Wednesday, April 22nd 2020
And Now, a Cyberattack That Uses Fan Vibrations to Steal Data: Air-ViBeR
Air-ViBeR is a new cyber-security vulnerability that uses changes in your PC's fan vibrations to sneak out data through an elaborate, convoluted method involving more than one compromised device. There is an infinitesimal and purely mathematical chance of this type of cyberattack affecting you, however one can't help but admire the ingenuity behind it, the stuff of Hollywood.
Created by Mordechai Guri at the Cyber Security Research Center at Ben-Gurion University, Israel, Air-ViBeR involves a compromised PC regulating its fan-speeds to alter the PC's acoustics rapidly, to relay data to an Internet-connected listening device, such as a compromised smartphone, which then converts those vibrations into ones and zeroes to transmit to the web. There's no way this method will transmit a your 100-gigabyte C: in a lifetime, let alone the few hours that your smartphone is placed on the same desk as your PC; but the attacker would look for something specific and something that fits within 4 KB (one block, or 32,768 bits). Guri demonstrated his method and wrote a paper on it explaining what he calls "air gap covert channels."A video presentation by Mordechai Guri follows.
Source:
HotHardware
Created by Mordechai Guri at the Cyber Security Research Center at Ben-Gurion University, Israel, Air-ViBeR involves a compromised PC regulating its fan-speeds to alter the PC's acoustics rapidly, to relay data to an Internet-connected listening device, such as a compromised smartphone, which then converts those vibrations into ones and zeroes to transmit to the web. There's no way this method will transmit a your 100-gigabyte C: in a lifetime, let alone the few hours that your smartphone is placed on the same desk as your PC; but the attacker would look for something specific and something that fits within 4 KB (one block, or 32,768 bits). Guri demonstrated his method and wrote a paper on it explaining what he calls "air gap covert channels."A video presentation by Mordechai Guri follows.
33 Comments on And Now, a Cyberattack That Uses Fan Vibrations to Steal Data: Air-ViBeR
air gap covert channels has a new meaning.
www.google.com/search?client=opera&q=fansmitter&sourceid=opera&ie=UTF-8&oe=UTF-8
This exposes data via desk vibrations, so you can collect via a smartphone with accelerometer.
Key difference:
Android (not sure about iPhone) doesn't have an accelerometer access policy, i.e. apps don't ask for permission (they do for the microphone).
You can even call the accelerometer from JavaScript. That's the security issue that has to be taken care of. The whole point of these attacks is to find channels that go around the blocked (or tracked) network communication.
You have to consider that fan speed can be controlled without admin rights and smartphone accelerometer can be accessed with additional privileges.
So this opens a realistic possibility of moving data without network access. You only need a script on the computer and on the smartphone - both placed on the same desk. No admin rights. Hardly any trace left. It's not fast, but it works.
Remember that IT security is not just about blocking access from outside of the organization (i.e. hacking). It's also about making it harder for insiders to steal data.
So, you've locked the USB ports, you control network communication, you check everything that is sent to the printer.
That's why now people try to move data over sound and vibrations.
The malware is neat but the concept I will standby is still not new. We have been looking into this for awhile.
journals.sagepub.com/doi/full/10.1155/2014/278560
The process in which they implement and weaponize it are interesting though.
What was used initially as a way to interpret stressors on bridges and other heavy equipment in engineering is now used to pickup passwords.
Pretty cool.
Apart from targeting a particular company/PC, this has a lot of potential as a mass method.
Receiver is extremely easy to run (JS, apps). Sender will be a bit trickier but feasible (malware, JS). You'll get a match sooner or later.
Also, a slight detail easy to forget: this works perfectly well on Linux and MacOS. Even on servers if you place a receiver on the rack (consciously and likely not a phone ;)).
It may be even easier to run this on Macs, since there are so few variants. Because, of course, you either need to know the exact fan frequency spectrum or train the signal processing model.
Daily Double!
being on the receiving end of that kind of sophistication is a target in itself outside of the attackers. Especially if your an entity that isn’t supposed to have something that warrants that kind of fire power.
Phishing, a lot of psychological attacks, laser microphones (already mentioned by @Solaris17 - beautiful stuff).
On this forum we talk a lot about CPU vulnerabilities and things like that, but most real life attacks are made surprisingly code-less. :p
It reminds me of all those late 90's early 2000's "hacks" from computer magazines (I mean the ones made of paper), with things like making an optical modem out of laser pointer and generic IR receiver, or making "covert" data transmission using PC buzzer and mic.
It's not even a "proof-of-concept", just a fun weekend project you can do with your kids.
Real men use real fans indeed :D
Personally, I'm interested in a less nefarious use of this novel tech: Fan based networking to my smartphone. Screw you, bluetooth! :roll:
Removable media is the oldest attack vector (older than me). No magic microphones or fan oscillations, just plain-old flash drives.