Security Experts:

Connect with us

Hi, what are you looking for?


Mobile & Wireless

Malware Can Steal Data From Air-Gapped Devices via Fans

Fansmitter - stealing data using fans

Fansmitter - stealing data using fans

Acoustic data exfiltration is possible from air-gapped computers even if they don’t have any speakers. Researchers have demonstrated that data can be stolen using fans and a mobile phone placed in the vicinity of the targeted machine.

Over the past years, experts have come up with several methods for silently exfiltrating data from isolated devices using optic, thermal, electromagnetic and acoustic covert channels. Since researchers demonstrated several years ago that data can be stolen using a computer’s internal or external speakers, many organizations have banned these components from air-gapped devices for security reasons.

Researchers from Ben-Gurion University of the Negev have discovered a new acoustic data exfiltration method that doesn’t rely on speakers. The method, dubbed Fansmitter, leverages the noise emitted by a computer’s fans to transmit data.

A piece of malware installed on the targeted air-gapped computer can use the device’s fans to send bits of data to a nearby mobile phone or a different computer equipped with a microphone. Several types of fans can be used for the task, but CPU and chassis fans are the perfect target because they can be monitored and controlled using widely available software.

According to experts, the frequency and the strength of the acoustic noise emitted by fans depends on revolutions per minute (RPM). Attackers can control the fan to rotate at a certain speed to transmit a “0” bit and a different speed to transmit a “1” bit.

The noise is in the 100-600 Hz range, which can be detected by the human ear, but experts pointed out that attackers could use several methods to avoid raising suspicion. For instance, they can program the malware to transmit data during hours when no one is in the room (e.g. at night). They can also use low or close frequencies, which are less noticeable.

Researchers have conducted experiments using a regular Dell desktop computer with CPU and chassis fans, and a Samsung Galaxy S4 smartphone with a standard microphone to capture the exfiltrated data. The testing environment was a computer lab with several other workstations, switches and an air conditioning system – all of which produced background noise.

The experiment has shown that attackers can transmit 3 bits per minute using low frequencies (1000 RPM for “0” and 1600 RPM for “1”) over a distance of one meter. This means that it would take roughly three minutes to transmit 1 byte of data (e.g. one character of a password).

The transfer rate is much better at higher frequencies. For instance, at 4000 – 4250 RPM, experts transferred 15 bits per minute over a one-meter distance. At 2000-2500 RPM, they obtained 10 bits per minute over a four-meter distance, and the same transfer rate can also be obtained over a distance of eight meters if the frequency is increased.

“Using Fansmitter attackers can successfully exfiltrate passwords and encryption keys from a speakerless air-gapped computer to a mobile phone in the same room from various distances,” researchers wrote in their paper. “Beyond desktop computers, our method is applicable to other kinds of audioless devices, equipped with cooling fans (various types and sizes of fans) such as printers, control systems, embedded devices, IoT devices, and more.”

Related: “AirHopper” Malware Uses Radio Signals to Steal Data from Isolated Computers

Related: Air-Gapped Computers Can Communicate Through Heat

Related: Data Theft From Air-Gapped Computers Possible via Cellular Frequencies

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

The February 2023 security updates for Android patch 40 vulnerabilities, including multiple high-severity escalation of privilege bugs.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...