When the computer is disconnected from the Internet, hackers can’t escape, the fan is spinning, the phone is placed on the table, and the data is stolen.

The air-gap system is also unbearable.

Editor’s note: This article from the micro-channel public number “qubit” (ID: QbitAI) , of: Ten three.

Network security, network security, and network security.

Then it ’s better to disconnect from the Internet.

No longer. Unexpectedly, the computer fan used for heat dissipation has also become the object of hackers stealing data.

Let ’s take a look at the “criminal” process first.

The following office environment can be said to be “standard”: the main box, the display, the keyboard … all in one set.

The cell phone next to it is a “criminal weapon.”

It will steal the contents of the document silently according to the vibration generated when the host fan rotates.

It is worth mentioning that the above environment is an air-gapped system (in general, it refers to putting the computer in a physically disconnected environment, this technology is often at a high level) It is used in environments where security is required.

This is the latest new technology from the Mordechai Guri team in Israel-AiR-ViBeR.

Security systems that are “isolated from the world” ca n’t hold up either

The Guri team has been studying how to steal computer data from an “isolated” environment.

And this time, they analyzed a way that had never been studied before-vibration.

More specifically, the vibration generated by the computer fan,Including CPU fans, GPU fans, or other fans installed in the chassis, to achieve the purpose of “black” data.

According to Guri’s introduction, the malicious code implanted on the air gap system can control the speed of the fan. By adjusting the speed of the fan, an attacker can control the frequency of fan vibration.

Air-viber technology uses the sensitive information stored in the air gap system to change the fan speed to generate a vibration pattern. Then, spread through the surrounding environment (such as a table).

Next, attackers in the vicinity can use the acceleration sensor in the smartphone to record these vibrations, and then decode the information hidden in the vibration mode to reconstruct the information stolen from the air gap system.

There are also two ways to collect these vibrations.

If an attacker can actually enter the air gap network, they can place their smartphone on a table near the air gap system and collect directional vibrations without touching the computer.

If the attacker cannot access the air gap network, then the attacker can infect the smartphone of the target company ’s employees. These devices can replace the attacker and feel the vibration from the fan.

Guri emphasized that the second way of collecting vibrations is entirely possible, because modern smartphone acceleration sensors can be accessed by any application and do not require user permission.

Professional “stealing” high-difficult data is more than five years

In fact, this is not the first time the Guri team has attempted to steal data from an air gap system.

In the past five years, the team has been trying various methods to send data from an “isolated” computer to the outside world without being discovered.

The method of stealing is also “various.”

There are LEDs through the hard drive:

There is a USB cable:

Also through local GPU:

End? not at all!

“It’s time to show the real technology!”-Please enjoy the research list in the picture below:

One More Thing

Perhaps you would worry: even in a highly secure environment, there are so many ways to steal data, and it is also possible to “get things from the air”, is it too unsafe?

Do n’t worry too much.

Although technologies like AiR-ViBeR have a very “hidden nature”, the speed is relatively slow.

Through vibration, data can only be leaked at a low speed of 0.5 bits per second …

It is quite unrealistic to steal data at this speed.

In addition, ordinary users do not need to worry about technologies like AiR-ViBeR, after all, we are connected to the Internet … it is more dangerous.

However, administrators who work in a highly secure environment should pay attention …

Reference link:

https://www.zdnet.com/article/academics-steal-data-from-air-gapped-systems-using-pc-fan-vibrations /

Thesis address:

https://arxiv.org/abs/2004.06195v1

The author is Netease News. Netease number “each has an attitude” signed author

domeet webmaster