Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Malware Can Steal Data From Air-Gapped Devices via Fans

Fansmitter - stealing data using fans

Fansmitter - stealing data using fans

Acoustic data exfiltration is possible from air-gapped computers even if they don’t have any speakers. Researchers have demonstrated that data can be stolen using fans and a mobile phone placed in the vicinity of the targeted machine.

Over the past years, experts have come up with several methods for silently exfiltrating data from isolated devices using optic, thermal, electromagnetic and acoustic covert channels. Since researchers demonstrated several years ago that data can be stolen using a computer’s internal or external speakers, many organizations have banned these components from air-gapped devices for security reasons.

Researchers from Ben-Gurion University of the Negev have discovered a new acoustic data exfiltration method that doesn’t rely on speakers. The method, dubbed Fansmitter, leverages the noise emitted by a computer’s fans to transmit data.

A piece of malware installed on the targeted air-gapped computer can use the device’s fans to send bits of data to a nearby mobile phone or a different computer equipped with a microphone. Several types of fans can be used for the task, but CPU and chassis fans are the perfect target because they can be monitored and controlled using widely available software.

According to experts, the frequency and the strength of the acoustic noise emitted by fans depends on revolutions per minute (RPM). Attackers can control the fan to rotate at a certain speed to transmit a “0” bit and a different speed to transmit a “1” bit.

The noise is in the 100-600 Hz range, which can be detected by the human ear, but experts pointed out that attackers could use several methods to avoid raising suspicion. For instance, they can program the malware to transmit data during hours when no one is in the room (e.g. at night). They can also use low or close frequencies, which are less noticeable.

Researchers have conducted experiments using a regular Dell desktop computer with CPU and chassis fans, and a Samsung Galaxy S4 smartphone with a standard microphone to capture the exfiltrated data. The testing environment was a computer lab with several other workstations, switches and an air conditioning system – all of which produced background noise.

The experiment has shown that attackers can transmit 3 bits per minute using low frequencies (1000 RPM for “0” and 1600 RPM for “1”) over a distance of one meter. This means that it would take roughly three minutes to transmit 1 byte of data (e.g. one character of a password).

Advertisement. Scroll to continue reading.

The transfer rate is much better at higher frequencies. For instance, at 4000 – 4250 RPM, experts transferred 15 bits per minute over a one-meter distance. At 2000-2500 RPM, they obtained 10 bits per minute over a four-meter distance, and the same transfer rate can also be obtained over a distance of eight meters if the frequency is increased.

“Using Fansmitter attackers can successfully exfiltrate passwords and encryption keys from a speakerless air-gapped computer to a mobile phone in the same room from various distances,” researchers wrote in their paper. “Beyond desktop computers, our method is applicable to other kinds of audioless devices, equipped with cooling fans (various types and sizes of fans) such as printers, control systems, embedded devices, IoT devices, and more.”

Related: “AirHopper” Malware Uses Radio Signals to Steal Data from Isolated Computers

Related: Air-Gapped Computers Can Communicate Through Heat

Related: Data Theft From Air-Gapped Computers Possible via Cellular Frequencies

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

Asus patched nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks.