News Cyberattack Steals PC Data Through Fan Vibrations

Toggle sidebar Toggle sidebar
jkflipflop98

jkflipflop98

Distinguished
Feb 3, 2006
1,966
410
20,170
This seems like something that could only be accomplished in a lab environment. You have to hack into both the phone and the PC (at which point you could just take the data anyways) - then you have to wait until your target sets the phone down on the desk at which they're using the pc.

Right now, my phone is on it's charger in the kitchen where it pretty much stays until I need it. My PC sits on the concrete slab of my garage floor. I guess I'm immune to this attack vector.
 
drtweak

drtweak

Illustrious
Sep 17, 2012
6,348
81
38,640
jkflipflop98 said:
This seems like something that could only be accomplished in a lab environment. You have to hack into both the phone and the PC (at which point you could just take the data anyways) - then you have to wait until your target sets the phone down on the desk at which they're using the pc.

Right now, my phone is on it's charger in the kitchen where it pretty much stays until I need it. My PC sits on the concrete slab of my garage floor. I guess I'm immune to this attack vector.
Click to expand...


My father in law does cyber security work for the government. They aren't allowed to talk about classified information around PC's because there have been studies where the vibration form the air could leave imprints onto the hard drives! I was skeptical at first, but then he had a document he showed me about it and my jaw just dropped.

Also remember reading something about a guy where some malware was able to infect other PC's though the speakers and mic using high frequency sound waves that you couldn't hear. It was a loooong time ago using some really old laptops but it infected the BIOS some how. There was no concert details on that just a guy and him figuring something out because he got infected with it. Issues only went away once they were all in separate rooms and flashed the BIOS on all them at the same exact time.
 
A

aeronauts

Apr 21, 2020
1
1
15
One scenario: In an attempt to gain information from specific users or class of users the PC malware identifies specific urls, usernames and password in a key logger according to a list. It then continuously transmits these over and over via the fan speed variations at just a few baud. The phone has complementary malware and is constantly monitoring the sensor for the fan signal if it happens to be located near the computer. After decoding the message via the fan it sends it on to a server. The miscreant now has login credentials for use.

When time is available this could be one part of a multifaceted attack.
 
  • Like
Reactions: bit_user
USAFRet

USAFRet

Titan
Moderator
Mar 16, 2013
175,424
19,901
184,590
drtweak said:
My father in law does cyber security work for the government. They aren't allowed to talk about classified information around PC's because there have been studies where the vibration form the air could leave imprints onto the hard drives! I was skeptical at first, but then he had a document he showed me about it and my jaw just dropped.
Click to expand...
I'd have to see some documentation on that.
 
TerryLaze

TerryLaze

Polypheme
May 9, 2016
9,987
2,690
63,440
thumb_flip-table-meme-done-flip-table-meme-table-flip-meme-53484313.png
149530-10053570-Screen_Shot_2014-09-16_at_17_39_11_png.png
 
saf227

saf227

Reputable
Nov 23, 2016
11
2
4,515
By their own admission, this doesn't overcome the air-gap because it requires that you have contact with the computer to install malware in the first place. If they have no access to the computer in the 1st place, this doesn't work. If they do have access to the computer in the 1st place, this is totally unnecessary.
 
USAFRet

USAFRet

Titan
Moderator
Mar 16, 2013
175,424
19,901
184,590
saf227 said:
By their own admission, this doesn't overcome the air-gap because it requires that you have contact with the computer to install malware in the first place. If they have no access to the computer in the 1st place, this doesn't work. If they do have access to the computer in the 1st place, this is totally unnecessary.
Click to expand...
Exactly.
This is a lab quality proof of concept.
Not an actual vulnerability in the wild.
 
bit_user

bit_user

Titan
Ambassador
Jan 20, 2010
16,840
8,245
79,540
jkflipflop98 said:
This seems like something that could only be accomplished in a lab environment.
Click to expand...
It's for attacking machines with an air-gap. So, it's clearly intended for high-stakes Stuxnet-style scenarios.

jkflipflop98 said:
You have to hack into both the phone and the PC (at which point you could just take the data anyways)
Click to expand...
How are you going to "just take the data anyways" across an air gap? By definition, this is a PC that's not networked (or maybe not on a network you can access). Maybe you can get software onto it by infecting a software update the victim installs on it (e.g. via USB drive), but that doesn't mean you can get any information off of it. That's the problem they're trying to tackle, here.

jkflipflop98 said:
then you have to wait until your target sets the phone down on the desk at which they're using the pc.
Click to expand...
Or, if they can get access to your phone's microphone, then it might even work while in your pocket.

jkflipflop98 said:
Right now, my phone is on it's charger in the kitchen where it pretty much stays until I need it. My PC sits on the concrete slab of my garage floor. I guess I'm immune to this attack vector.
Click to expand...
Yeah, it's not about you. I think the article made that pretty clear.
 
bit_user

bit_user

Titan
Ambassador
Jan 20, 2010
16,840
8,245
79,540
drtweak said:
My father in law does cyber security work for the government. They aren't allowed to talk about classified information around PC's because there have been studies where the vibration form the air could leave imprints onto the hard drives! I was skeptical at first, but then he had a document he showed me about it and my jaw just dropped.
Click to expand...
Document authored when?

I've seen youtube videos where people shouting at a HDD cause parity error rates to increase, but that was some time ago. Maybe it's still an issue, but it definitely seems like the type of problem drive makers would have to control, as drive densities reach ever greater heights.

Even if we take it at face value, they'd basically need to infect the PC with software that continuously writes data to the HDD, while the sensitive information is being discussed (and if you don't know when that is, then pretty much continuously). That's the only plausible way you can reassemble the recording.

drtweak said:
Also remember reading something about a guy where some malware was able to infect other PC's though the speakers and mic using high frequency sound waves that you couldn't hear.
Click to expand...
Huh. I didn't think most speakers or mics would extend much above the audible range. But, there's a deeper problem, which is that nothing is normally listening to your mic that would be susceptible to hacking. Maybe some kind of speech recognition software that has a specific buffer overrun vulnerability, but then it'd have to be a very targeted attack.

drtweak said:
It was a loooong time ago using some really old laptops but it infected the BIOS some how.
Click to expand...
I'm calling BS on that.
 
bit_user

bit_user

Titan
Ambassador
Jan 20, 2010
16,840
8,245
79,540
digitalgriffin said:
This is about as useful as exfiltrating data by creating subtle monitor screen brightness changes,
Click to expand...
As the article points out, that was another story they covered. Perhaps it was even by the same researchers.

digitalgriffin said:
or by changing the room temperature slightly up and down to indicate 0's and 1's
Click to expand...
Uh, no. That's far too low-bandwidth and much too susceptible to interference.

digitalgriffin said:
While a fun challenge, hardly practical at all and way too slow to be useful.
Click to expand...
It's practical enough for 3-letter agencies to employ, when few other options exist. And it's easily fast enough to use for exfiltrating things like passwords or encryption keys.

digitalgriffin said:
I read a news article a few months back. Certain state actors found out how to hack WD and Seagate firmwares already to store data in areas they shouldn't where is wasn't protected by permissions.

After all drive firmware was designed to be updated to improve reliability.
Click to expand...
I wasn't trying to say anything in particular by that, just making an observation.
 
Last edited:
  • Like
Reactions: digitalgriffin
jkflipflop98

jkflipflop98

Distinguished
Feb 3, 2006
1,966
410
20,170
bit_user said:
How are you going to "just take the data anyways" across an air gap? By definition, this is a PC that's not networked (or maybe not on a network you can access). Maybe you can get software onto it by infecting a software update the victim installs on it (e.g. via USB drive), but that doesn't mean you can get any information off of it. That's the problem they're trying to tackle, here.
Click to expand...

Uh, you have access to the machine long enough to install this mission-impossible setup on not only the system but the phone as well, you could just take whatever data it is you're after there, Hoss.
 
cryoburner

cryoburner

Judicious
Oct 8, 2011
5,775
1,394
34,840
jkflipflop98 said:
Uh, you have access to the machine long enough to install this mission-impossible setup on not only the system but the phone as well, you could just take whatever data it is you're after there, Hoss.
Click to expand...
Unless this were incorporated as part of the device's operating system, drivers or firmware to begin with. Think along the lines of something that could be employed by a government, for example. And technically, they wouldn't even need the phone to be part of it, as something like a laser microphone directed at a window might suffice for detecting variations in fan speed over time.
 
  • Like
Reactions: bit_user
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom