Israeli academics have shown that it is possible to use fans inside a computer to create controlled vibrations that can be used to steal data from air gap systems. This technique, codenamed AiR-ViBeR, is the latest in a long list of wacky data exfiltration techniques developed by Mordechai Guri, the R&D director at Ben-Gurion University in the Negev in Israel.
For half a decade, Mordechai Guri has been researching methods of sending data from air gap computers to the outside world without being detected. Research on this topic is important because “air gap” systems – isolated computers on local networks without Internet access – are often used on government or corporate networks to store sensitive data, such as classified files. or intellectual property.
In new research published this week, Mordechai Guria developed this work by focusing on an environment that his team has never analyzed before, namely vibrations. More specifically, the researcher examined the vibrations that can be generated by computer fans, such as CPU fans, GPU fans, or any other fan installed on the computer.
According to Mordechai Guri, malicious code installed on an air gap system can control the speed at which the fans operate. By moderating the fan speed from top to bottom, the attacker can control the frequency of vibration from the fan. The AiR-ViBeR technique takes sensitive information stored on an air gap system and then modifies the speed of the fan to generate a vibrational pattern that propagates in the immediate environment, such as an office.
A very slow method
Mordechai Guri says that a nearby attacker can record these vibrations using the accelerometer sensors found in modern smartphones, and then decode the information hidden in the vibration model to reconstruct the information stolen from the aerial surveillance system.
If the attacker has physical access to the protected network, he can place his own smartphones on a desk near a protected system and collect the vibrations emitted without touching the protected computer. If the attacker does not have access to a hermetic network, he can infect the smartphones of employees of the targeted company who operate a hermetic network. Malware on the employee’s device can pick up these vibrations on behalf of the attacker. According to Mr. Guri, this is possible because the accelerometer sensors of modern smartphones are accessible by any application without requiring the authorization of the user, which makes this technique very evasive.
However, if the AiR-ViBeR technique is a fairly innovative work, the transmission of data by vibration is extremely slow. In fact, data can be exfiltrated by vibrations at a low speed of half a bit per second, which makes AiR-ViBeR one of the slowest methods of exfiltration than Mordechai Guri and his team. have developed in recent years.
If the AiR-ViBeR attack can be considered “doable”, it is highly unrealistic that attackers would ever use it in the wild, as they would most likely opt for other techniques that infiltrate information at faster speeds . Additional technical details on the AiR-ViBeR technique can be found in the white paper published this week.