Hacker can Steal the Data Using Computer Fan and Smartphone Vibrations

-

it's not enough to disconnect the network. It won't work now. Unexpectedly, the computer fan used for heat dissipation has also become the object of hackers stealing data. Let us first feel the process of "criminal". The following office environment can be said to be "standard" too: the main box, display, keyboard ... all three pieces live together.


The cell phone next to it is a "criminal weapon." It will steal the contents of the document quietly according to the vibration generated when the host fan rotates. It is worth mentioning that the above environment is an air-gapped system (commonly speaking, it refers to placing the computer in a physically disconnected environment. The AiR-Viber is the latest new technology from the Mordechai Guri team in Israel- to steal the data using PC fan vibrations.


The "isolated" security system also cannot hold back, the Guri team has been studying how to steal computer data from the "isolated" environment. This time, they analyzed a way that had never been studied before. More specifically, it is done through the vibration generated by the computer fan, including the CPU fan, GPU fan, or other fans installed in the chassis, to achieve the purpose of stealing the data. According to Guri, the malicious code implanted in the air gap system can control the speed of the fan. By adjusting the speed of the fan, an attacker can control the frequency of fan vibration.
Air-Viber technology uses sensitive information stored in the air gap system to change the fan speed and generate a vibration pattern. Then, spread through the surrounding environment (such as a table). Next, nearby attackers can use the acceleration sensor in the smartphone to record these vibrations, and then decode the information hidden in the vibration mode to reconstruct the information stolen from the air gap system.
Air-Viber technology uses sensitive information stored in the air gap system to change the fan speed to generate a vibration pattern. Then, spread through the surrounding environment (such as a table). Next, nearby attackers can use the acceleration sensor in the smartphone to record these vibrations, and then decode the information hidden in the vibration mode to reconstruct the information stolen from the air gap system.

There are also two ways to collect these vibrations.
If an attacker can actually enter the air gap network, they can place their smartphone on a table near the air gap system and collect directional vibrations without touching the computer. If the attacker cannot access the air-gap network, then the attacker can infect the smartphones of the employees of the target company. These devices can replace the attacker and feel the vibration from the fan. Guri emphasized that the second way of collecting vibrations is entirely possible because modern smartphone acceleration sensors can be accessed by any application and do not require user permission.
In fact, this is not the first time the Guri team has tried to steal data in an air gap system. In the past five years, the team has been trying various methods to send data from the "isolated" computer to the outside world without being discovered. Guri and his team at the Ben-Gurion university's Cyber-Security Research Center have revealed that invaders could steal data from secure systems using a plethora of techniques such as: 
  • LED-it-Go exfiltrate data from air-gapped systems via an HDD's activity LED
  • USBee  force a USB connector's data bus give out electromagnetic emissions that can be used to exfiltrate data 
  • AirHopper use the local GPU card to emit electromagnetic signals to a nearby mobile phone, also used to steal data 
  • Fansmitter - steal data from air-gapped PCs using sounds emanated by a computer's GPU fan 
  • DiskFiltration - use controlled read/write HDD operations to steal data via sound waves 
  • BitWhisper - exfiltrate data from non-networked computers using heat emanations 
  • Unnamed attack - uses flatbed scanners to relay commands to malware-infested PCs or to exfiltrate data from compromised systems 
  • xLED - use router or switch LEDs to exfiltrate data 
  • aIR-Jumper - use a security camera's infrared capabilities to steal data from air-gapped networks 
  • HVACKer - use HVAC systems to control malware on air-gapped systems 
  • MAGNETO & ODINI - steal data from Faraday cage-protected systems 
  • MOSQUITO - steal data from PCs using attached speakers and headphones 
  • PowerHammer - steal data from air-gapped systems using power lines 
  • CTRL-ALT-LED - steal data from air-gapped systems using keyboard LEDs 
  • BRIGHTNESS - steal data from air-gapped systems using screen brightness variations. 
You may worry: even in a highly secure environment, there are so many ways to steal data, and it is also possible to "get things from the air", is it too unsafe? Don't worry too much. Although technologies like AiR-Viber have an extensive hidden nature, the speed is relatively slow. Through the vibration, data can only leak at a low speed of 0.5 bits per second ... It is quite unrealistic to steal data at this speed. In addition, ordinary users do not need to worry about technologies like AiR-Viber, after all, we are connected to the Internet ... it is more dangerous. However, administrators working in a highly secure environment should pay attention to it ...

AiR ViBeR: Exfiltrating Data from Air-Gapped Computers via Covert Surface ViBrAtIoNs

Comments

Post a Comment

Please let me if you have any question

Popular posts from this blog

A "Super Magnetic Field" Can be Created on the Earth, Which is Equivalent to a Black Hole Magnetic Field

-
Image
  Beijing time October 10 news, according to foreign media reports, the latest research shows that scientists should be able to create a "super magnetic field" on the earth, equivalent to the magnetic field strength of black holes and neutron stars. According to the latest research report by Masakatsu Murakami, an engineer at Osaka University in Japan, and his colleagues, bombarding microtubes with lasers can generate very strong magnetic fields, which will be of great significance for the development of basic physics, materials science and astronomy research. On October 6, this research paper was published in the open access journal "Scientific Reports". Most of the magnetic fields on the earth, even artificial ones, are not particularly strong. Magnetic resonance imaging (MRI) used in hospitals usually produces 1 Tesla (equivalent to 10,000 Gauss). In comparison, the magnetic field generated by the compass needle swinging northward is 0.3-0.5 Gauss, which is the m...
Read more

Super Performance Intel Xeon 128-Core CPU Comes Out

-
Image
In particular, CEO Radoslav Danilak, who has 25 years of experience in the semiconductor industry, was founded by SandForce, a once-popular SSD control giant. He also personally served as CEO, was later acquired by Seagate, and later founded Skyera, and continued to study SSD control. Technology and then acquired by Western Digital in 2014. Tachyum Prodigy claims to be the world's first "universal processor" (universal processor) because it integrates for high-performance computing, AI artificial intelligence, DML deep mechanical learning, and interpretable in a single silicon chip based on a parallel multi-processor environment and can simplify the programming model and environment. The latest top model is Prodigy T6128, a single-channel single chip integrates 128 physical cores, out-of-order execution architecture, 4 instructions per clock cycle , supports 64-bit addressing, 512-bit vector operations, AI / ML vector and matrix multiplication acceleration, Virtualizatio...
Read more

Oracle Linux 7.9 released: Based on Linux 5.4 LTS and UEK 6 Enterprise Kernel Construction

-
Image
  As for the Linux 5.4 LTS long-term support kernel, it has introduced many new features and improvements to provide first-class hardware support. For example, use zero-copy network to improve network performance, support Btrfs / OCFS2 file system and DTrace, as well as security enhancement and virtualization support for AArch64 (ARM64) platform. UEK Release 6 includes all Cgroup v2 features of Linux 5.4 LTS, a new parallel optimization framework for CPU-intensive work, and kswapd and kexec for verifying the signature of kernel images. In addition, it supports NFS network file transfer, and can treat persistent memory as traditional RAM NVDIMM, NVMe structure/multipath support, pass-through commands, namespace write protection, and asynchronous namespace access improvements. Users who are currently using Oracle 7 major versions can obtain the Update 9 update through the official resource repository, or visit the official website to download the complete ISO installation image of Or...
Read more