Clever Attack Uses the Sound of a Computer’s Fan to Steal Data

[ChrisSmolinski]

Mordechai Guri, manager of research and development at the Cyber Security Research Center at Ben-Gurion University, and colleagues at the lab, have previously designed three attacks that use various methods for extracting data from air-gapped machines—methods involving radio waves, electromagnetic waves and the GSM network, and even the heat emitted by computers.

Now the lab’s team has found yet another way to undermine air-gapped systems using little more than the sound emitted by the cooling fans inside computers. Although the technique can only be used to steal a limited amount of data, it’s sufficient to siphon encryption keys and lists of usernames and passwords, as well as small amounts of keylogging histories and documents, from more than two dozen feet away. The researchers, who have described the technical details of the attack in a paper (.pdf), have so far been able to siphon encryption keys and passwords at a rate of 15 to 20 bits per minute—more than 1,200 bits per hour—but are working on methods to accelerate the data extraction.

Full article: https://www.wired.com/2016/06/clever-attack-uses-sound-computers-fan-steal-data/

[Josh]

Neat, on top of Van Eck hacking and listening to the cpu via emitted rf now we have fans betraying us.

[Pigmeat]

Foil lined attic insulation, duct tape and ten or fifteen feet flexible dryer ducting will take care that minor problem. Don't they show "Red Green" in Israel?

[Terry]

The real question is -- do they send QSL's? 

[ka1iic]

One tri-core I had didn't have any fans what it did have were these massive heat sinks...  Perhaps in that case the data would modulate the sinks?  Who knows...

[Nella F.]

The real question is -- do they send QSL's? 

                                                                    "Ha Ha! Even I get that!