Researcher Mordechai Guri, from BGU's Cyber Security Research Center (CSRC) has discovered another way to exfiltrate data from an air-gapped computer. Air-gapped computers are those without an internet connection and not networked with computers with an internet connection and used for the most secretive tasks.
Guri and his team, Yosef Solewicz, Andrey Daidakulov, and Prof. Yuval Elovici used the audible sounds of the computer’s cooling fans to steal data. While the method can only be used to steal small amounts of data, they managed to steal enough data to get usernames and passwords and encryption keys. They have been able to steal data at a rate of 15 to 20 bits per minute and are working on ways to increase that speed.
Computers have two or more fans which revolved at an audible frequency. By introducing malware into the air-gapped computer, the team was able to take control of the fans and have them spin at varying frequencies and transmit data to a nearby device. The “fansmitter” even works on computers that have deactivated their speakers or do not have any speakers attached.
Guri, the head of R&D at the Cyber Security Research Center, and his team have also proposed several other methods to penetrate air-gapped computers using elements like radio waves, electromagnetic waves and even the heat the computer generates.