A group of scientists from Ben-Gurion University in the Negev (Israel) is studying how to transmit information from isolated computers (airgap). They have already developed blinking data transfer methods. HDD LED, marshurizer or keyboardselectromagnetic radiation from the USB bus and from GPU cardsounds GPU cooler and magnetic head HDD, across thermal radiation and audio speakers (inaudible range) on changing PC power consumption and display brightness. It turns out that the list is not limited to this.
April 13, 2020, scientists published a description of a new attack AiR-ViBeR with exfiltration of data through fan vibration. The transmission speed is lower than in other methods: only 0.5 bits per second with the cover of the system unit closed.
A team of researchers led by Mordechai Guri (Mordechai Guri) studied the vibrations that create the fans in the system unit.
Vibration Source – imbalancewhen the center of mass does not coincide with the geometric center of rotation
Researchers have developed a data transfer protocol based on a change in the speed of rotation of the rotator – and, therefore, vibration. The method is code-named AiR-ViBeR.
Isolated systems in local networks without access to the Internet are often used in state or corporate networks to store sensitive data. Guri’s research does not examine ways of compromising and introducing malware into these ultra-secure systems, but instead focuses on innovative ways of transmitting information in ways that firewalls and security systems are not designed for.
A malicious code entered in the victim’s system controls the speed of the fan. In this particular experiment, the FAN CONTROL pin from the motherboard was connected to the GPIO12 pin on the Raspberry Pi 3, and the Python modulated the signal by changing the fan speed.
The signal is received by the accelerometer of the smartphone, which lies at a distance of about a meter from the computer.
The demodulation algorithm is given below.
Here, a potential attacker has two options: he can either place his smartphone near an infected computer, or infect the smartphones of employees who work with this computer. Accelerometer sensors in modern smartphones are available to any application without requiring user permission, which simplifies the attack, the researchers write.
The AiR-ViBeR application on a smartphone received a secret word from a computer through table vibrations
Although the AiR-ViBeR attack can be considered theoretically possible, it is highly unlikely that it will be used in real life. The transfer speed is too low, and attackers will better resort to any other method of removing information from an isolated computer.
The ratio of signal to noise in different positions of the receiving device relative to the signal source (positions are shown in the photo above)
However, administrators of secret systems should keep in mind the theoretical possibility of transferring data through a computer fan.