Fansmitter

Acoustic Data Exfiltration from (Speakerless) Air-Gapped Computers

In this paper, we present Fansmitter, a malware that can acoustically exfiltrate data from air- gapped computers, even when audio hardware and speakers are not present. Our method utilizes the noise emitted from the CPU and chassis fans which are present in virtually every computer today. We show that a software can regulate the internal fans' speed in order to control the acoustic waveform emitted from a computer. [...] We demonstrated the effective transmission of encryption keys and passwords from a distance of zero to eight meters, with bit rate of up to 900 bits/hour.

Previously, previously, previously, previously, previously.

Tags: , ,

8 Responses:

  1. Chas. Owens says:

    Given that fans are no longer required for decently powered machines (see the computer in your pocket), this attack vector should be easy to mitigate. Of course, that assumes the government is will buy new stuff.

  2. Bob Frobber says:

    900 bits an hour? That's 15 bits per minute.

    Can't you just...use pen and paper to write the data down faster than that? And as a bonus, you don't destroy the bearings on your CPU fans.

    (The one experience I have using air-gapped computers, the company used VMWare Horizon to virtualize the secured environment. More buzzword-compliant and also immune to this particular attack vector.)

  3. thielges says:

    Seems like it would be easier to strobe the monitor and recover data from reflected light.

    But what about headless systems you say? Those are usually in rack mounted arrays where the noise of other fans drown out the betraying fan.

    A hack in search of a credible exploit.

  4. jwb says:

    900 bits per hour! And they say that ISDN is dead.

  5. MattyJ says:

    But can it play Daisy Bell?

  6. Chris says:

    These "I don't see the reason for this" comments are preeetty disappointing.

    • Beter Pierman says:

      They think they have nothing to hide. And they sense that nothing can be hidden.

  7. So the scenario is you can infect an airgapped machine, and get a microphone close to it, but not exfiltrate data any other way? Seems pretty specialized.

  • Previously