Friday, February 26, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Academics steal data from air-gapped systems using PC fan vibrations

April 17, 2020
in Internet Security
Academics steal data from air-gapped systems using PC fan vibrations
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Academics from an Israeli university have proven the feasibility of using fans installed inside a computer to create controlled vibrations that can be used to steal data from air-gapped systems.

You might also like

This chart shows the connections between cybercrime groups

Spy agency: Artificial intelligence is already a vital part of our missions

Chinese cyberspies targeted Tibetans with a malicious Firefox add-on

The technique, codenamed AiR-ViBeR, is the latest in a long list of wacky data exfiltration techniques devised by Mordechai Guri, the head of R&D at the Ben-Gurion University of the Negev in Israel.

For the past half-decade, Guri has been researching methods of sending data from air-gapped computers to the outside world without being detected.

Research into this topic is important because air-gapped systems — computers isolated on local networks with no internet access — are often used on government or corporate networks to store sensitive data, such as classified files or intellectual property.

Guri’s research doesn’t look at ways of compromising and planting malware on these super-secure systems but instead focuses on innovative and never-before-seen ways of getting the data out, without being detected, and through methods that network defenders are not aware of.

In past research, Guri and his team at the Ben-Gurion university’s Cyber-Security Research Center have shown that attackers could steal data from secure systems using a plethora of techniques such as:

  • LED-it-Go – exfiltrate data from air-gapped systems via an HDD’s activity LED
  • USBee – force a USB connector’s data bus give out electromagnetic emissions that can be used to exfiltrate data
  • AirHopper – use the local GPU card to emit electromagnetic signals to a nearby mobile phone, also used to steal data
  • Fansmitter – steal data from air-gapped PCs using sounds emanated by a computer’s GPU fan
  • DiskFiltration – use controlled read/write HDD operations to steal data via sound waves
  • BitWhisper – exfiltrate data from non-networked computers using heat emanations
  • Unnamed attack – uses flatbed scanners to relay commands to malware infested PCs or to exfiltrate data from compromised systems
  • xLED – use router or switch LEDs to exfiltrate data
  • aIR-Jumper – use a security camera’s infrared capabilities to steal data from air-gapped networks
  • HVACKer – use HVAC systems to control malware on air-gapped systems
  • MAGNETO & ODINI – steal data from Faraday cage-protected systems
  • MOSQUITO – steal data from PCs using attached speakers and headphones
  • PowerHammer – steal data from air-gapped systems using power lines
  • CTRL-ALT-LED – steal data from air-gapped systems using keyboard LEDs
  • BRIGHTNESS – steal data from air-gapped systems using screen brightness variations

In new research published this week, Guri expanded on this past work by looking at a medium his team has not analyzed before — namely vibrations.

More specifically, Guri looked at the vibrations that can be generated using a computer’s fans, such as CPU fans, GPU fans, power-station fans, or any other fan installed on the computer chassis.

Guri says that malicious code planted on an air-gapped system can control the speed at which fans work. By moderating fan speed up and down, the attacker can control the frequency of the vibrations coming off the fan.

The AiR-ViBeR technique takes sensitive information stored on an air-gapped system and then alters the fan speed to generate a vibrational pattern that propagates through the nearby environment, such as a desk.

Guri says that a nearby attacker can record these vibrations using accelerometer sensors found in modern smartphones, and then decode the information hidden in the vibration pattern to reconstruct the information stolen from the air-gapped system.

Collecting these vibrations can be done in two ways. If the attacker has physical access to the air-gapped network, they can place their own smartphones on a desk near an air-gapped system and collect the beamed vibrations without touching the air-gapped computer.

If the attacker does not have access to an air-gapped network, then attackers can infect the smartphones of employees working for the targeted company operating an air-gapped system. Malware on the employee’s device can pick up these vibrations on behalf of the attacker. Guri says this is possible because the accelerometer sensors in modern smartphones can be accessed by any app without requiring the user’s permission, which makes this technique highly evasive.

Stealing data via vibrations takes a while

However, while the AiR-ViBeR technique is some pretty innovative work, transmitting data through vibrations is extremely slow.

In fact, data can be exfiltrated through vibrations at a lowly speed of half a bit per second, making AiR-ViBeR one of the slowest exfiltration methods that Guri and his team have come up with in recent years.

While the AiR-ViBeR attack might be deemed “feasible,” it is highly unrealistic that attackers would ever use it in the wild, as they would most likely opt for other techniques that exfiltrate information at faster speeds.

Additional technical details on the AiR-ViBeR technique can be found in a white paper published this week and named “AiR-ViBeR: Exfiltrating Data from Air-Gapped Computers via Covert Surface ViBrAtIoNs.”

Regular users have nothing to fear in regards to AiR-ViBeR, as there are far more dangerous threats lurking on the internet. However, administrators of super-secure air-gapped networks will most likely need to take Guri’s latest work into consideration and deploy some of the countermeasures listed in the paper, if they deem this technique a credible threat.

Credit: Zdnet

Previous Post

The In-depth 2020 Guide to E-commerce Fraud Detection

Next Post

Respond Software Unlocks the Value in EDR Data with Robotic Decision

Related Posts

This chart shows the connections between cybercrime groups
Internet Security

This chart shows the connections between cybercrime groups

February 26, 2021
Spy agency: Artificial intelligence is already a vital part of our missions
Internet Security

Spy agency: Artificial intelligence is already a vital part of our missions

February 26, 2021
Chinese cyberspies targeted Tibetans with a malicious Firefox add-on
Internet Security

Chinese cyberspies targeted Tibetans with a malicious Firefox add-on

February 26, 2021
SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021
Internet Security

SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021

February 26, 2021
Facebook bans Myanmar military-controlled accounts from its platforms
Internet Security

Facebook bans Myanmar military-controlled accounts from its platforms

February 25, 2021
Next Post
Respond Software Unlocks the Value in EDR Data with Robotic Decision

Respond Software Unlocks the Value in EDR Data with Robotic Decision

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Machine Learning & Big Data Analytics Education Market: Soaring Demand Assures Motivated Revenue Share During 2020-2030 – KSU
Machine Learning

Machine Learning & Big Data Analytics Education Market: Soaring Demand Assures Motivated Revenue Share During 2020-2030 – KSU

February 26, 2021
This chart shows the connections between cybercrime groups
Internet Security

This chart shows the connections between cybercrime groups

February 26, 2021
Basic laws of physics spruce up machine learning
Machine Learning

New machine learning tool facilitates analysis of health information, clinical forecasting

February 26, 2021
Creative Destruction and Godlike Technology in the 21st Century | by Madhav Kunal
Neural Networks

Creative Destruction and Godlike Technology in the 21st Century | by Madhav Kunal

February 26, 2021
Spy agency: Artificial intelligence is already a vital part of our missions
Internet Security

Spy agency: Artificial intelligence is already a vital part of our missions

February 26, 2021
Blockchain lags behind other technologies in finance adoption for now, says Broadridge
Blockchain

Blockchain lags behind other technologies in finance adoption for now, says Broadridge

February 26, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Machine Learning & Big Data Analytics Education Market: Soaring Demand Assures Motivated Revenue Share During 2020-2030 – KSU February 26, 2021
  • This chart shows the connections between cybercrime groups February 26, 2021
  • New machine learning tool facilitates analysis of health information, clinical forecasting February 26, 2021
  • Creative Destruction and Godlike Technology in the 21st Century | by Madhav Kunal February 26, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates