And the team is still not finished. In recent studies, the team was able to find yet another cyber-attack method to undermine these air-gapped systems – by using the sound waves emitted from the cooling fans nested within the computers. However, while this method can be used, it is limited by the amount of data in which can be extracted from these sound waves.
This type of attack can also extract small amounts of keylogging histories from just over twelve feet away. The security team who provided the technical details of this attack in a paper, claimed that they were able to siphon the encryption keys, as well as the passwords at a surprising rate of 15-20 bits per minute. They are also working on a method to accelerate this data extraction process.
“We found that if we use two fans concurrently [in the same machine], the CPU and chassis fans, we can double the transmission rates,” stated Guri, the lead researcher of the security team. “And we are working on more techniques to accelerate it and make it much faster.”
Normally, fans can operate between a few hundred RPMs to a few thousand RPMs. This helps to prevent workers from noticing noise fluctuations coming from the fans. In this case, an attacker can make use of the lower frequencies to extract the data, or otherwise use what is known as the close frequencies. These frequencies differ by only 100hz and are barely heard by the human ear. However, on the receiver side, this is a more sensitive approach that can pick up on the fan’s signals from a specific computer, even if other noises, such as music and people talking, are present in the room.
This type of attack can also work on several infected machines transmitting at once. According to Guri, the receiver can distinguish the signals that come from the fans within several infected computers, simultaneously.