And Now, a Cyberattack That Uses Fan Vibrations to Steal Data: Air-ViBeR

btarunr · Apr 23, 2020

Air-ViBeR is a new cyber-security vulnerability that uses changes in your PC's fan vibrations to sneak out data through an elaborate, convoluted method involving more than one compromised device. There is an infinitesimal and purely mathematical chance of this type of cyberattack affecting you, however one can't help but admire the ingenuity behind it, the stuff of Hollywood.

Created by Mordechai Guri at the Cyber Security Research Center at Ben-Gurion University, Israel, Air-ViBeR involves a compromised PC regulating its fan-speeds to alter the PC's acoustics rapidly, to relay data to an Internet-connected listening device, such as a compromised smartphone, which then converts those vibrations into ones and zeroes to transmit to the web. There's no way this method will transmit a your 100-gigabyte C: in a lifetime, let alone the few hours that your smartphone is placed on the same desk as your PC; but the attacker would look for something specific and something that fits within 4 KB (one block, or 32,768 bits). Guri demonstrated his method and wrote a paper on it explaining what he calls "air gap covert channels."

A video presentation by Mordechai Guri follows.

View at TechPowerUp Main Site

BrainCruser · Apr 23, 2020

...If someone compromised your airgapped system, and your phone, you have bigger issues than your system varying its fan speed to talk to the phone.

Deleted member 67555 · Apr 23, 2020

Wow I can't come up with a smart ass enough remark for this...I sat here for 5 minutes trying to come with something.

natr0n · Apr 23, 2020

"imagines farting hard at/on your pc during a compromise"

air gap covert channels has a new meaning.

Solaris17 · Apr 23, 2020

This isnt new, fansmitter was published 4 years ago.

fansmitter - Google Search

windwhirl · Apr 23, 2020

Solaris17 said:
This isnt new, fansmitter was published 4 years ago.

fansmitter - Google Search

They should make an updated version targeting RGB fans :laugh:

notb · Apr 23, 2020

Solaris17 said:
This isnt new, fansmitter was published 4 years ago.

Different approach. Fansmitter exposes data over sound generated by the PC (components, not speakers). You need an active microphone to collect it.

This exposes data via desk vibrations, so you can collect via a smartphone with accelerometer.

Key difference:
Android (not sure about iPhone) doesn't have an accelerometer access policy, i.e. apps don't ask for permission (they do for the microphone).
You can even call the accelerometer from JavaScript. That's the security issue that has to be taken care of.

BrainCruser said:
...If someone compromised your airgapped system, and your phone, you have bigger issues than your system varying its fan speed to talk to the phone.

The whole point of these attacks is to find channels that go around the blocked (or tracked) network communication.

You have to consider that fan speed can be controlled without admin rights and smartphone accelerometer can be accessed with additional privileges.
So this opens a realistic possibility of moving data without network access. You only need a script on the computer and on the smartphone - both placed on the same desk. No admin rights. Hardly any trace left. It's not fast, but it works.

Remember that IT security is not just about blocking access from outside of the organization (i.e. hacking). It's also about making it harder for insiders to steal data.
So, you've locked the USB ports, you control network communication, you check everything that is sent to the printer.
That's why now people try to move data over sound and vibrations.

Solaris17 · Apr 23, 2020

notb said:
Different approach. Fansmitter exposes data over sound generated by the PC (components, not speakers). You need an active microphone to collect it.

Thanks my fault for not reading the entire article.

The malware is neat but the concept I will standby is still not new. We have been looking into this for awhile.

SAGE Journals: Your gateway to world-class research journals

Subscription and open access journals from SAGE Publishing, the world's leading independent academic publisher.

journals.sagepub.com

The process in which they implement and weaponize it are interesting though.

What was used initially as a way to interpret stressors on bridges and other heavy equipment in engineering is now used to pickup passwords.

Pretty cool.

notb · Apr 23, 2020

Solaris17 said:
Thanks my fault for not reading the entire article.

The malware is neat but the concept I will standby is still not new. We have been looking into this for awhile.

Absolutely. Idea is not new and not that shocking as well. Researcher from Ben-Gurion basically provided a PoC.

Apart from targeting a particular company/PC, this has a lot of potential as a mass method.
Receiver is extremely easy to run (JS, apps). Sender will be a bit trickier but feasible (malware, JS). You'll get a match sooner or later.

Also, a slight detail easy to forget: this works perfectly well on Linux and MacOS. Even on servers if you place a receiver on the rack (consciously and likely not a phone

).
It may be even easier to run this on Macs, since there are so few variants. Because, of course, you either need to know the exact fan frequency spectrum or train the signal processing model.

Solaris17 · Apr 23, 2020

notb said:
Even on servers if you place a receiver on the rack (consciously and likely not a phone ).

im willing to bet you could manipulate the software enough to use something like a laser microphone pointed at the machine itself, maybe glass on a window the building over when technology improves more.

R-T-B · Apr 23, 2020

I'll take "how to know I am a high value target" for $1000, Alex...

Daily Double!

Solaris17 · Apr 23, 2020

R-T-B said:
I'll take "how to know I am a high value target" for $1000, Alex...

Daily Double!

yeah, usually games at this level aren’t public until the tech to do it is freely available.

being on the receiving end of that kind of sophistication is a target in itself outside of the attackers. Especially if your an entity that isn’t supposed to have something that warrants that kind of fire power.

Vayra86 · Apr 23, 2020

Next: data mining over coil whine

xtreemchaos · Apr 23, 2020

its a bit late for april the 1ST isnt it, ill give a big prize for anyone who can hack my pc through the darn fans

. its like pull the other one its got bells on... its like i brought this app that says it will clean my pc, its been a week now and my rigs still dirty

notb · Apr 23, 2020

Vayra86 said:
Next: data mining over coil whine

Well, you can joke all you want, but this is how industrial espionage really works (probably the gov one as well).

Phishing, a lot of psychological attacks, laser microphones (already mentioned by @Solaris17 - beautiful stuff).

On this forum we talk a lot about CPU vulnerabilities and things like that, but most real life attacks are made surprisingly code-less.

silentbogo · Apr 23, 2020

That's probably the worst covert channel you can possibly imagine. Not only is it susceptible to interference from other fans(gpu, chassis etc) and HDD vibrations, but also won't do shit until the building is empty, which in all likeliness is going to happen when a person takes his/her phone home (that's why dude left the table in the video). Also, controlling fans in a precise manner is super-hard on most systems. There are things like delays, hysteresis, finicky controllers, and different implementations of fan control in PCs, which these attention-seeking "hackers" conveniently omit by pluging a PWM signal to RPi GPIO.
It reminds me of all those late 90's early 2000's "hacks" from computer magazines (I mean the ones made of paper), with things like making an optical modem out of laser pointer and generic IR receiver, or making "covert" data transmission using PC buzzer and mic.
It's not even a "proof-of-concept", just a fun weekend project you can do with your kids.

ZoneDymo · Apr 23, 2020

Well that is just FANtastic

Bones · Apr 23, 2020

Essentially it's a form of morse code for electronics when you think about it.

Caring1 · Apr 23, 2020

xtreemchaos said:
its a bit late for april the 1ST isnt it, ill give a big prize for anyone who can hack my pc through the darn fans . its like pull the other one its got bells on... its like i brought this app that says it will clean my pc, its been a week now and my rigs still dirty

Did you try turning it off, then on again?

Cidious · Apr 23, 2020

People have too much time on their hands during quarantine. This is just ridiculous. I thought 1st of April had passed already.

R-T-B · Apr 23, 2020

Cidious said:
People have too much time on their hands during quarantine.

It's security research, a job field that never sleeps. Quarantine has nothing to do with it.

Bones said:
Essentially it's a form of morse code for electronics when you think about it.

Pretty much the concept. Clever if really really impractical.

BrainCruser said:
...If someone compromised your airgapped system, and your phone, you have bigger issues than your system varying its fan speed to talk to the phone.

It happened to Iran. And yes, they then did have much bigger issues. Stuxnet. Cool case study, that.

Ferrum Master · Apr 23, 2020

Here come Delta fans to the rescue... 12V only.

Real men use real fans indeed

thekaidis · Apr 23, 2020

BrainCruser said:
...If someone compromised your airgapped system, and your phone, you have bigger issues than your system varying its fan speed to talk to the phone.

Right? Priorities, man. Kind of like saying "if someone breaks into your house and takes you hostage, they might be able to access your browser history!"

R-T-B · Apr 23, 2020

thekaidis said:
Right? Priorities, man. Kind of like saying "if someone breaks into your house and takes you hostage, they might be able to access your browser history!"

Again, stuxnet is a good counterpoint to that. It shows attacks like this aren't completely useless, but they are usually reserved for really high level spy type stuff that would never bother any "lame" civilian like us.

Personally, I'm interested in a less nefarious use of this novel tech: Fan based networking to my smartphone. Screw you, bluetooth! :roll:

Ferrum Master · Apr 23, 2020

R-T-B said:
Again, stuxnet is a good counterpoint to that. It shows attacks like this aren't completely useless, but they are usually reserved for really high level spy type stuff that would never bother any "lame" civilian like us.

Personally, I'm interested in a less nefarious use of this novel tech: Fan based networking to my smartphone. Screw you, bluetooth!

Imagine, you could actually feel the data flow

System Name	RBMK-1000
Processor	AMD Ryzen 7 5700G
Motherboard	Gigabyte B550 AORUS Elite V2
Cooling	DeepCool Gammax L240 V2
Memory	2x 16GB DDR4-3200
Video Card(s)	Galax RTX 4070 Ti EX
Storage	Samsung 990 1TB
Display(s)	BenQ 1440p 60 Hz 27-inch
Case	Corsair Carbide 100R
Audio Device(s)	ASUS SupremeFX S1220A
Power Supply	Cooler Master MWE Gold 650W
Mouse	ASUS ROG Strix Impact
Keyboard	Gamdias Hermes E2
Software	Windows 11 Pro

System Name	natr0n-PC
Processor	Ryzen 5950x-5600x \| 9600k
Motherboard	B450 AORUS M \| Z390 UD
Cooling	EK AIO 360 - 6 fan action \| AIO
Memory	Patriot - Viper Steel DDR4 (B-Die)(4x8GB) \| Samsung DDR4 (4x8GB)
Video Card(s)	EVGA 3070ti FTW
Storage	Various
Display(s)	Pixio PX279 Prime
Case	Thermaltake Level 20 VT \| Black bench
Audio Device(s)	LOXJIE D10 + Kinter Amp + 6 Bookshelf Speakers Sony+JVC+Sony
Power Supply	Super Flower Leadex III ARGB 80+ Gold 650W \| EVGA 700 Gold
Software	XP/7/8.1/10
Benchmark Scores	http://valid.x86.fr/79kuh6

System Name	RogueOne
Processor	Xeon W9-3495x
Motherboard	ASUS w790E Sage SE
Cooling	SilverStone XE360-4677
Memory	128gb Gskill Zeta R5 DDR5 RDIMMs
Video Card(s)	MSI SUPRIM Liquid 5090
Storage	1x 2TB WD SN850X \| 2x 8TB GAMMIX S70
Display(s)	49" Philips Evnia OLED (49M2C8900)
Case	Thermaltake Core P3 Pro Snow
Audio Device(s)	Moondrop S8's on Schitt Gunnr
Power Supply	Seasonic Prime TX-1600
Mouse	Razer Viper mini signature edition (mercury white)
Keyboard	Wooting 80 HE White, Gateron Jades
VR HMD	Quest 3
Software	Windows 11 Pro Workstation
Benchmark Scores	I dont have time for that.

System Name	System V
Processor	AMD Ryzen 7 9700X
Motherboard	ASRock X670E Pro Rs
Cooling	Deepcool AK620 // a bunch of 120 mm Xigmatek 1500 RPM fans (2 ins, 3 outs)
Memory	2x16GB Kingston 6400MT CL32
Video Card(s)	Gigabyte AORUS Radeon RX 580 8 GB
Storage	SHFS37A240G / DT01ACA200 / ST10000VN0008 / ST8000VN004 / SA400S37960G / SNV21000G / NM620 2TB
Display(s)	LG 22MP55 IPS Display
Case	NZXT Source 210
Audio Device(s)	Logitech G430 Headset
Power Supply	XPG Core Reactor 750 W
Software	Whatever build of Windows 11 is being served in Canary channel at the time.

System Name	RogueOne
Processor	Xeon W9-3495x
Motherboard	ASUS w790E Sage SE
Cooling	SilverStone XE360-4677
Memory	128gb Gskill Zeta R5 DDR5 RDIMMs
Video Card(s)	MSI SUPRIM Liquid 5090
Storage	1x 2TB WD SN850X \| 2x 8TB GAMMIX S70
Display(s)	49" Philips Evnia OLED (49M2C8900)
Case	Thermaltake Core P3 Pro Snow
Audio Device(s)	Moondrop S8's on Schitt Gunnr
Power Supply	Seasonic Prime TX-1600
Mouse	Razer Viper mini signature edition (mercury white)
Keyboard	Wooting 80 HE White, Gateron Jades
VR HMD	Quest 3
Software	Windows 11 Pro Workstation
Benchmark Scores	I dont have time for that.

And Now, a Cyberattack That Uses Fan Vibrations to Steal Data: Air-ViBeR

btarunr

Editor & Senior Moderator

BrainCruser

Deleted member 67555

Guest

natr0n

Solaris17

Super Dainty Moderator

windwhirl

notb

Solaris17

Super Dainty Moderator

SAGE Journals: Your gateway to world-class research journals

notb

Solaris17

Super Dainty Moderator

R-T-B

Solaris17

Super Dainty Moderator

Vayra86

xtreemchaos

notb

silentbogo

Moderator

ZoneDymo

Bones

Caring1

Cidious

R-T-B

Ferrum Master

thekaidis

R-T-B

Ferrum Master

System Name	Pioneer
Processor	Ryzen 9 9950X
Motherboard	MSI MAG X670E Tomahawk Wifi
Cooling	Noctua NH-D15 + A whole lotta Sunon, Phanteks and Corsair Maglev blower fans...
Memory	64GB (2x 32GB) G.Skill Flare X5 @ DDR5-6200(Running 1T no GDM)
Video Card(s)	PNY RTX 5080 OC
Storage	Intel 5800X Optane 800GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs, 1x 2TB Seagate Exos 3.5"
Display(s)	55" LG 55" B9 OLED 4K Display
Case	Thermaltake Core X31
Audio Device(s)	TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply	FSP Hydro Ti Pro 850W
Mouse	Logitech G305 Lightspeed Wireless
Keyboard	WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software	Gentoo Linux x64 / Windows 11 Enterprise (yes it's legit)

System Name	Tiny the White Yeti
Processor	7800X3D
Motherboard	MSI MAG Mortar b650m wifi
Cooling	CPU: Thermalright Peerless Assassin / Case: Phanteks T30-120 x3
Memory	32GB Corsair Vengeance 30CL6000
Video Card(s)	ASRock RX7900XT Phantom Gaming
Storage	Lexar NM790 4TB + Samsung 850 EVO 1TB + Samsung 980 1TB + Crucial BX100 250GB
Display(s)	Gigabyte G34QWC (3440x1440)
Case	Lian Li A3 mATX White
Audio Device(s)	Harman Kardon AVR137 + 2.1
Power Supply	EVGA Supernova G2 750W
Mouse	Steelseries Aerox 5
Keyboard	Lenovo Thinkpad Trackpoint II
VR HMD	HD 420 - Green Edition ;)
Software	W11 IoT Enterprise LTSC
Benchmark Scores	Over 9000

System Name	1.FortySe7en VR rig 2. intel teliscope rig 3.MSI GP72MVR Leopard Pro .E-52699, Xeon play thing
Processor	1.3900x @stock 2. 5950x undervolted . 3. i7 7700hq 4 E5-2699 V3
Motherboard	1.aorus x570 ultra 2. Rog b550 f,4 MR9A PRO ATX X99
Cooling	1.Hard tube loop, cpu and gpu 2. Hard loop cpu and gpu 4 360 AIO
Memory	1.Gskill neo @3600 32gb 2.corsair ven 32gb @3200 3. 16gb hyperx @2400 4 64GB 2133 in quad channel
Video Card(s)	1.GIGABYTE RTX 3080 WaterForce WB 2. Aorus RTX2080 3. 1060 3gb. 4 Arc 770LE 16 gb
Storage	1 M.2 1tb +1tb , 2 3tb HDs 2. 1tb m.2 3tbHD 3. 256 m.2. 1tb ssd 4. 2gb ssd
Display(s)	1.LG 50" UHD , 2 MSI Optix MAG342C UWHD. 3.17" 120 hz display 4. Acer Preditor 144hz 32inch.z
Case	1. Thermaltake P5 2. Thermaltake P3 4. montech king 65
Audio Device(s)	1 Onboard 2 Onboard 3 Onboard 4. onboard.
Power Supply	1.seasonic gx 850w 2. seasonic gx 750w. 4 RM850w
Mouse	1 ROG Gladius 2 Corsair m65 pro
Keyboard	1. ROG Strix Flare 2. Corsair F75 RBG 3. steelseries RBG
VR HMD	rift and rift S and Quest 2. rog ally 2tb m.2 1tb SD.
Software	1. win11 pro 2. win11 pro 3, win11 home 4 win11 pro
Benchmark Scores	1.7821 cb20 ,cb15 3442 1c 204 cpu-z 1c 539 12c 8847

System Name	WS#1337
Processor	Ryzen 7 5700X3D
Motherboard	ASUS X570-PLUS TUF Gaming
Cooling	Xigmatek Scylla 240mm AIO
Memory	64GB DDR4-3600(4x16)
Video Card(s)	MSI RTX 3070 Gaming X Trio
Storage	ADATA Legend 2TB
Display(s)	Samsung Viewfinity Ultra S6 (34" UW)
Case	ghetto CM Cosmos RC-1000
Audio Device(s)	ALC1220
Power Supply	SeaSonic SSR-550FX (80+ GOLD)
Mouse	Logitech G603
Keyboard	Modecom Volcano Blade (Kailh choc LP)
VR HMD	Google dreamview headset(aka fancy cardboard)
Software	Windows 11, Ubuntu 24.04 LTS

System Name	Cyberline
Processor	Intel Core i7 2600k -> 12600k
Motherboard	Asus P8P67 LE Rev 3.0 -> Gigabyte Z690 Auros Elite DDR4
Cooling	Tuniq Tower 120 -> Custom Watercoolingloop
Memory	Corsair (4x2) 8gb 1600mhz -> Crucial (8x2) 16gb 3600mhz
Video Card(s)	AMD RX480 -> RX7800XT
Storage	Samsung 750 Evo 250gb SSD + WD 1tb x 2 + WD 2tb -> 2tb MVMe SSD
Display(s)	Philips 32inch LPF5605H (television) -> Dell S3220DGF
Case	antec 600 -> Thermaltake Tenor HTCP case
Audio Device(s)	Focusrite 2i4 (USB)
Power Supply	Seasonic 620watt 80+ Platinum
Mouse	Elecom EX-G
Keyboard	Rapoo V700
Software	Windows 10 Pro 64bit

Processor	Ryzen 2600
Motherboard	X470 Tachi Ultimate
Cooling	AM3+ Wraith CPU cooler
Memory	C.R.S.
Video Card(s)	GTX 970
Software	Linux Peppermint 10
Benchmark Scores	Never high enough

System Name	H7 Flow 2024
Processor	AMD 5800X3D
Motherboard	Asus X570 Tough Gaming
Cooling	Custom liquid
Memory	32 GB DDR4
Video Card(s)	Intel ARC A750
Storage	Crucial P5 Plus 2TB.
Display(s)	AOC 24" Freesync 1m.s. 75Hz
Mouse	Lenovo
Keyboard	Eweadn Mechanical
Software	W11 Pro 64 bit

System Name	HELLSTAR
Processor	AMD RYZEN 9 5950X
Motherboard	ASUS Strix X570-E
Cooling	2x 360 + 280 rads. 3x Gentle Typhoons, 3x Phanteks T30, 2x TT T140 . EK-Quantum Momentum Monoblock.
Memory	4x8GB G.SKILL Trident Z RGB F4-4133C19D-16GTZR 14-16-12-30-44
Video Card(s)	Sapphire Pulse RX 7900XTX. Water block. Crossflashed.
Storage	Optane 900P[Fedora] + WD BLACK SN850X 4TB + 750 EVO 500GB + 1TB 980PRO+SN560 1TB(W11)
Display(s)	Philips PHL BDM3270 + Acer XV242Y
Case	Lian Li O11 Dynamic EVO
Audio Device(s)	SMSL RAW-MDA1 DAC
Power Supply	Fractal Design Newton R3 1000W
Mouse	Razer Basilisk
Keyboard	Razer BlackWidow V3 - Yellow Switch
Software	FEDORA 41