Scroll Top

Israeli researchers newest hack uses fans to steal classified data from top secret servers

futurist-cyber_attack_israel_fan

WHY THIS MATTERS IN BRIEF

Security is a game of cat and mouse, and there are plenty of ways to steal top secret data …

 

Interested in the Exponential Future? Connect, download a free E-Book, watch a keynote, or browse my blog.

If you have top secret data to protect like, in today’s time Covid-19 vaccine data that certain governments around the world are reportedly trying to steal rather than work together, then there’s nothing quite as comforting to you as an air gap – air gaps are essentially what keeps your computer servers, networks, and most importantly data protected by keeping them, to all intents and purposes “off” the internet and physically separate from the remainder of your company’s infrastructure so no one can hack them.

 

RELATED
Hackers use job ads and cookie stealing to bypass 2FA and gain access to accounts

 

Well, that used to be the case at least, until researchers at the Ben-Gurion University in Israel discovered new ways to steal your exfiltrate your precious data from these systems using everything from drones and lights, electromagnetic attacks and infra red, all the way through to reading the vibrations from electric powerlines.

Now that same team have done it again and unveiled a new method of exfiltrating data from air-gapped computers via fan vibrations. It’s the latest in a series of data-stealing tactics Guri and his team have demonstrated, all of them focused on methods of invisibly transmitting data from computers that are supposed to be isolated and completely secure.

 

RELATED
UK and Singapore set 2021 deadline to launch world's first quantum communications cubesat

 

This technique, dubbed AiR-ViBeR, uses data encoded in fan vibrations to allow a system to pass information to a hidden observer. Guri and his team specialize in side-channel attacks, defined as “any attack based on information gained from the implementation of a computer system, rather than weaknesses in the implemented algorithm itself.” Spectre and Meltdown are the two most famous side-channel attacks in tech history at this point, but side-channel attacks come in many guises and the laws of physics make them very difficult to prevent.

 

 

See the attack in action

 

The reason it’s so difficult to stop side-channel attacks is that a CPU or GPU will draw different amounts of power, radiate different amounts of heat, and run their fans at different speeds depending on the workload being executed.

 

RELATED
3D printed mini-satellites head into space for first trials

 

The research team writes:

“In this paper, we introduce a new type of vibrational (seismic) covert channel. We observe that computers vibrate at a frequency correlated to the rotation speed of their internal fans. These inaudible vibrations affect the entire structure on which the computer is placed. Our method is based on malware’s capability of controlling the vibrations generated by a computer, by regulating its internal fan speeds. We show that the malware-generated covert vibrations can be sensed by nearby smartphones via the integrated, sensitive \textit{accelerometers}. Notably, the accelerometer sensors in smartphones can be accessed by any app without requiring the user permissions, which make this attack highly evasive. We implemented AiR-ViBeR, malware that encodes binary information, and modulate it over a low frequency vibrational carrier. The data is then decoded by malicious application on a smartphone placed on the same surface (e.g., on a desk).”

This is the very essence of a side-channel attack. The malware in question doesn’t exfiltrate data by cracking encryption standards or breaking through a network firewall; instead, it encodes data in vibrations and transmits it to the accelerometer of a smartphone.

 

RELATED
Researchers successfully weaponise AI to create a "Biometric master key"

 

The speed of this exfiltration is anything but fast though. The highest speed the researchers measured was half a bit a second of information. What makes the attack interesting is the fact that it can be effectively deployed against an air-gapped system via a method of transmission effectively invisible to human senses. The low-level vibrations that a smartphone accelerometer can detect are too small for a human for humans to sense.

This is also why side-channel attacks will always be possible. The only way to prevent a CPU’s power consumption from varying depending on workload would be to run the CPU in maximum power-consumption mode at all times. The only way to keep a system’s fans from varying would be to use static fan speeds for both CPU and GPU, dramatically increasing noise. The only way to prevent CPUs from varying their clocks would be to return to the old, pre-SpeedStep days when CPUs ran at one and only one frequency. Even if a company took these steps, there would undoubtedly be other means of exfiltrating information via variations in other subsystems.

 

RELATED
Worldwide surveillance, Hawkeye satellites use radio to track illegal shipping

 

These issues aren’t going to impact ordinary users, but they’re problems that administrators of serious air-gapped systems have to consider, and while not every theoretical exfiltration threat is going to be worth responding to governments and certain corporations can’t afford to ignore the problem altogether.

Related Posts

Leave a comment

EXPLORE MORE!

1000's of articles about the exponential future, 1000's of pages of insights, 1000's of videos, and 100's of exponential technologies: Get The Email from 311, your no-nonsense briefing on all the biggest stories in exponential technology and science.

You have Successfully Subscribed!

Pin It on Pinterest

Share This