Scientists in Israel just showed you can hack an offline PC by listening to its fans
If you really want to make sure your computer doesn’t get hacked, disconnecting it from the internet is a good place to start – but that ‘air gap’ alone isn’t necessarily enough to prevent data being filched from your PC, new research has shown.
Scientists in Israel have demonstrated a new way for data to be extracted from even air-gapped (physically isolated) computers, with a new malware attack that combs data from the whirring sound of your PC’s internal fan.
That’s right – the sound of your computer keeping itself cool can now be turned against it, thanks to a malware program called Fansmitter, devised by researchers at the Ben-Gurion University of the Negev Cyber Security Research Centre.
Once a computer is infected with Fansmitter, the program can “acoustically exfiltrate data from air-gapped computers, even when audio hardware and speakers are not present,” the researchers write in their paper.
The malware does this by regulating the internal fans’ speed to generate an acoustic waveform emitted by the PC. In other words, like a parasite, Fansmitter takes some data from your PC, then takes over the fan, and uses it like a mouthpiece to generate subtle audio signals based on the data, which can then be detected and interpreted by a nearby device.
As the team explains, “[b]inary data can be modulated and transmitted over these audio signals to a remote microphone (eg., on a nearby mobile phone)”.
It’s not the first time that audio signals have been used to extract data from air-gapped machines. Previous malware demonstrations have shown that PCs’ internal and external speakers could use similar techniques to broadcast data signals via audio to capture devices.
This capability led some to think that, to make computers truly secure, they need to be audio-gapped (with all audio speakers disabled) in addition to being air-gapped (cut off from any non-secure networks) – but the new approach shows that even audio-gapping may not be enough in some circumstances to entirely lock down a PC.
Of course, for the Fansmitter attack to work, before the computer can be coerced into spilling its secrets, it has to be infected with the malware in the first place. And for an air-gapped computer that could be easier said than done, requiring physical access to the machine – although workers being less than careful with compromised USB keys have unwittingly infected PCs in very delicate situations before.
There’s also the matter of how sluggish Fansmitter is. The researchers were able to exfiltrate data at a rate of 900 bits per hour, which on the whole is very slow – but, of course, it’s likely to be fast enough to transmit potentially valuable portions of things like text.
As Joshua Kopstein at Motherboard puts it: “While that’s hardly ideal for downloading a new Taylor Swift album, it’s just fine for stealing passwords and encryption keys.”
The study has been published on pre-print website arXiv.org, which means it hasn’t been peer reviewed yet, but the team are now seeking feedback from other researchers before submitting it for publication in a journal.
At the end of the day, most of us probably don’t need to be too concerned about this type of attack. But if you spot a strange-looking phone lying around on your PC desk, you might just want to think about moving it to another location.