E-resources
Peer reviewed
-
Guri, Mordechai; Solewicz, Yosef; Elovici, Yuval
Computers & security, April 2020, 2020-04-00, 20200401, Volume: 91Journal Article
Computers that contain sensitive information are often maintained in air-gapped isolation. In this defensive measure, a computer is disconnected from the Internet - logically and physically - preventing accidental or intentional leakage of sensitive information outward. In recent years it has been shown that malware can leak data over an air-gap by transmitting sonic and ultrasonic signals from a computer speaker. In order to eliminate such acoustic covert channels, current best practice recommends the elimination of speakers in secured computers, thereby creating a so-called ‘audio-gapped’ system. In this paper, we present ‘Fansmitter,’ a malware that can acoustically exfiltrate data from air-gapped computers, even when audio hardware and speakers are not present. Our method utilizes the noise emitted from the CPU, GPU, and chassis fans. We show that a software can regulate the internal fans’ rotation speed in order to control their acoustic signal, known as blade pass frequency (BPF). Binary data can be modulated and transmitted over these audio signals to a remote microphone (e.g., a nearby smartphone). We present design considerations, including acoustic waveform analysis, data modulation and demodulation, and data transmission and reception. We evaluate the acoustic covert channel with various fans at different distances and present the results. We also discuss issues such as stealth, interference, and countermeasures. Using our method we successfully transmitted data from audio-less, air-gapped computers, to a mobile phone in the same room. We demonstrated an effective transmission at distances of 1–8 m, with a maximum bit rate of 60 bit/min per fan.
![loading ... loading ...](themes/default/img/ajax-loading.gif)
Shelf entry
Permalink
- URL:
Impact factor
Access to the JCR database is permitted only to users from Slovenia. Your current IP address is not on the list of IP addresses with access permission, and authentication with the relevant AAI accout is required.
Year | Impact factor | Edition | Category | Classification | ||||
---|---|---|---|---|---|---|---|---|
JCR | SNIP | JCR | SNIP | JCR | SNIP | JCR | SNIP |
Select the library membership card:
If the library membership card is not in the list,
add a new one.
DRS, in which the journal is indexed
Database name | Field | Year |
---|
Links to authors' personal bibliographies | Links to information on researchers in the SICRIS system |
---|
Source: Personal bibliographies
and: SICRIS
The material is available in full text. If you wish to order the material anyway, click the Continue button.