The next time the FBI spends weeks trying to break into an encrypted computer, they ought to ask one (strange) question first: Are they listening to what the computer has to say?
Israeli researchers have created “Fansmitter,” a new piece of malware that can steal data from a computer by using the noise created by cooling systems and the CPU—systems virtually all computers have.
If hackers can get close enough, it doesn’t matter if the target machine is “air-gapped”—kept off the internet for protection against hackers—or “audio-gapped” so that there are no speakers, which can also be used to breach the machine.
Fansmitter successfully stole passwords and encryption keys from a speakerless air-gapped desktop computer, the researchers showed. And it applies to other audioless devices with cooling fans “such as printers, control systems, embedded devices, [internet of things] devices, and more.”
Fansmitter “can regulate the internal fans’ speed in order to control the acoustic waveform emitted from a computer,” the researchers wrote. A nearby smartphone microphone, placed up to eight meters away, can then pick up the binary data being audibly transmitted.
This method, though novel and potent, can be protected against. Sensitive computers can be kept in restricted areas, the researchers note, that ban smartphones, microphones, and other electronic equipment. A costly noise-blocking chassis is also an option, as is a different type of cooling system.
But none of those countermeasures impact most PCs today, leaving many of them blabbering on just loudly enough to give up our secrets.