doesn’t involve exploiting bugs or vulnerabilities in software. Instead, they found a way to do it by controlling a computer’s cooling fan.
Amazingly, they found hackers could encode stored data into fan vibrations by imperceptibly slowing down or speeding up the fan’s rotation. The fan causes the computer itself and the surface it’s on to vibrate and these vibrations can be picked up by a smartphone and then retrieved by a hacker.
“We observe that computers vibrate at a frequency correlated to the rotation speed of their internal fans,” lead researcher Mordechai Guri told Tech Xplore. “These inaudible vibrations affect the entire structure on which the computer is placed.”
“The malware in question doesn’t exfiltrate data by cracking encryption standards or breaking through a network firewall,” he said. “Instead, it encodes data in vibrations and transmits it to the accelerometer of a smartphone.”
While the process of transmitting the data is extremely slow, and therefore not likely to be adopted by hackers (spy services maybe?) it is yet another demonstration of how it is possible to access a computer that is air-gapped, meaning it is isolated and not connected to the internet.
Guri is head of R&D at the univerity’s Cyber-Security Research Center. He and his team specialize in finding ways to access data from highly secure systems and devising methods of protecting against the threats.
In the case of the fan vibration hack, a simple method of protecting against it is to make the fan speed unchangeable.
Photo by Florian Olivo on Unsplash
[bdp_post_carousel]