Researchers steal data from air-gapped computer by controlling the noise from the fans
Researchers in Israel have found a new way to hack PCs to make them vulnerable to release sensitive data encoded within by hijacking the fans. This means that even if the PC is not physically connected to the Internet, the new hack can leak sensitive information stored in the computer by manipulating the sounds created by their hard drives.
This latest technique of attack is known as DiskFiltration. The research from Ben-Gurion University of the Negev shows how data could be stolen from “air-gapped” computers, which are not connected to the Internet and any local networks and how they are not safe from hackers.
“An air-gap isolation is considered to be a hermetic security measure which can prevent data leakage,” Mordechai Guri, a security researcher from Ben-Gurion University, told Ars Technica.
“Confidential data, personal information, financial records, and other type of sensitive information [are] stored within isolated networks. We show that despite the degree of isolation, the data can be exfiltrated (for example, to a nearby smartphone).”
The researchers published their finding in a paper titled, “DiskFiltration: Data Exfiltration from Speakerless Air-Gapped Computers via Covert Hard Drive Noise,” describing a unique technique that uses acoustic signals (or sound signals) released from the hard disk drive (HDD) of the infected air-gapped computer to transfer the stolen data (passwords, cryptographic keys, keylogging data, etc.).
The data that has been stolen by the malware is encoded and then transmitted via the noises the computer’s hard drive makes to a diverting device in the immediate vicinity.
“[M]alware installed on a compromised machine can generate acoustic emissions at specific audio frequencies by controlling the movements of the HDD’s actuator arm,” the researchers write in their paper, referring to the component that reads data off a hard disk platter, much like a needle on a vinyl turntable.
Your hard drive will make noises once you turn on your PC. Those noises are the platter spinning and physically engaging with the actuator that makes all the noise. By manipulating that interaction, the researchers have shown that it is possible to relay a code that malicious devices can “hear” and turn into another code.
“Digital Information can be modulated over the acoustic signals and then be picked up by a nearby receiver (e.g. smartphone, smartwatch, laptop, etc.),” the team explains.
DiskFiltration can infect a Linux based PC and then control the hard drive operations from there. During their test video, the researchers used a Samsung Galaxy S4 to record not only the noise produced by the device but also used it to decrypt it.
While the hack has all the capabilities to send all kinds of data through binary numbers, the transmission rate is quite slow at 180 bits per minute with an effective range of about six feet. As the hack is still in its initial stage, it may just better over a period of time leading to a more secret method of hacking data like this.
The researchers have advised the owners of air-gapped systems to switch to SSDs, as the hack only works on hard drives. The SSDs create no noise at all due to their flash memory and lack of any moving mechanical parts.
This isn’t the first time that researchers have shown how audio vulnerabilities can be used to secretly transmit data. Back in June, the same team responsible for DiskFiltration showed a similar PC vulnerability called Fansmitter, which works by controlling the speed at which the fans run. This can create varying acoustic tones that can be used to transmit the same kind of sensitive information.
Similarly, researchers at the University of California, Irvine have been working on 3D printers that could reverse the sounds and make it difficult to hack. Still, 3D printers themselves are susceptible to getting infected.
Watch the video below that show the researchers explain more about the method.