A team of Israeli researchers led by Mordechai Guri, the head of R&D at the Ben-Gurion University of the Negev, has unveiled a new method of exfiltrating data from air-gapped computers via fan vibrations. It’s the latest in a series of data-stealing tactics Guri and his team have demonstrated, all of them focused on methods of invisibly transmitting data from computers that are supposed to be isolated and completely secure.
This technique, dubbed AiR-ViBeR, uses data encoded in fan vibrations to allow a system to pass information to a hidden observer. Guri and his team specialize in side-channel attacks, defined as “any attack based on information gained from the implementation of a computer system, rather than weaknesses in the implemented algorithm itself.” Spectre and Meltdown are the two most famous side-channel attacks in tech history at this point, but side-channel attacks come in many guises and the laws of physics make them very difficult to prevent.
The reason it’s so difficult to stop side-channel attacks is that a CPU or GPU will draw different amounts of power, radiate different amounts of heat, and run their fans at different speeds depending on the workload being executed.
The research team writes:
In this paper, we introduce a new type of vibrational (seismic) covert channel. We observe that computers vibrate at a frequency correlated to the rotation speed of their internal fans. These inaudible vibrations affect the entire structure on which the computer is placed. Our method is based on malware’s capability of controlling the vibrations generated by a computer, by regulating its internal fan speeds. We show that the malware-generated covert vibrations can be sensed by nearby smartphones via the integrated, sensitive \textit{accelerometers}. Notably, the accelerometer sensors in smartphones can be accessed by any app without requiring the user permissions, which make this attack highly evasive. We implemented AiR-ViBeR, malware that encodes binary information, and modulate it over a low frequency vibrational carrier. The data is then decoded by malicious application on a smartphone placed on the same surface (e.g., on a desk).
This is the very essence of a side-channel attack. The malware in question doesn’t exfiltrate data by cracking encryption standards or breaking through a network firewall; instead, it encodes data in vibrations and transmits it to the accelerometer of a smartphone.
The speed of this exfiltration is anything but fast. The highest speed the researchers measured was half a bit a second of information. What makes the attack interesting is the fact that it can be effectively deployed against an air-gapped system via a method of transmission effectively invisible to human senses. The low-level vibrations that a smartphone accelerometer can detect are too small for a human for humans to sense.
This is also why side-channel attacks will always be possible. The only way to prevent a CPU’s power consumption from varying depending on workload would be to run the CPU in maximum power-consumption mode at all times. The only way to keep a system’s fans from varying would be to use static fan speeds for both CPU and GPU, dramatically increasing noise. The only way to prevent CPUs from varying their clocks would be to return to the old, pre-SpeedStep days when CPUs ran at one and only one frequency. Even if a company took these steps, there would undoubtedly be other means of exfiltrating information via variations in other subsystems.
These issues aren’t going to impact ordinary users, but they’re problems that administrators of serious air-gapped systems have to consider. Not every theoretical exfiltration threat is going to be worth responding to, but governments and certain corporations can’t afford to ignore the problem altogether.
Now Read:
- Security Disclosures on Theoretical Intel CPU Flaws Are Becoming Ridiculous
- Intel Proposes New Type of Memory to Fix Speculative Execution Flaws
- Modern CPUs Likely Permanently Haunted by Spectre Security Flaws
No comments:
Post a Comment