Home Activities Scientists says Hack an offline PC by listening to its fans

Scientists says Hack an offline PC by listening to its fans

A team of researchers claim they’ve developed malware that can extract
data from an isolated computer with no internet connection, camera or
audio hardware—all by using sounds generated by the machine’s processor
and cooling fans.
In a new paper,
researchers at Israel’s Ben Gurion University describe an attack meant
to be used against isolated or “air-gapped” machines that wouldn’t
normally be accessible. While others have demonstrated ways of doing
this using ultrasonic waves coming from a machine’s speakers, the method
the Israeli researchers describe works by controlling and listening to
the speed of the machine’s fans and CPU, and doesn’t require it to have
any speakers, cameras or other hardware.

“Using our method we successfully transmitted data from [an] air-gapped
computer without audio hardware, to a smartphone receiver in the same
room,” the researchers says.

It’s not the first time that audio signals have been used to extract data from air-gapped machines. Previous malware demonstrations
have shown that PCs’ internal and external speakers could use similar
techniques to broadcast data signals via audio to capture devices.
We show that our method can also be used to leak data from
different types of IT equipment, embedded systems, and IoT devices that
have no audio hardware, but contain fans of various types and sizes.”

(adsbygoogle = window.adsbygoogle || []).push({});

malware, which infects machines via a sneaky double-agent
wielding a USB stick, works a bit like morse code. Once installed, it
locates data on the machine and transmits it by controlling the speed of
the machine’s CPU and cooling fans, creating acoustic waveforms that
are then received and deciphered by a nearby listening device.

This capability led some to think that, to make computers truly
secure, they need to be audio-gapped (with all audio speakers disabled)
in addition to being air-gapped (cut off from any non-secure networks) –
but the new approach shows that even audio-gapping may not be enough in
some circumstances to entirely lock down a PC.

The researchers say they were able to exfiltrate data at up to 900
bits/hour, with a listening device placed within 8 meters of the
machine. While that’s hardly ideal for downloading a new Taylor Swift
album, it’s just fine for stealing passwords and encryption keys.



Please enter your comment!
Please enter your name here