Imagine you’re a cybercriminal and you want to steal information from a malware-infected PC that isn’t connected to the internet, isn’t connected to any other computers, and that you don’t have any physical access to.
How would you do it?
Without being able to physically reach the isolated computer, and without any network connections, you’re going to have to use your imagination.
And that’s precisely what researchers from the Ben-Gurion University of the Negev in Israel have done, dreaming up the the concept of the Fansmitter malware, capable of transmitting sensitive information from the PC by adjusting its fan speed.
In their technical paper, entitled “Fansmitter: Acoustic data exfiltration from (speakerless) air-gapped computers”, Mordechai Guri, Yosef Solewicz, Andrey Daidakulov, Yuval Elovici describe how such an attack works:
“Our method utilizes the noise emitted from the CPU and chassis fans which are present in virtually every computer today. We show that a software can regulate the internal fans’ speed in order to control the acoustic waveform emitted from a computer. Binary data can be modulated and transmitted over these audio signals to a remote microphone (e.g., on a nearby mobile phone).”
Similar attacks have been postulated by malware sending high frequency sounds through a computer’s built-in speaker in the past, but there has been an obvious (if rudimentary) solution to that threat – remove the speaker.
Such a solution isn’t really practical when it comes to your computer’s fan.
Before you get too fearful that your computer’s fan is sharing your personal or business secrets, it’s important to underline some important points:
In short, the method of attack is unusual and interesting, but probably not practical in the vast majority of cases. Aside from the difficulty of infecting a target computer in the first place, there are some obvious other considerations.
For instance, any attacker using the method faces the challenge of either having users notice the unusually loud behaviour fo their computer’s fan, or drastically reduce the distance over which data can be stolen.
For now I wouldn’t lose too much sleep about this particular elaborate method of data exfiltration. Although it never makes sense to turn an entirely blind eye to potential threats, there are much more serious real and present dangers that the typical IT security manager should be treating as a priority instead.
Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.View all posts
May 16, 2023
March 10, 2023
April 22, 2021
April 22, 2021
April 13, 2021