Cyberattack Steals PC Data Through Fan Vibrations

By Niels Broekhuijsen
last updated

Researchers proved they can seep data off your PC through fan vibrations.

(Image credit: Shutterstock)

As more and more security vulnerabilities get patched up, researchers are turning to rather unique methods of siphoning data from PCs. The latest technique (opens in new tab) comes from Mordechai Guri at the Ben Gurion University in Israel. The researcher found that it is possible to use a mobile phone to measure your PC's fan vibrations. Yes, you read that right. The program is called AiR-ViBeR.

The core concept of Guri's work consists of overcoming the air-gap between a phone and a PC using a non-internet or cable-based connection. He has found that the accelerometers in some mobile phones are incredibly accurate and can sense even the smallest of changes in movement coming through your PC's fan vibrations. 

Using this knowledge, the researcher wrote pair of programs -- one that installs on the PC as malware and another that can run on your phone. The PC-based malware can then send signals to the PC's case fans, which in turn get transferred into your desk and picked up by the phone for interpretation. CPU coolers were less effective, due to the added damping from the motherboard. The more imbalance there was in the fans, the easier it was to transmit the data.

But before you go off investing in Noctua fans known for being well-balanced, keep in mind that this method of cyberattack is painstakingly inefficient and in all likeliness won't be used by anyone in a real-life scenario. The data rate was slow -- we're talking about single words being transferred. Unless the attackers are extremely desperate and have no other viable way of accessing your data, we wouldn't worry about this attack.

The data rate isn't the only factor holding back the success of this attack method. An attacker would still need to get the malware installed on the PC to be able to send the signals. They'd also need access to your mobile phone to read out the accelerometer; however, this is achievable without any permissions, as many mobile phones give free access to the accelerometer's data through the browser.

In the past, there have been other methods of 'wirelessly' transferring data from a PC to an external device. Using the HDD activity LED to transmit sound through internal speakers and reading out keyboard use through electromagnetic signals are just a few examples. Previously, Guri's team also found a way to siphon data from air-gapped systems using a screen brightness technique.

However, all these methods are largely for research, so don't worry: There's no need to keep your phone off your desk or on a vibration-damping pad.

Niels Broekhuijsen
Niels Broekhuijsen

Niels Broekhuijsen is a Contributing Writer for Tom's Hardware US. He reviews cases, water cooling and pc builds.

Topics
Security
39 Comments Comment from the forums
  • jkflipflop98
    This seems like something that could only be accomplished in a lab environment. You have to hack into both the phone and the PC (at which point you could just take the data anyways) - then you have to wait until your target sets the phone down on the desk at which they're using the pc.

    Right now, my phone is on it's charger in the kitchen where it pretty much stays until I need it. My PC sits on the concrete slab of my garage floor. I guess I'm immune to this attack vector.
    Reply
  • drtweak
    jkflipflop98 said:
    This seems like something that could only be accomplished in a lab environment. You have to hack into both the phone and the PC (at which point you could just take the data anyways) - then you have to wait until your target sets the phone down on the desk at which they're using the pc.

    Right now, my phone is on it's charger in the kitchen where it pretty much stays until I need it. My PC sits on the concrete slab of my garage floor. I guess I'm immune to this attack vector.


    My father in law does cyber security work for the government. They aren't allowed to talk about classified information around PC's because there have been studies where the vibration form the air could leave imprints onto the hard drives! I was skeptical at first, but then he had a document he showed me about it and my jaw just dropped.

    Also remember reading something about a guy where some malware was able to infect other PC's though the speakers and mic using high frequency sound waves that you couldn't hear. It was a loooong time ago using some really old laptops but it infected the BIOS some how. There was no concert details on that just a guy and him figuring something out because he got infected with it. Issues only went away once they were all in separate rooms and flashed the BIOS on all them at the same exact time.
    Reply
  • aeronauts
    One scenario: In an attempt to gain information from specific users or class of users the PC malware identifies specific urls, usernames and password in a key logger according to a list. It then continuously transmits these over and over via the fan speed variations at just a few baud. The phone has complementary malware and is constantly monitoring the sensor for the fan signal if it happens to be located near the computer. After decoding the message via the fan it sends it on to a server. The miscreant now has login credentials for use.

    When time is available this could be one part of a multifaceted attack.
    Reply
  • USAFRet
    drtweak said:
    My father in law does cyber security work for the government. They aren't allowed to talk about classified information around PC's because there have been studies where the vibration form the air could leave imprints onto the hard drives! I was skeptical at first, but then he had a document he showed me about it and my jaw just dropped.
    I'd have to see some documentation on that.
    Reply
  • TerryLaze
    Reply
  • saf227
    By their own admission, this doesn't overcome the air-gap because it requires that you have contact with the computer to install malware in the first place. If they have no access to the computer in the 1st place, this doesn't work. If they do have access to the computer in the 1st place, this is totally unnecessary.
    Reply
  • USAFRet
    saf227 said:
    By their own admission, this doesn't overcome the air-gap because it requires that you have contact with the computer to install malware in the first place. If they have no access to the computer in the 1st place, this doesn't work. If they do have access to the computer in the 1st place, this is totally unnecessary.
    Exactly.
    This is a lab quality proof of concept.
    Not an actual vulnerability in the wild.
    Reply
  • Makaveli
    USAFRet said:
    I'd have to see some documentation on that.

    That is Confidential information sir.

    Reply
  • USAFRet
    Makaveli said:
    That is Confidential information sir.
    Interestingly enough...
    But we won't go into that here.
    Reply
  • USAFRet
    Hard drive as "microphone".
    https://andrewkwong.org/docs/Kwong-HDDphone-IEEE-SP-2019.pdf
    Reading in real time.
    Not "imprinted" to read back later.
    Reply