As more and more security vulnerabilities get patched up, researchers are turning to rather unique methods of siphoning data from PCs. The latest technique (opens in new tab) comes from Mordechai Guri at the Ben Gurion University in Israel. The researcher found that it is possible to use a mobile phone to measure your PC's fan vibrations. Yes, you read that right. The program is called AiR-ViBeR.
The core concept of Guri's work consists of overcoming the air-gap between a phone and a PC using a non-internet or cable-based connection. He has found that the accelerometers in some mobile phones are incredibly accurate and can sense even the smallest of changes in movement coming through your PC's fan vibrations.
Using this knowledge, the researcher wrote pair of programs -- one that installs on the PC as malware and another that can run on your phone. The PC-based malware can then send signals to the PC's case fans, which in turn get transferred into your desk and picked up by the phone for interpretation. CPU coolers were less effective, due to the added damping from the motherboard. The more imbalance there was in the fans, the easier it was to transmit the data.
But before you go off investing in Noctua fans known for being well-balanced, keep in mind that this method of cyberattack is painstakingly inefficient and in all likeliness won't be used by anyone in a real-life scenario. The data rate was slow -- we're talking about single words being transferred. Unless the attackers are extremely desperate and have no other viable way of accessing your data, we wouldn't worry about this attack.
The data rate isn't the only factor holding back the success of this attack method. An attacker would still need to get the malware installed on the PC to be able to send the signals. They'd also need access to your mobile phone to read out the accelerometer; however, this is achievable without any permissions, as many mobile phones give free access to the accelerometer's data through the browser.
In the past, there have been other methods of 'wirelessly' transferring data from a PC to an external device. Using the HDD activity LED to transmit sound through internal speakers and reading out keyboard use through electromagnetic signals are just a few examples. Previously, Guri's team also found a way to siphon data from air-gapped systems using a screen brightness technique.
However, all these methods are largely for research, so don't worry: There's no need to keep your phone off your desk or on a vibration-damping pad.
Right now, my phone is on it's charger in the kitchen where it pretty much stays until I need it. My PC sits on the concrete slab of my garage floor. I guess I'm immune to this attack vector.
My father in law does cyber security work for the government. They aren't allowed to talk about classified information around PC's because there have been studies where the vibration form the air could leave imprints onto the hard drives! I was skeptical at first, but then he had a document he showed me about it and my jaw just dropped.
Also remember reading something about a guy where some malware was able to infect other PC's though the speakers and mic using high frequency sound waves that you couldn't hear. It was a loooong time ago using some really old laptops but it infected the BIOS some how. There was no concert details on that just a guy and him figuring something out because he got infected with it. Issues only went away once they were all in separate rooms and flashed the BIOS on all them at the same exact time.
When time is available this could be one part of a multifaceted attack.
This is a lab quality proof of concept.
Not an actual vulnerability in the wild.
That is Confidential information sir.
But we won't go into that here.
Reading in real time.
Not "imprinted" to read back later.