So you have an air-gapped computer, or unconnected to the Internet, and you think your data is secured just because it’s not accessible online? In most cases that might be true, but that’s not 100% accurate. There are ways to steal information from computers that are not connected to the web, and smart hackers will not stop looking for such tricks. The newest such malware would let attackers steal information from supposedly secure computers with the help of the sound made by its fans and processor.
DON’T MISS: Leaked iPhone 7 photos point to intriguing new camera design
Researchers from the Ben Gurion University in Israel explained in a new paper that they would be able to retrieve data from an isolated computer that’s not connected to the internet and doesn’t have cameras or audio hardware in such a manner.
What they did was to control and listen to the speed of the computer’s fans and CPU, Motherboard explains. The information can be transmitted in Morse code up to eight meters, and a smartphone could pick up the signals and turn it into usable information.
Even so, to work, the malware has to be installed on the air-gapped computer. That would be done using a stick, or any other external storage device that would carry the virus. Once installed, it locates data on the machine and starts transmitting it by controlling the speed of the CPU and cooling fans. The acoustic waveforms would probably be ignored by the computer user, but a nearby listening device would pick it up and translate it for the attacker.
Because this is still morse code, hackers can’t really steal large amounts of data. Researchers expect speeds of 900 bits per hour which isn’t a lot. But it might be enough to get passwords and encrypted keys without leaving a trace.
Of course, this type of attack still needs two things to happen: 1) the malware needs to be installed on the air-gapped computer, and 2) the attackers need to be in the range of the hacked device to pick up the signal. But it’s more than clear that people are actively devising ways to compromise even the most secure computers.
The full paper on the matter is available at the source link.