One solution is to “air-gap” important systems, or separate them from other computers and the network at large by removing any remote access. It’s a solid plan, but now researchers from the Cyber Security Labs at Ben Gurion University have skirted that security method. The team managed to transfer data using an infected PC’s cooling fans.
To do this, the computer has to be infected with malware designed for it. Once it’s installed, the malware flips the fan speed between 1,000 RPM and 1,600 RPM, an audible difference that a microphone, like one found on a smartphone, can easily pick up on. The demo shows the computer rattling off a long chain of numbers, in binary because of the fan’s two speeds, and a nearby phone listening and interpreting.
In doing so, the malware effectively defeats the air gap. A computer with absolutely nothing connected to it — not even a monitor — could still have data stolen with this attack. The catch, of course, is that a device with a microphone needs to be planted near the target device. That means this malware is never going to target massive numbers of users, but it could still be used to pull off heists worthy of a Bond film.
The malware, which the team calls “Fansmitter,” allows for up to 1,200 bits an hour to be transmitted, in ones and zeroes, over the air to a phone. That’s a full 150 alphanumeric characters per hour, more than enough to steal a couple of passwords or an encryption key.
Malware that attacks air-gapped systems has become an increasingly popular topic over the last few years, as the methods of limiting access to a networked machine become less effective. Fansmitter is not the most practical attack, but it proves that even keeping a system disconnected from the Internet — and any peripherals — does not provide absolute security.
- Laptop with some of world’s most dangerous malware sells for $1.35 million
- Wait, what? These ridiculous hacks will make you do a double-take
- New malware will crash your PC if you try to thwart its digital coin mining
- From pranks to nuclear sabotage, this is the history of malware
- Off-the-shelf smart home devices are a lot less safe than you think, report says