News Cyberattack Steals PC Data Through Fan Vibrations

jkflipflop98

Distinguished
Feb 3, 2006
1,478
33
19,320
3
This seems like something that could only be accomplished in a lab environment. You have to hack into both the phone and the PC (at which point you could just take the data anyways) - then you have to wait until your target sets the phone down on the desk at which they're using the pc.

Right now, my phone is on it's charger in the kitchen where it pretty much stays until I need it. My PC sits on the concrete slab of my garage floor. I guess I'm immune to this attack vector.
 

drtweak

Illustrious
This seems like something that could only be accomplished in a lab environment. You have to hack into both the phone and the PC (at which point you could just take the data anyways) - then you have to wait until your target sets the phone down on the desk at which they're using the pc.

Right now, my phone is on it's charger in the kitchen where it pretty much stays until I need it. My PC sits on the concrete slab of my garage floor. I guess I'm immune to this attack vector.

My father in law does cyber security work for the government. They aren't allowed to talk about classified information around PC's because there have been studies where the vibration form the air could leave imprints onto the hard drives! I was skeptical at first, but then he had a document he showed me about it and my jaw just dropped.

Also remember reading something about a guy where some malware was able to infect other PC's though the speakers and mic using high frequency sound waves that you couldn't hear. It was a loooong time ago using some really old laptops but it infected the BIOS some how. There was no concert details on that just a guy and him figuring something out because he got infected with it. Issues only went away once they were all in separate rooms and flashed the BIOS on all them at the same exact time.
 
Apr 21, 2020
1
1
15
0
One scenario: In an attempt to gain information from specific users or class of users the PC malware identifies specific urls, usernames and password in a key logger according to a list. It then continuously transmits these over and over via the fan speed variations at just a few baud. The phone has complementary malware and is constantly monitoring the sensor for the fan signal if it happens to be located near the computer. After decoding the message via the fan it sends it on to a server. The miscreant now has login credentials for use.

When time is available this could be one part of a multifaceted attack.
 
Reactions: bit_user

USAFRet

Titan
Moderator
Mar 16, 2013
134,275
6,285
165,640
20,757
My father in law does cyber security work for the government. They aren't allowed to talk about classified information around PC's because there have been studies where the vibration form the air could leave imprints onto the hard drives! I was skeptical at first, but then he had a document he showed me about it and my jaw just dropped.
I'd have to see some documentation on that.
 

saf227

Reputable
Nov 23, 2016
9
1
4,510
0
By their own admission, this doesn't overcome the air-gap because it requires that you have contact with the computer to install malware in the first place. If they have no access to the computer in the 1st place, this doesn't work. If they do have access to the computer in the 1st place, this is totally unnecessary.
 

USAFRet

Titan
Moderator
Mar 16, 2013
134,275
6,285
165,640
20,757
By their own admission, this doesn't overcome the air-gap because it requires that you have contact with the computer to install malware in the first place. If they have no access to the computer in the 1st place, this doesn't work. If they do have access to the computer in the 1st place, this is totally unnecessary.
Exactly.
This is a lab quality proof of concept.
Not an actual vulnerability in the wild.
 

bit_user

Splendid
Ambassador
This seems like something that could only be accomplished in a lab environment.
It's for attacking machines with an air-gap. So, it's clearly intended for high-stakes Stuxnet-style scenarios.

You have to hack into both the phone and the PC (at which point you could just take the data anyways)
How are you going to "just take the data anyways" across an air gap? By definition, this is a PC that's not networked (or maybe not on a network you can access). Maybe you can get software onto it by infecting a software update the victim installs on it (e.g. via USB drive), but that doesn't mean you can get any information off of it. That's the problem they're trying to tackle, here.

then you have to wait until your target sets the phone down on the desk at which they're using the pc.
Or, if they can get access to your phone's microphone, then it might even work while in your pocket.

Right now, my phone is on it's charger in the kitchen where it pretty much stays until I need it. My PC sits on the concrete slab of my garage floor. I guess I'm immune to this attack vector.
Yeah, it's not about you. I think the article made that pretty clear.
 

bit_user

Splendid
Ambassador
My father in law does cyber security work for the government. They aren't allowed to talk about classified information around PC's because there have been studies where the vibration form the air could leave imprints onto the hard drives! I was skeptical at first, but then he had a document he showed me about it and my jaw just dropped.
Document authored when?

I've seen youtube videos where people shouting at a HDD cause parity error rates to increase, but that was some time ago. Maybe it's still an issue, but it definitely seems like the type of problem drive makers would have to control, as drive densities reach ever greater heights.

Even if we take it at face value, they'd basically need to infect the PC with software that continuously writes data to the HDD, while the sensitive information is being discussed (and if you don't know when that is, then pretty much continuously). That's the only plausible way you can reassemble the recording.

Also remember reading something about a guy where some malware was able to infect other PC's though the speakers and mic using high frequency sound waves that you couldn't hear.
Huh. I didn't think most speakers or mics would extend much above the audible range. But, there's a deeper problem, which is that nothing is normally listening to your mic that would be susceptible to hacking. Maybe some kind of speech recognition software that has a specific buffer overrun vulnerability, but then it'd have to be a very targeted attack.

It was a loooong time ago using some really old laptops but it infected the BIOS some how.
I'm calling BS on that.
 
This is about as useful as exfiltrating data by creating subtle monitor screen brightness changes, or by changing the room temperature slightly up and down to indicate 0's and 1's

While a fun challenge, hardly practical at all and way too slow to be useful.
 

bit_user

Splendid
Ambassador
This is about as useful as exfiltrating data by creating subtle monitor screen brightness changes,
As the article points out, that was another story they covered. Perhaps it was even by the same researchers.

or by changing the room temperature slightly up and down to indicate 0's and 1's
Uh, no. That's far too low-bandwidth and much too susceptible to interference.

While a fun challenge, hardly practical at all and way too slow to be useful.
It's practical enough for 3-letter agencies to employ, when few other options exist. And it's easily fast enough to use for exfiltrating things like passwords or encryption keys.

I read a news article a few months back. Certain state actors found out how to hack WD and Seagate firmwares already to store data in areas they shouldn't where is wasn't protected by permissions.

After all drive firmware was designed to be updated to improve reliability.
I wasn't trying to say anything in particular by that, just making an observation.
 
Last edited:
Reactions: digitalgriffin

jkflipflop98

Distinguished
Feb 3, 2006
1,478
33
19,320
3
How are you going to "just take the data anyways" across an air gap? By definition, this is a PC that's not networked (or maybe not on a network you can access). Maybe you can get software onto it by infecting a software update the victim installs on it (e.g. via USB drive), but that doesn't mean you can get any information off of it. That's the problem they're trying to tackle, here.
Uh, you have access to the machine long enough to install this mission-impossible setup on not only the system but the phone as well, you could just take whatever data it is you're after there, Hoss.
 
Uh, you have access to the machine long enough to install this mission-impossible setup on not only the system but the phone as well, you could just take whatever data it is you're after there, Hoss.
Unless this were incorporated as part of the device's operating system, drivers or firmware to begin with. Think along the lines of something that could be employed by a government, for example. And technically, they wouldn't even need the phone to be part of it, as something like a laser microphone directed at a window might suffice for detecting variations in fan speed over time.
 
Reactions: bit_user

ASK THE COMMUNITY

TRENDING THREADS