Researchers transmitted data from a desktop PC through vibrations across a table

A group of scientists from Ben-Gurion University in the Negev (Israel) is studying how to transmit information from isolated computers (airgap). They have already developed methods for transmitting data by blinking the HDD LED , marchurizer or keyboard , electromagnetic radiation from the USB bus and from the GPU card , the sounds of the GPU cooler and the magnetic head of the HDD , through thermal radiation and audio speakers (in the inaudible range), to change the PC power consumption and display brightness . It turns out that the list is not limited to this.

On April 13, 2020, scientists published a description of a new AiR-ViBeR attack with exfiltration of data through fan vibrations . The transmission speed is lower than in other methods: only 0.5 bits per second with the cover of the system unit closed.

A team of researchers led by Mordechai Guri (Mordechai Guri) studied the vibrations that create the fans in the system unit.


The source of vibration is an imbalance when the center of mass does not coincide with the geometric center of rotation.

Researchers have developed a data transfer protocol based on a change in fan speed - and therefore vibration. The method is code-named AiR-ViBeR.

Isolated systems in local networks without access to the Internet are often used in state or corporate networks to store sensitive data. Guri’s research does not look at compromising and introducing malware into these ultra-secure systems, but instead focuses on innovative ways of transmitting information in ways that firewalls and security systems are not designed for.

A malicious code entered in the victim’s system controls the speed of the fan. In this particular experiment, the FAN CONTROL pin from the motherboard was connected to the GPIO12 pin on the Raspberry Pi 3, and the Python modulated the signal by changing the fan speed.





The signal is received by the accelerometer of the smartphone, which lies at a distance of about a meter from the computer.

The demodulation algorithm is given below.



Here, a potential attacker has two options: he can either place his smartphone near an infected computer, or infect the smartphones of employees who work with this computer. Accelerometer sensors in modern smartphones are available to any application without requiring user permission, which simplifies the attack, the researchers write.

The AiR-ViBeR application on the smartphone took the secret word from the computer through table vibrations.

Although the AiR-ViBeR attack can be considered theoretically possible, it is extremely unlikely that it will be used in real life. The transfer speed is too low, and attackers will better resort to any other method of removing information from an isolated computer.


The signal-to-noise ratio in different positions of the receiving device relative to the signal source (the positions are shown in the photo above)

However, administrators of secret systems should keep in mind the theoretical possibility of transmitting data through a computer fan.


Standard users are unlikely to be afraid of this threat. At such a speed, a text document will be transmitted from several months to a year. For a reasonable period of time, you can only transfer a password or an encryption key.

---

PKI solutions for enterprises. For details, contact the managers +7 (499) 678 2210, sales-ru@globalsign.com.