Air-gapped systems are generally more secure than the alternatives since they’re isolated from the internet and sometimes, other computers, but they have never been completely impenetrable. A group of Israeli researchers have discovered a new way to compromise them by using malware and the machine’s fans, according to ZDNet. It turns out a compromised machine's vibrations can be encoded with its data which can then be transferred to a smartphone on the same surface by means of the phone's accelerometer.
How it works — This attack, dubbed AiR-ViBeR, uses malware that can be transmitted over low frequencies. It uses the vibrations of the CPU, GPU, or PC chassis fans to encode data, which can be picked up and decoded by a smartphone. The smartphone merely needs to be positioned to pick up the vibrations, which could be as simple as putting it on the desk next to the PC.
Mordechai Guri, the head of R&D at the Ben-Gurion University of the Negev in Israel is behind the malware and has contributed extensively to research regarding air-gapped system security. Air-gapped systems are known to be vulnerable to electromagnetic, magnetic, acoustic, thermal, and optical attacks, and Guri is linked to much of the research on these vulnerabilities.
One catch, though: It’s really slow — While we’re more cautious about certain data permissions, when’s the last time you even thought about what your phone’s accelerometer was up to? It’s easy to see how an attack like this could take place assuming, of course, the perpetrator could get physically near enough to the machine in question, but there's a saving grace: the current data exfiltration rate is abysmally slow.
The method can only move half a bit of data per second, meaning it’d take more than two weeks to get an original floppy disk’s worth of data. That’s a long time for a strange phone to lie around a high-security area without anyone noticing it. Nonetheless, it's a great plot device for a spy novel or film, and a reminder that however secure you think something is, there's probably a way around it.