Cyber Security Researchers Exfiltrated Data from Isolated Computers

This post is also available in: עברית (Hebrew)

Researchers from the Ben-Gurion University of the Negev (BGU) have demonstrated that an unmodified USB connected to a computer with malicious code can be used to steal data from infected and “air-gapped” computers.

Because computers may contain or interact with sensitive information, they are often “air-gapped” and in this way kept isolated and disconnected from the Internet.

In recent years the ability of malware to communicate over an “air-gap” by transmitting sonic and ultrasonic signals from a computer speaker to a nearby receiver has been shown. In order to eliminate such acoustic channels, current best practice recommends the elimination of speakers (internal or external) in secure computers.

The researchers, led by Mordechai Guri, developed Fansmitter, a malware that can acoustically exfiltrate data from “air-gapped” computers, even when audio hardware and speakers are not present. Their method utilizes the noise emitted from the CPU and chassis fans which are present in virtually every computer today. They show that a software can regulate the internal fans’ speed in order to control the acoustic waveform emitted from a computer. They demonstrated the effective transmission of encryption keys and passwords from a distance of zero to eight meters, with bit rate of up to 900 bits/hour. This method can also be used to leak data from different types of IT equipment, embedded systems, and IoT devices that have no audio hardware, but contain fans of various types and sizes.

The team successfully transmitted data from “air-gapped” computer without audio hardware, to a smartphone receiver in the same room.

Based on Ben-Gurion University website