Malware Can Use Fan Noise To Steal Data From Air-Gapped Systems (helpnetsecurity.com)

← Back to Stories (view on slashdot.org)

Malware Can Use Fan Noise To Steal Data From Air-Gapped Systems (helpnetsecurity.com)

Posted by msmash on Friday June 24, 2016 @02:00AM from the security-woes dept.

Reader Orome1 writes: For the last few years, researchers from Ben-Gurion University of the Negev have been testing up new ways to exfiltrate data from air-gapped computers: via mobile phones, using radio frequencies ("AirHopper"); using heat ("BitWhisper"), using rogue software ("GSMem") that modulates and transmits electromagnetic signals at cellular frequencies. The latest version of the data-exfiltration attack against air-gapped computers involves the machine's fans. Dubbed "Fansmitter," the attack can come handy when the computer does not have speakers, and so attackers can't use acoustic channels to get the info.An anonymous reader adds:Malicious applications use the noise emanated by a computer fan's speed to relay information to a nearby recording device and steal data from air-gapped, isolated systems. The attack relies on selecting a fan speed to represent binary "1" and another for binary "0". A specially crafted malware can alter the CPU, GPU or chassis fan speed between these two frequencies and provide a method to relay data from infected systems. Attackers can then place microphones or smartphones to record the sound coming from the infected machine and steal the data. The attack works for distances of one to four meters, and operates in the 100-600 Hz frequency that can be picked up by the human year. Choosing smaller fan speeds or fan speeds that are closer together can make the attack harder to pick up by a human, but also makes it susceptible to background noise.

6 of 95 comments (clear)

Min score:

Reason:

Sort:

Impressive but useful? by DougOtto · 2016-06-24 02:13 · Score: 4, Insightful

Pretty neat idea but in every air-gapped environment I've worked in, getting the cellphone or recording device in would be the more difficult portion of this exercise.

--
Solving Unix problems since 1989...
1. Re:Impressive but useful? by The-Ixian · 2016-06-24 03:42 · Score: 4, Insightful
  
  Let's be honest, the only thing making this "difficult" is the paper (policy) that prevents it
  That... and the fact that you need to get the malware onto the air gapped system.
  Which, as previously noted, really makes this an insider attack vector and not a remote exploit.
  There are probably easier ways for an insider to infiltrate information.
  
  --
  My eyes reflect the stars and a smile lights up my face.
2. Re:Impressive but useful? by rnturn · 2016-06-24 04:28 · Score: 4, Insightful
  
  Yeah, 100-600 hz means we aren't talking about any great amount of data at a time.
  
  Pretty much the first thing I thought of. What baud rate would be possible using this? It couldn't be very high. Each 0-to-1 and 1-to-0 transition would have to wait for the fan speed to stabilize and that would take a variable amount of time depending on the fan size.
  Interesting concept in the lab but would this really work in a real life situation? Many work environments have all sorts of ambient noise that might interfere with being able to detect the computer's fan noise.
  
  --
  CUR ALLOC 20195.....5804M
A rather slow data rate by Anonymous Coward · 2016-06-24 02:17 · Score: 4, Informative

They achieved a speed of 15 bits per minute, so a long time is needed for an attack
Re:Useless... by Anonymous Coward · 2016-06-24 02:23 · Score: 3, Insightful

From TFA: "A specially crafted malware can alter the CPU, GPU or chassis fan speed between these two frequencies and provide a method to relay data from infected systems. "
So, first, you have to get the malware on the target computer. If you can do that, there are better, easier ways to get information off of it.
Re:Nothing New by Anonymous Coward · 2016-06-24 03:02 · Score: 4, Funny

I think he was telling you to keep the damn noise down and shut your windows!