New research into data exfiltration by compromising air-gapped systems has proven that malware can control the acoustic waveform emitted by a CPU’s cooling fan to transmit audio binary data to a remote microphone up to eight meters away.
While previous vulnerabilities in air-gapped systems have been reported and suspected to have been used in the wild, Fansmitter (as it’s called by the researchers) poses new risks as it demonstrates once again that malware can communicate by transmitting sonic and ultrasonic signals, without requiring specialized hardware, such as built-in speakers.
“Using our method we successfully transmitted data from air-gapped computer without audio hardware, to a smartphone receiver in the same room,” reads the paper’s submission. “We demonstrated the effective transmission of encryption keys and passwords from a distance of zero to eight meters, with bit rate of up to 900 bits/hour.”
While the four researchers, Mordechai Guri, Yosef Solewicz, Andrey Daidakulov, Yuval Elovici, used a Dell OptiPlex desktop for their proof-of-concept, they believe any other type of IT equipment, embedded system, or IoT (internet-of-things) device can be manipulated this way, whether they have internal audio hardware or not.
Emphasizing that fans are built into almost all currently available computers, this attack method could be successful on any type of PC that uses fans.
If graphic cards, electromagnetic radiation, FM radio receivers, scanners and lasers have been used in the past for exfiltrating data from isolated computers, this recent research proves that suggests that most computer hardware component can be weaponized by malware.