Even speakerless air-gapped computers can be hacked – via the fans
Fri 24 Jun 2016
Israeli researchers have discovered a method of exfiltrating data from computers using just the variations in fan noise, which become more or less active in response to CPU temperatures.
The exploit can bypass the security measure of removing or never installing speakers in a computer, since transmission between airgapped machines was proved possible a few years ago by the badBIOS malware, which used high-frequency transmissions between computers’ speakers and microphones to bridge the gap.
The paper, from a team led by Mordechai Guri at The BGU Cyber Security Research Center, outlines the creation of Fansmitter, which is able to modulate the sound of a computer’s fans in a precise enough manner that data can be passed to an air-gapped neighbouring machine with an active microphone.
The researchers were able to pass encryption keys and passwords across the air-gap at distances between zero to 27 feet at a bitrate ceiling of 900 bits per hour. The tests also demonstrated that a variety of IT equipment, including embedded systems and IoT devices, are susceptible to being used in this way, so long as they have a regulating fan.
‘Our method utilizes the noise emitted from the CPU and chassis fans which are present in virtually every computer today. We show that a software can regulate the internal fans’ speed in order to control the acoustic waveform emitted from a computer. Binary data can be modulated and transmitted over these audio signals to a remote microphone (e.g., on a nearby mobile phone)’
The technique can equally be applied to GPU as CPU fans. The team tested Fansmitter with a Dell OptiPlex 9020 running on an Intel Core i7-4790 motherboard with an Intel Q87 chipset. The receiver was a Samsung Galaxy S4 I9500 mobile phone bearing a standard microphone with a sampling rate of 44.1khz. The test environment was a computer lab with standard ambient noise, seven workstations, seven network switches and an aircon system.
The researchers concede that environmental noise does have a deleterious effect on the signal-to-noise factor that Fansmitter must operate in, making very noisy working environments a potential obstacle to a workable bitrate or an adequately clear signal.
Countermeasures indicated in the paper include the restriction of microphone-bearing devices – such as mobile phones – in sensitive working areas, the use of software detection capable of identifying the transmission attempts, and the installation of quieter fans.