Industry News

Air-Gapped Systems Vulnerable to Data Exfiltration via Fan-Controlling Malware, According to Israeli Researchers

New research into data exfiltration by compromising air-gapped systems has proven that malware can control the acoustic waveform emitted by a CPU’s cooling fan to transmit audio binary data to a remote microphone up to eight meters away.

While previous vulnerabilities in air-gapped systems have been reported and suspected to have been used in the wild, Fansmitter (as it’s called by the researchers) poses new risks as it demonstrates once again that malware can communicate by transmitting sonic and ultrasonic signals, without requiring specialized hardware, such as built-in speakers.

“Using our method we successfully transmitted data from air-gapped computer without audio hardware, to a smartphone receiver in the same room,” reads the paper’s submission. “We demonstrated the effective transmission of encryption keys and passwords from a distance of zero to eight meters, with bit rate of up to 900 bits/hour.”

While the four researchers, Mordechai Guri, Yosef Solewicz, Andrey Daidakulov, Yuval Elovici, used a Dell OptiPlex desktop for their proof-of-concept, they believe any other type of IT equipment, embedded system, or IoT (internet-of-things) device can be manipulated this way, whether they have internal audio hardware or not.

Emphasizing that fans are built into almost all currently available computers, this attack method could be successful on any type of PC that uses fans.

If graphic cards, electromagnetic radiation, FM radio receivers, scanners and lasers have been used in the past for exfiltrating data from isolated computers, this recent research proves that suggests that most computer hardware component can be weaponized by malware.

About the author

Liviu ARSENE

Liviu Arsene is the proud owner of the secret to the fountain of never-ending energy. That's what's been helping him work his everything off as a passionate tech news editor for the past couple of years. He is the youngest and most restless member of the Bitdefender writer team and he covers mobile malware and security topics with fervor and a twist. His passions revolve around gadgets and technology, and he's always ready to write about what's hot and trendy out there in geek universe.