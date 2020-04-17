https://www.youtube.com/watch?v=XGD343nq1dg [/ embed]

Scholars at an Israeli university have shown the feasibility of using fans installed inside a computer to create controlled vibrations that can be used to steal data from airborne systems.

The technique, named after the name AiR-ViBeR, is the latest in a long list of bad data extraction techniques devised by Mordechai Guri, the R&D officer at Ben-Gurion University in the Negev in Israel.

For the past half-decade, Guri has been researching methods of sending data from computers with air voids to the outside world undetected.

Research on this is important because authentication systems [computers isolated on local networks with no Internet access] are often used on government or corporate networks to store sensitive data, such as classified files or intellectual property.

Guri’s research does not take into account ways to compromise and install malware on these super-secure systems, but instead focuses on innovative, never-before-seen ways of obtaining data, undetected and by methods used by network advocates. they are not aware. of.

In past research, Guri and his team at Ben-Gurion University’s cybersecurity research center have shown that attackers could steal data from secure systems using a variety of techniques such as:

LED-it-Go: Extracts data from open-air systems using the LED on a hard drive

USBee – Force the data bus on a USB connector that provides electromagnetic emission that can be used to exfiltrate data

AirHopper: Uses local GPU card to emit electromagnetic signals to a nearby cellphone, also used to steal data

Fansmitter – Steals data from airbrushed computers through sounds emitted by a computer’s GPU fan

DiskFiltration – Use controlled read / write HDD operations to steal data using sound waves

BitWhisper – Extracts data from non-network computers through heat emanations

Unnamed attack: Uses plan scanners to relay commands to malware-infested computers or to filter data from compromised systems

xLED: Use the router or LEDs to change the data

aIR-Jumper: Use a security camera’s infrared feature to steal data from networks with air gaps

HVACKer – Uses HVAC systems to control malware on open systems

MAGNETO & ODINI – Steal data from Faraday’s cage protected systems

MOSQUITO – Steals data from computers with speakers and headphones attached

PowerHammer – Steal data from airborne systems using power lines

CTRL-ALT LED – Steals data from airborne systems using keypad LEDs

BRIGHTNESS – Steal data from open systems through variations in screen brightness

In new research published this week, Guri delved into this past work by looking at a medium his team has not analyzed before, namely vibrations.

More specifically, Guri examined the vibrations that can be generated by fans on a computer, such as CPU fans, GPU fans, power fans, or any other fan installed on the chassis. computer.

Guri says malicious code planted in an air-gap system can control how fast fans work. Using the fan speed up and down, the attacker can control the frequency of the vibrations exiting the fan.

The AiR-ViBeR technique takes sensitive information stored in an airborne system and alters the fan speed to generate a vibrational pattern that propagates to the nearby environment, such as a desk.

Guri says that a nearby attacker can record these vibrations using accelerometer sensors found on modern smartphones, and then decode information hidden in the vibration pattern to reconstruct stolen information in the open air system. .

The collection of these vibrations can be done in two ways. If the attacker has physical access to the open network, he can put his own smartphones on a desk near an open-air system and gather the vibrations with lightning without touching the open computer.

If the attacker does not have access to an open-air network, the attackers can infect the smartphones of employees who work for the targeted company that operates an open-air system. Malicious software on the employee’s device can catch those vibrations on behalf of the attacker. Guri says this is possible as any application can access the accelerometer sensors of modern smartphones without user permission, which makes this technique very evasive.

Stealing data by vibration takes time

However, while the AiR-ViBeR technique is quite innovative, vibration data transmission is extremely slow.

In fact, the data can be exfiltrated through vibrations at a low half-bit per second rate, making AiR-ViBeR one of the slowest exfiltration methods found by Guri and his team in recent years.

While the AiR-ViBeR attack may be considered “feasible,” it is highly unrealistic for attackers to use it in the wild, as they are more likely to opt for other techniques that filter information at faster speeds.

Further technical details about the AiR-ViBeR technique can be found in a white paper published this week called “AiR-ViBeR: Exfiltrating Data from Air-Gapped Computers via Covert Surface ViBrAtIoNs.”

Regular users have nothing to fear about AiR-ViBeR, as there are far more dangerous threats found on the Internet. However, high-security network administrators are likely to be buzzing, take into account Guri’s latest work, and implement some of the forceful measures in the document, if they consider this technique to be a credible threat .