Now Fan Noise Can Be Used To Steal Data From Air-Gapped Computers

Researchers show fan speed can be modulated to steal data from air-gapped computers

In the past, many research groups have developed methods to steal data from isolated devices disconnected from the Internet using optic, thermal, electromagnetic and acoustic covert channels. Since researchers demonstrated several years ago that data can be stolen using a computerโ€™s internal or external speakers, many organizations have banned these components from air-gapped devices for security reasons.

However, now researchers from Ben-Gurion University of the Negev have discovered a new acoustic data exfiltration method that leverages on a mobile phone positioned in the vicinity of the targeted machine to monitor the computer fans. This version of the data-exfiltration attack against air-gapped computers involves the machineโ€™s fans. The malicious code developed by the researchers can use the deviceโ€™s fans to exfiltrate data. With this method, it sends out bits of data to the mobile phone or any other computer equipped with a microphone.

โ€œOur method utilizes the noise emitted from the CPU and chassis fans which are present in virtually every computer today. We show that a software can regulate the internal fansโ€™ speed in order to control the acoustic waveform emitted from a computer. Binary data can be modulated and transmitted over these audio signals to a remote microphone (e.g., on a nearby mobile phone),โ€ the researchers, led by Mordechai Guri, Head of R&D at the Universityโ€™s CyberSecurity Research Center, explained.

Dubbed โ€œFansmitter,โ€ the attack can be helpful only when the computer does not have speakers, so that the attackers cannot use acoustic channels to get the information.

โ€œPast research has demonstrated that malware can exfiltrate information through an air-gap by transmitting audio signals from the internal or external speakers of desktop computers,โ€ reads the technical paper, entitled โ€œFansmitter: Acoustic data exfiltration from (speakerless) air-gapped computersโ€ published by the experts.

โ€œUsing Fansmitter attackers can successfully exfiltrate passwords and encryption keys from a speakerless air-gapped computer to a mobile phone in the same room from various distances,โ€ researchers wrote in their paper. โ€œBeyond desktop computers, our method is applicable to other kinds of audioless devices, equipped with cooling fans (various types and sizes of fans) such as printers, control systems, embedded devices, IoT devices, and more.โ€

The researchers were able to examine the frequency and the strength of the acoustic noise released by fans that depend on revolutions per minute (RPM). The malicious code can control the fan to rotate at a certain speed to transmit a โ€œ0โ€ bit and a different speed to transmit a โ€œ1โ€ bit.

The noise produced by the fan is included in the 100-600 Hz range, which can be detected by the human ear. However, experts point out those attackers could use several methods to avoid raising suspicion by instructing the malware to release data during hours when no one is in the room. They can also use low or close frequencies, which are less visible.

For their experiment, the researchers used a common Dell desktop computer with CPU and chassis fans, and noises were captured with a Samsung Galaxy S4 smartphone. The testing environment was a computer lab with several other workstations, switches and an air conditioning system โ€“ all of which produced background noise.

The experiment showed that the researchers using low frequencies (1000 RPM for โ€œ0โ€ and 1600 RPM for โ€œ1โ€) over a distance of one meter could transmit 3 bits per minute. In other words, it would take approximately three minutes to transmit 1 byte of each character of a password or an encryption key.

It is possible to have better transfer rate by increasing the frequency in the Fansmitter. For instance, using a rotation range of 2000-2500 RPM the experts transferred 10 bits per minute over a four-meter distance, and the same transfer rate can also be achieved over a distance of eight meters if the frequency is increased. At 4000 โ€“ 4250 RPM, the team transmitted 15 bits per minute over a one-meter distance.

Kavita Iyer
Kavita Iyerhttps://www.techworm.net
An individual, optimist, homemaker, foodie, a die hard cricket fan and most importantly one who believes in Being Human!!!

Read More

Suggested Post