Home / News, Videos & Publications / News / Homeland & Cyber Security /

Stealing Data With Your Computer’s Fan

Stealing Data With Your Computer’s Fan

June 29, 2016

Homeland & Cyber Security

Wired — BGU cyber security researcher Dr. Mordechai Guri has performed impressive feats of hacking before, including breaking into highly secure air-gapped computers. His latest achievement, however, goes even further, as Guri and his team have found a way to steal data using nothing more than a computer’s cooling fan.

Although the technique can only be used to steal a limited amount of data, it’s sufficient to siphon encryption keys and lists of usernames and passwords.

mordechai-guri

Mordechai Guri

“We found that if we use two fans concurrently, the CPU and chassis fans, we can double the transmission rates,” says Guri, who conducted the research with colleagues Dr. Yosef Solewicz, Andrey Daidakulov, and Prof. Yuval Elovici, of BGU’s Cyber Security Research Center.

“We are working on more techniques to accelerate it and make it much faster,” Guri continues.

The researchers’ methodology involves using sound waves to steal data. Many high-security environments require that external and internal speakers on systems be removed to create an “audio gap,” but by using the sound produced by a computer’s cooling fans even this security measure can be bypassed.

“The human ear can barely notice this noise,” Guri says.

That data could be stolen from something as innocuous as a computer fan seems disconcerting, but in calling attention to these weaknesses in computer security, Guri and his team are paving the way to fixing them.

“We are trying to challenge this assumption that air-gapped systems [computers that are not linked to each other or to the internet] are secure,” Guri says.

Read more on the Wired website >>

Watch a video demonstrating this research >>