computer today. We show that a software can regulate the internal fans’ speed in order to control the acoustic waveform emitted from a computer. Binary data can be modulated and transmitted over these audio signals to a remote microphone (e.g., on a nearby mobile phone).”

fansmitter-1

Similar attacks have been postulated by malware sending high frequency sounds through a computer’s built-in speaker in the past, but there has been an obvious (if rudimentary) solution to that threat – remove the speaker.

Such a solution isn’t really practical when it comes to your computer’s fan.

Before you get too fearful that your computer’s fan is sharing your personal or business secrets, it’s important to underline some important points:

  1. Your computer cannot be infected by malware via sound. Your computer would need to be already compromised and infected by malware to interpret sound waves collected by its microphone as malicious instructions. And if a computer is already infected, where would be the attraction in infecting it again via the sound of some noisy fans?
  2. If your computer is air-gaped from the rest of the world, what are the chances that a malicious attacker would be able to infect it with malicious code in the first place to start sharing its secrets by messing around with its fan speed? The most likely route might be via malware on a USB stick being shared with individuals who use the victim PC, or to have meddled with its software somewhere along it’s supply chain – but it’s not a method of attack that is likely to be deployed against the vast majority of computer users.
  3. You don’t just have to have a target computer that has been compromised and pumping out data via the fan. You also need a device which can receive the data – it needs to be physically close by (the researchers claim from one to four meters distance).
  4. Not only does the surveillance device picking up on the sound of the fan need to be close by, it also needs to be present for an extended period of time. In some of its tests the researchers were only able to steal 3 bits (not bytes!) per minute – getting as high as 15 bits per minute when they raised the fan’s oscillation speed.

In short, the method of attack is unusual and interesting, but probably not practical in the vast majority of cases. Aside from the difficulty of infecting a target computer in the first place, there are some obvious other considerations.

For instance, any attacker using the method faces the challenge of either having users notice the unusually loud behaviour fo their computer’s fan, or drastically reduce the distance over which data can be stolen.

For now I wouldn’t lose too much sleep about this particular elaborate method of data exfiltration. Although it never makes sense to turn an entirely blind eye to potential threats, there are much more serious real and present dangers that the typical IT security manager should be treating as a priority instead.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Romance scammers arrested in Texas for defrauding elderly lonely hearts Romance scammers arrested in Texas for defrauding elderly lonely hearts
Graham CLULEY

September 28, 2021

3 min read
iCloud Private Relay Vulnerability Exposes User IP Addresses, Researchers Find iCloud Private Relay Vulnerability Exposes User IP Addresses, Researchers Find
Silviu STAHIE

September 27, 2021

1 min read
Bitcoin.org Compromised; Attackers Posted “Double Your Money” Announcement Bitcoin.org Compromised; Attackers Posted “Double Your Money” Announcement
Silviu STAHIE

September 27, 2021

1 min read