Researchers managed to steal data from air-gapped computers through computer’s fan

Researchers from the Ben-Gurion University in Israel have designed an attack that enables stealing data from an “air-gapped” computer by using its cooling fans. Air-gapped computers – disconnected from the Internet and even other machines in the network – are often used in industrial systems and other institutions that hold sensitive operations and data, in order to disable penetration through the network and stealing of sensitive data. Even the air-gapped computer, however, can be infected by malware through the USB or other plug-in devices, but there is no possibility to leak the data out of the computer if it is disconnected. The researchers have now designed malware which changes the speed of the computer fans to different frequencies, thereby sending bits of information through ordinary sound, even inaudible to humans. Certain data – especially small and important chunks such as system credentials and passwords – can thus be sent to a nearby infected smartphone or other device connected to the Internet that can be forced to “listen” and decode the sounds and transmit to the perpetrator. Using the fan for leaking the data from an air-gapped computer is an addition to similar designs that use electromagnetic waves and even heat emitted by computers.