Fansmitter: Acoustic Data Exfiltration from (Speakerless) Air-Gapped Computers (1606.05915v1)

Abstract: Because computers may contain or interact with sensitive information, they are often air-gapped and in this way kept isolated and disconnected from the Internet. In recent years the ability of malware to communicate over an air-gap by transmitting sonic and ultrasonic signals from a computer speaker to a nearby receiver has been shown. In order to eliminate such acoustic channels, current best practice recommends the elimination of speakers (internal or external) in secure computers, thereby creating a so-called 'audio-gap'. In this paper, we present Fansmitter, a malware that can acoustically exfiltrate data from air-gapped computers, even when audio hardware and speakers are not present. Our method utilizes the noise emitted from the CPU and chassis fans which are present in virtually every computer today. We show that a software can regulate the internal fans' speed in order to control the acoustic waveform emitted from a computer. Binary data can be modulated and transmitted over these audio signals to a remote microphone (e.g., on a nearby mobile phone). We present Fansmitter's design considerations, including acoustic signature analysis, data modulation, and data transmission. We also evaluate the acoustic channel, present our results, and discuss countermeasures. Using our method we successfully transmitted data from air-gapped computer without audio hardware, to a smartphone receiver in the same room. We demonstrated the effective transmission of encryption keys and passwords from a distance of zero to eight meters, with bit rate of up to 900 bits/hour. We show that our method can also be used to leak data from different types of IT equipment, embedded systems, and IoT devices that have no audio hardware, but contain fans of various types and sizes.

Acoustic Data Exfiltration from Air-Gapped Systems: An Analysis of Fansmitter

The paper "Fansmitter: Acoustic Data Exfiltration from (Speakerless) Air-Gapped Computers" introduces a novel method for data exfiltration using the acoustic emissions of computer fans. Within cybersecurity research, the exfiltration of sensitive data from air-gapped systems—those physically isolated from unsecured networks—is a topic of significant concern. Prior methodologies have utilized various modalities such as electromagnetic, optical, and acoustic channels, primarily relying on components like speakers or LEDs. The present work, however, extends the domain of acoustic covert channels by exploiting internal computer fans — omnipresent hardware that is generally overlooked as a vector for data leakage.

Key Contributions

The core innovation in this paper is the development of a malware-based approach named Fansmitter, which capitalizes on acoustic signals emitted by CPU and chassis fans. The malware modulates data onto these acoustic emissions by precisely controlling fan speeds through software, transforming binary data into acoustic signals that can be captured by a nearby microphone, such as one commonly available in smartphones. The key technical considerations discussed include:

• Acoustic Signature Analysis: Detailed studies were conducted on the noise characteristics of computer fans at varying speeds, noting the potential for fan noise modulation by manipulating the revolutions per minute (RPM).
• Data Modulation Schemes: Two primary modulation techniques, Amplitude Shift Keying (ASK) and Frequency Shift Keying (FSK), are employed to encode binary data, focusing primarily on frequency and amplitude changes brought on by varying fan speeds.
• Transmission Capabilities: Empirical results demonstrated successful data transmission from zero to eight meters, achieving a bit rate of up to 15 bits per minute (900 bits/hour) under certain conditions.

Implications and Future Directions

The practical implications of this research extend significantly across various domains utilizing air-gapped systems, including military, financial, and industrial sectors. The feasibility of exploiting internal fans makes Fansmitter a pertinent threat, even in environments that prohibit traditional audio devices.

From a theoretical standpoint, this research enriches the field of covert channels by highlighting the intersection of acoustics and hardware control strategies in a practical attack scenario. These findings urge a reconsideration of security postures regarding seemingly innocuous hardware components and their potential utility in sophisticated cyber-attack vectors.

Future research directions could explore enhancing data rates and robustness in more acoustically challenging environments or extending this approach to other forms of untapped hardware beyond fans. Further investigations could also be directed towards developing more efficient detection and mitigation strategies for such covert channels, such as improved isolation of critical hardware components or advanced anomaly detection algorithms that encompass acoustic signature monitoring.

In conclusion, the Fansmitter method offers a profound insight into the diverse capabilities and variability of covert channel threats. It challenges the perception of air-gapped systems' invulnerability and contributes valuable knowledge toward understanding and potentially mitigating such sophisticated cybersecurity threats.