Hackers can steal data through PC fan vibrations

Researchers show how fan speeds can be regulated to encode and transmit sensitive data

Cyber criminals can exfiltrate sensitive data from a PC sat within an air-gapped system by using malware to manipulate the vibrations from internal CPU and GPU fans, it has emerged.

By exploiting ‘air-gap covert channels’, hackers can steal data from systems totally isolated from network connectivity, beyond tightly-controlled local networks. Such air-gapped systems are normally used by corporate or government networks, and computer systems used for national defence.

Advertisement - Article continues below

Breaching systems without physical or network access is a challenge, but researchers have proven that a PC’s internal fans, such as GPU, CPU or chassis fans, can be encoded with internally-stored data.

Computers are known to vibrate at a frequency that correlates with the rotation speed of internal fans. These vibrations can’t be heard, but can be felt on nearby surfaces, like a neighbouring desk.

However, it has been discovered that malware can be used to regulate the rotation speed of internal PC fans, the fluctuating vibrations from which can be encoded with sensitive data stored on these machines, according to Mordechai Guri, the head of R&D at Israel’s Ben-Gurion University of the Negev, as reported by ZDNet.

Academic research shows that vibrations generated by malware installed on an air-gapped system, which Guri branded as AiR-ViBeR, can encode binary information and modulate this over a low-frequency vibrational carrier.

Advertisement
Advertisement - Article continues below

This can subsequently be decoded using the accelerometer built-into any smartphone. By placing the device onto a nearby surface, software can be used to reconstruct the manipulated vibrations back into meaningful data.

There are a host of methods that cyber criminals could deploy to steal data from air-gapped systems, ranging from LED indicators on hard drives to screen brightness variations. However, Guri’s latest research is the first proving that vibrations can be manipulated to successfully transmit sensitive data from machines in air-gapped systems.

Advertisement - Article continues below

Although this method is perfectly feasible, it’s not likely to be deployed in real-life scenarios due to practicality reasons.

The research team managed to achieve a data exfiltration rate of only half a bit per second through fan vibrations in a test run, suggesting cyber criminals are likely to look to other methods to seize sensitive corporate data.

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement

Recommended

Russia hacked Liam Fox's personal email to steal trade documents
phishing

Russia hacked Liam Fox's personal email to steal trade documents

4 Aug 2020
British teenager charged over Twitter hack
hacking

British teenager charged over Twitter hack

3 Aug 2020
Mid-year report says vulnerabilities up 22% in 2020
hacking

Mid-year report says vulnerabilities up 22% in 2020

30 Jul 2020
BlackRock banking Trojan targets Android apps
trojans

BlackRock banking Trojan targets Android apps

27 Jul 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
How do I fix the Windows 10 Start Menu if it's frozen?
operating systems

How do I fix the Windows 10 Start Menu if it's frozen?

3 Aug 2020