Hackers come up with a new trick! A Belgian research team has discovered that hackers can steal your data even without an Internet connection by using a fan
Hackers steal data in the background without users noticing.
Text | Liu Lin
For hackers, there is nothing they can't do, only things you can't think of.
Even without an Internet connection, hackers can use fans to
Can it steal your data too?
Recently, a research team in Israel discovered that they can use a special method to steal data from computers "unnoticed".
A research team at Israel's Ben-Gurion University has discovered a new way to steal computer data - Air-ViBeR. This is not the first time they have developed this strange technology to obtain computer data. For example, they have previously used hard drive LEDs, screen brightness, computer speakers, heat, etc. to steal data.
According to the paper, the attack is divided into three steps. First, the malware implanted in the computer is used to control the fan speed to adjust the mechanical vibrations generated by the computer, and the data will be encoded into these vibrations; then, the smartphone is placed on the computer desk or other locations close to the computer host, and the accelerometer in the phone can be used to collect vibration signals; finally, the obtained signal is decoded through the App.
But this technique of secretly stealing data from air-gapped computers is not new. Their previous research on hacking into air-gapped devices includes:
The PowerHammer attack can steal data from air-gapped computers through power lines.MOSQUITO technology uses ultrasound to allow two (or more) air-gapped computers in the same room to exchange data covertly.
The BeatCoin technique enables attackers to steal private encryption keys from air-gapped cryptocurrency wallets.
The aIR-Jumper attack uses infrared CCTV cameras equipped with night vision capabilities to obtain sensitive information from air-gapped computers.
MAGNETO and ODINI technologies use the magnetic field generated by the CPU as a covert channel between the air-gapped system and a nearby smartphone.
The USBee attack can steal data from an air-gapped computer through radio frequency transmissions from a USB connector.
DiskFiltration attacks can exploit the acoustic signals emitted by the hard disk drive (HDD) of a target air-gapped computer to steal data.
BitWhisper relies on hot-swapping between two computer systems to steal passwords or security keys.
AirHopper converts your computer's video card into an FM transmitter to control keystrokes.
Fansmitter technology uses the noise emitted by computer heat sinks to obtain data.
GSMem attacks rely on cellular frequencies.
The latest research points out that CPU fans, GPU fans, power supply fans or any other fans installed on the computer case can generate vibrations. For computers that are not connected to the Internet, malicious code implanted in the system can control the speed of the fan. So, by speeding up or slowing down the fan, the attacker can control the frequency of the fan vibration. This frequency can be encoded and then transmitted through computer desks, etc.
A nearby attacker could then use the smartphone's accelerometer to record those vibrations and decode the information hidden in the vibration patterns to reconstruct the information stolen from the unconnected computer system.
Collecting these vibrations can be done in two ways:
If an attacker has physical access to a gapped network, they can place their smartphone on a table near a gapped system and collect the emitted vibrations without touching the gapped computer.
If the attacker does not have access to the air-gapped network, then the attacker can infect the smartphones of employees who work for the target company that operates the air-gapped system. Malware on the employee's device can pick up those vibrations on the attacker's behalf.
The accelerometer in a smartphone is highly hidden from hackers:
First, no user permission is required. Android and iOS operating system applications read the combination of accelerometer samples without initiating a request to the user.
Second, there is no visible prompt. When the application enables the accelerometer, there is no visible prompt.
Third, standard JavaScript code can access the accelerometer through a web browser. This means that hackers no longer need to hack into the user's device or install malware. All they need to do is plant malicious JavaScript on a legitimate website that samples the accelerometer, receives the secret signal, and steals information over the network.
That is, hackers are stealing your data in the background without your knowledge, and even when your computer is not connected to the Internet.
Oh my god, then all my little secrets can no longer be hidden...
However, it should be pointed out that at present, the use of this technology is limited to data acquisition processes that require high security, such as military confidential networks, payment networks for retailers to process credit and debit cards, and critical infrastructure operations in industrial control systems. In addition, many journalists will use it to protect sensitive data.
The new attack method is based on the principle of using radiation from computer components that few people would notice, such as light, sound, heat, radio frequencies or ultrasound, or even current fluctuations in power lines, to steal computer data.
How to stop it?
Although this method of stealing secrets is very novel, the researchers also pointed out its disadvantages. To transmit small data packets, it must be within 1.5 meters of the PC to be relatively stable, and this transmission method is very slow. Different vibration sources have different transmission speeds. For example, the CPU fan is the lowest, while the chassis fan is the highest.
Therefore, researchers have also proposed several solutions.
One solution is to place accelerometers on computers containing sensitive information to detect abnormal vibrations.
Another solution is a fan access monitor. Generally, no program should access fan control in the system, so endpoint protection can be used to detect code that interferes with the fan control API or accesses the fan control bus (such as ACPI and SMBus). However, the disadvantage of this method is that an attacker can use a rootkit or other evasion technology to bypass the monitor and access fan control.
Additionally, jamming the communication channel by cutting or blocking the original transmission is also a method of internal interference, and a specialized program can be used to change the fan speed at random times and RPMs, but again this cannot be prevented from being disabled or circumvented by a kernel rootkit.
Currently, the most trusted external interference method in terms of security is to connect components that generate random vibrations to the computer. One weakness of this method is that it requires maintenance and cannot be deployed on every computer, but this operation is indeed relatively simple and easy.
Of course, you can also physically isolate the computer by putting it in a special vibration-resistant chassis, or replace the original computer fan with a water cooling system, but such a solution cannot be promoted on a large scale.
Fortunately, such unexpected interference rarely occurs in real-world environments, and ordinary users do not need to worry too much.
References:
https://www.zdnet.com/article/academics-steal-data-from-air-gapped-systems-using-pc-fan-vibrations/
https://arxiv.org/abs/2004.06195v1
Previous recommendations
*Recruitment:
Leiphone.com is urgently recruiting senior editors for the hot topics group. Interested parties please send your resume to liufangping@leiphone.com
Featured Posts
京公网安备 11010802033920号