‘Fansmitter’ malware can extract data from air-gapped computers

Disconnected from the internet and without audio speakers and microphones, air-gapped computers may be the safest option for protecting an organization against security breaches, but as we know from the Stuxnet outbreak, they aren’t foolproof – a fact that researchers in Israel set out to explore.

Scientists at the Cyber Security Research Center at Ben-Gurion University spent two years developing a new way for data to be stolen from air-gapped machines using only the (mostly inaudible) sound emitted from the cooling fan inside the computer.

The malware, named Fansmitter by its developers, can regulate the internal fans’ speed in order to control the acoustic waveform emitted from a computer.

This binary data can then be picked up by a nearby microphone (such as that of a compromised cell phone) and transferred to the attacker via Wi-Fi or SMS. Receiving devices can also be computers with microphone or laptops.

The full technical details of Fansmitter have been outlined in the study, which is currently under peer review.

So far the software has been able to successfully transmit sensitive data such as encryption keys and passwords at a rate of 15 to 20 bits per minute, but researchers say that they are working on making the process faster.

Developers of Fansmitter said: “Our method can also be used to leak data from different types of IT equipment, embedded systems, and IoT devices that have no audio hardware, but contain fans of various types and sizes.”

This study demonstrates the new and creative ways that attackers can access even the most secure of computers, exemplifying the importance of vigilance even from within the most secure systems.

 

Author , We Live Security

Follow us

Copyright © 2016 ESET, All Rights Reserved.