Even the noise from your PC’s fans could be used to steal the data inside. Researchers in Israel have found a way to do just by hijacking the fans inside and manipulating the sounds they create.
The research from Ben-Gurion University of the Negev shows how data could be stolen from “air-gapped” computers, which are not connected to the Internet.
These air-gapped computers are isolated and typically contain the most sensitive information. To hack them, attackers typically need to gain physical access and install malware, possibly through a USB stick.
Past research has shown that once infected, these air-gapped computers could transmit any stolen data through the speakers, in the form of ultrasonic signals. Simply uninstalling the speakers, however, can avoid the risk.
The researchers in Israel have come up with another way to target these air-gapped systems. Their malware can secretly send the data over audio waves generated by the computer’s fans, according to a paper they released on Wednesday.
The malware, called Fansmitter, works by controlling the speed at which the fans run. This can create varying acoustic tones that can be used to transmit the data.
To receive the data, the hackers would need to compromise a nearby mobile phone. This phone could then decode the noise from the fans, assuming the device is close enough to the sound or within eight meters.
Once the noise is decoded, the phone could then relay all information back to the hackers. The researchers tested their malware using a Dell desktop and a Samsung Galaxy S4 phone.
Of course, the malware has its certain limitations. Only up to 15 bits per minute can be transmitted, but it’s enough to send off password and encryption keys, according to the researchers.
Attacking PCs this way also isn’t practical. But given that most PCs and electronics are built with cooling fans, all kinds of devices are potentially vulnerable, the researchers said.
Owners of these air-gapped systems, however, can still prevent the risk. They can use water-cooling systems instead of fans within their computers. Or they can choose to ban the use of mobile phones around their air-gapped systems, the researchers said.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.