alt=
203x44-linked-in
News  General
Fansmitter

Uses the smartphones microphone

An ingenious hack has surfaced in a paper which shows a way to steal data from a PC/laptop using listening software on a smartphone, and malware controlling the cooling fans on the target system.

This convoluted setup wouldn't be of much interest if it wasn't for one particular trick it can pull off which almost none of the other malware attacks can - it targets air-gapped systems. Air-gapped is the term given to PC/laptops which are not connected to a network at all. Without a network connection, users assume remote hacks can't happen for obvious reasons.

Air-gapped systems are usually set up that way for good reason - they might hold classified military information, process sensitive financial transactions or operate industrial/medical critical infrastructure systems.

Slow but clever

There have been air-gapped attacks before. These usually involved tricking users into doing something to compromise the target system - the best example being Stuxnet, where USB drives containing the malware were used to infect air-gapped systems controlling uranium enrichment plants in Iran. As pointed out, because air-gapped systems are usually extremely sensitive regarding what they are doing, they are for this reason also a more valuable target for the attackers.

Fansmitter

Acoustic data transmission itself is nothing new, and has undergone a resurgence recently with smartphone apps such as Chirp employing the same techniques using ultrasonics. The transmission mechanism is all based on encoding the data, sending it via some medium (i.e. sound waves over the air), and decoding it to recover the data somewhere else. In Fansmitters case, the sound of the fans themselves being either on or off is used to represent the binary 1 or 0 of the data being sent. Clearly, this won't be the most reliable way to do it, although academics would point to error-correction protocols as used in other noisy transmission mediums. Neither will it be very fast - the researchers have quoted speeds of 900 bits/hour - but if you're only going for passwords or keys etc, it could do the trick.

Fansmitter waveform

IoT devices

Computing equipment which needs cooling conjures up images of servers, desktops and laptops. We are entering into the brave new world of IoT though. What about other embedded systems we have yet to design? This headache only serves further to reinforce the importance of vigilance when it comes to IT security.

The Fansmitter technique was developed by a team from Ben-Gurion University's Cyber Security Research Center in Israel. The paper states:

Using our method we successfully transmitted data from [an] air-gapped computer without audio hardware, to a smartphone receiver in the same room. We demonstrated the effective transmission of encryption keys and passwords from a distance of zero to eight meters, with [a] bit rate of up to 900 bits/hour. We show that our method can also be used to leak data from different types of IT equipment, embedded systems, and IoT devices that have no audio hardware, but contain fans of various types and sizes.

Fansmitter hasn't been reported in the wild yet, and may never actually be seen there. It requires a very special combination of just the right kind of fan cooling on the target device, the right malware installed on both the target and the receiver, and them both to be within 24 feet of each other at the right time, for the right length of time. However, in many ways that's not the point. The real one being that with enough ingenuity, supposed impenetrable systems can be made vulnerable.