Sneaky, Elaborate Air-ViBeR Cyberattack Steals Computer Data Using Fan Vibrations

Computer Fan
Security researchers at a university in Isreal have developed a novel approach to covertly siphoning sensitive data from PCs. At its core, this is yet another malware scheme. But what makes this method somewhat unique is that it is transmits data from a target PC to a nearby smartphone (or other device) through fan vibrations. Say what?

Mordechai Guri from the Cyber Security Research Center at Ben-Gurion University of the Negev, Israel, outlined the cunning method dubbed 'AiR-ViBeR' in a whitepaper. This is essentially what's known as an air-gap vulnerability.

"Air-gap covert channels are special types of covert communication channels that enable attackers to exfiltrate data from isolated, network-less computers. Various types of air-gap covert channels have been demonstrated over the years, including electromagnetic, magnetic, acoustic, optical, and thermal," Guri explains in his paper.

According to he and his team's research, internal fans cause PCs to vibrate at different frequencies, depending on the rotational speed of the spinning blades. For the most part, these subtle vibrations go unnoticed by the human ear. However, these vibrations get transmitted to the surface the PC is on, like a table or desktop, and can be picked up a device on the same surface, or an adjacent one.

Here's a video demonstration of the attack method...

This is not your everyday type of cyber espionage. It is a bit of an elaborate scheme, as an attacker would have to infect a target PC, but then also the target's smartphone, and hope it gets placed on the same surface as the computer. The malicious app on the smartphone is tasked with deciphering the vibration data. Alternatively, we suppose a local attacker could infect their own smartphone and plop it on the same surface.

The key to all this is that modern smartphones have accelerometers built into them.

"Notably, the accelerometer sensors in smartphones can be accessed by any app without requiring the user permissions, which make this attack highly evasive. We implemented AiR-ViBeR, malware that encodes binary information, and modulate it over a low frequency vibrational carrier," Guri explains.

The paper goes into extensive detail on the subject and breaks down the what kinds of PC fans are most vulnerable (chassis and CPU). There's also some fancy math involved. But is this method feasible? We have our doubts. It's certainly not something the average user needs to worry about, though businesses and other high-value targets may want to take note of this.

That said, siphoning data from air-gapped computers is not a new concept. The same researcher also demonstrated how data can be stolen from an infected PC by decoding invisible changes in screen brightness, as shown above.

Like most attacks, this would probably begin with a phishing campaign. So in that regard, the best protection against even the most elaborate malware schemes (this one included) is still to practice sensible computing habits.