Fansmitter: malware that exfiltrates data from airgapped computers by varying the sound of their fans

[Read the post]

Once again digital security is much like door locks. It just keeps honest people honest and slows down the criminals. Otherwise this would be a great or thing to be used in Little Brother 3.


Though this attack could be defeated by installing software to detect fan-fluctuation, this software will be finicky and throw many false positives, and Fansmitter is only one of many methods for extracting data from airgapped systems.

Or you could just not control the fans through software in the first place - you can already buy direct fan controllers for gaming rigs to control boatloads of fans, just stick one of them in your airgapped machine and run all the fans off of that.

Airgapping isn’t useless because there are ways around it, it increases the expense to attack a machine. For this to work you need the airgapped target machine to have software controllable fans (which many won’t after this publication), you need a compromised device nearby to receive data, and you need to get the malware on the machine in the first place. And while there are other sidechannels that could be used, the requirement to use those on top of already having to breach the airgap decreases the number of attackers who are willing or able to do so.


So that we’re all clear, you do realize this requires an earlier malware infection? I know Clancy mentioned it but just making it super clear.

It’s a fascinating look at ‘ways to get information out of a computer surreptitiously’ but the headlines on this are hilariously wrong.


They were all kinds of wrong about the earlier BadBIOS project that likely contributed to the idea for this one too - “Researchers say your BIOS can be infected through sound!1!!!11”

Or you could just not control the fans through software in the first place

Or even easier: Just use fanless passively cooled PCs* :wink:

But going back on topic a bit, these threats are absolutely minuscule. For they rely on physically isolated PCs also being pre-infected for these methods to work in the first place.

*Okay nerding out a bit here, could these methods be refined to use coil/capacitor whine from the power regulation circuits? That’d even work on solid-state systems

based on the sounds, my refrigerator has desperately been trying to communicate for some time.


Yes, since those tend to leak enough data to compromise certain bits of information anyway (e.g. PKA attacks), although I don’t think there’s been any attacks that can use random computers and phones nearby as receivers, so physical security would be a bit more effective.

This topic was automatically closed after 5 days. New replies are no longer allowed.