How “Fansmitter” Malware Can Steal Data from Air-Gapped Computers
June 30th, 2016Via: MIT Technology Review:
Changing a computer’s fan speed produces an audio signal that can be hijacked to steal data, say computer security experts who have tested the technique.
…
Fansmitters are simple in principle. Almost all computers use fans to cool the main CPU and the graphics card, and to pump air through the chassis. When they’re operating normally, the main sound produced by these fans is the result of rotating blades forcing air past static vanes.
The frequency of this sound depends on the number of blades and their rate of rotation. It is usually in the region of hundreds of hertz. Any alteration to this rotation rate changes the frequency of the sound.
This is the basis of their approach. These guys have created malware that alters the rotation speed, and hence sound, of a computer fan to encode data.
The malware transmits information using a special protocol in which the information is divided into packets made up of a preamble and a payload. The preamble consists of the signal 1010, which a listening device can use for calibration. This is followed by a payload of 12 bits that encode the data to be transmitted. This can be picked up by any listening device nearby, such as a smartphone.
One potential problem is that a user might notice, and become suspicious of, the variations in fan noise. So Guri and co use low frequencies of 140 to 170 hertz, which are more difficult for humans to hear. “Modulating the data over change of close frequencies is also less noticeable by a user, as it blends in and appears as natural background environmental noise,” they say.