When you want to protect a computer connected to the Internet against attackers, you usually put it behind a firewall. The firewall controls access to the protected computer. However, you can defeat any lock and there are ways a dedicated attacker can compromise a firewall. Really critical data is often placed on a computer that is “air gapped.” That is, the computer isn’t connected at all to an insecure network.
An air gap turns a network security problem into a physical security problem. Even if you can infect the target system and collect data, you don’t have an easy way to get the data out of the secure facility unless you are physically present and doing something obvious (like reading from the screen into a phone). Right? Maybe not.
Researchers in Isreal have been devising various ways to transmit data from air walled computers. Their latest approach? Transmit data via changing the speed of cooling fans in the target computer. Software running on a cellphone (or other computer, obviously) can decode the data and exfiltrate it. You can see a video on the process below.
You have to give them points for out of the box thinking. However, as a practical approach, there’s a lot of things to overcome. First, you have to infect the computer. It isn’t impossible–there are real life examples of this happening. But it is difficult. You also have to have a phone or computer near the target computer. A lot of air gapped computers are in physically secure locations that would make that difficult. On top of that, the data rate is pretty low.
So this attack might be more theoretical than practical. You might wonder about using audio from the target computer’s speaker. If you kept the pitch high enough not to be obvious, that might work. However, a really secure computer might not have speakers. Also, detecting strange audio coming from the speakers would be easier than realizing the fan speed was modulated. In a way, it is like hardware steganography.
Thanks to [Greg] for the tip.