Jump to content

Recommended Posts

Because there's new Malware that can transmit data from a non-networked computer by modulating fan speeds and having them be picked up by a nearby microphone, why not introduce a driver-level mechanism that adds random noise to the signal that controls fan  speed? So far the only concern I have received from my colleagues is that it could reduce the life of a fan, but most modern fans are PWM-based (meaning that they are already based on this type of signal) and built to be extremely mechanically reliable. To alleviate such longevity concerns, it could do only a small degree of signal randomization for normal operation, and reserve higher degrees of randomization for when a computer shows signs of being infected or during a scan.

Link to post
Share on other sites
  • Staff

Given the fact that such threats are only hypothetical and so far have only been developed as POC's, combined with the fact that it requires A) physical access to the air-gaped computer to infect it with this threat in the first place and B) access to the site where the computer is located to place a malicious listening/transmitting device to retrieve the data, the probability of a successful attack of this type is not only extremely low, it would also be far easier at that point for an attacker to simply copy and physically take whatever data they wanted from the air-gaped device (since they'd need physical, full administrative/root level access to install the malware onto the system in the first place, as well as physical access to the location to place the listening device within recording range of it) so I think the Devs time would be better spent on more realistic attack vectors.

If I were an attacker planning to exfiltrate data from such a device and I had the means to pull off this attack, I'd simply attach a data hijacking device that connects to the internet through any internet connected device(s) in range via bluetooth and/or wi-fi (such devices do exist already) that way the data would get to me much more quickly and I wouldn't have to worry about some hidden cell phone or other listening/recording device being discovered by my victims.

Link to post
Share on other sites

Well, if such a malware does make it into the wild, it could probably get onto a computer that has an internet connection (such as a laptop on a public network), but not be able to send outgoing communications through the firewall. Then it would hypothetically try to use fan noise instead, and at a public location there could be not one, but several microphones to pick up the signal... especially on devices which are also infected with a companion malware to transmit the received information. Again, still hypothetical, but it wouldn't hurt to be prepared in the event such a malware does make it into the wild, because there's more than one situation in which it could actually pose a threat.

Link to post
Share on other sites
  • Staff

No, any malware that has kernel level access (which would be required to alter/modulate the fans) would have full access to bypass or even disable the firewall completely.  Once malware is in deep enough to access hardware it's game over at that point and they can do pretty much whatever they want.

And again, the probability that any attacker would to to these lengths to pull off something that could be accomplished in a much simpler way is extremely unlikely and to my knowledge, even though this type of attack has been known and documented for over 2 years it has never once been seen in the wild.  On the other hand, the only possibility for such a threat to be used would be in an extremely secured environment such as a govt/military facility etc., and that's on a whole other level from consumer security (and the tools and services provided to them by security vendors, including Malwarebytes, are very different to accommodate such needs).

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.