[论文解读] Fansmitter: Acoustic Data Exfiltration from (Speakerless) Air-Gapped Computers
Fansmitter 是一种恶意软件,通过控制 CPU 和机箱风扇转速生成的声学信号,从空气隔离计算机中窃取数据,即使在没有音频硬件的情况下也能实现。作者成功展示了通过智能手机作为接收器,在长达八米的距离内以每小时最高 900 比特的速率传输敏感数据(如加密密钥和密码)。
Because computers may contain or interact with sensitive information, they are often air-gapped and in this way kept isolated and disconnected from the Internet. In recent years the ability of malware to communicate over an air-gap by transmitting sonic and ultrasonic signals from a computer speaker to a nearby receiver has been shown. In order to eliminate such acoustic channels, current best practice recommends the elimination of speakers (internal or external) in secure computers, thereby creating a so-called 'audio-gap'. In this paper, we present Fansmitter, a malware that can acoustically exfiltrate data from air-gapped computers, even when audio hardware and speakers are not present. Our method utilizes the noise emitted from the CPU and chassis fans which are present in virtually every computer today. We show that a software can regulate the internal fans' speed in order to control the acoustic waveform emitted from a computer. Binary data can be modulated and transmitted over these audio signals to a remote microphone (e.g., on a nearby mobile phone). We present Fansmitter's design considerations, including acoustic signature analysis, data modulation, and data transmission. We also evaluate the acoustic channel, present our results, and discuss countermeasures. Using our method we successfully transmitted data from air-gapped computer without audio hardware, to a smartphone receiver in the same room. We demonstrated the effective transmission of encryption keys and passwords from a distance of zero to eight meters, with bit rate of up to 900 bits/hour. We show that our method can also be used to leak data from different types of IT equipment, embedded systems, and IoT devices that have no audio hardware, but contain fans of various types and sizes.
研究动机与目标
- 探究空气隔离计算机中的风扇噪声是否可被利用进行隐蔽数据外泄。
- 开发一种恶意软件技术,通过调节风扇转速生成可听及超声波信号以实现数据传输。
- 评估在缺乏音频硬件(如安全计算机和物联网设备)的系统中,外泄敏感数据的可行性。
- 证明即使存在“音频缺口”(即扬声器被移除)的情况下,数据仍可通过声学方式泄露。
- 探索针对空气隔离环境中此类声学侧信道攻击的防护措施。
提出的方法
- 恶意软件通过控制 CPU 和机箱风扇的转速,调节所产生的噪声的频率和振幅。
- 使用频移键控(FSK)调制技术将二进制数据编码到风扇生成的声学信号上。
- 远程麦克风(如智能手机)捕获声学信号并解码传输的数据。
- 分析不同风扇类型的声学特征,以优化信噪比和传输可靠性。
- 该方法设计用于适配标准计算机、嵌入式系统和物联网设备中常见的各种风扇类型和尺寸。
- 在真实环境中测试传输效果,包括不同距离(0–8 米)和环境噪声水平。
实验结果
研究问题
- RQ1空气隔离计算机的风扇噪声是否可被调制以携带外泄数据?
- RQ2在缺乏音频硬件的情况下,仅依靠风扇生成的声学信号是否可实现可靠的数据传输?
- RQ3使用基于风扇的声学外泄技术可实现的最大数据速率是多少?
- RQ4环境噪声和距离如何影响基于风扇的数据外泄的可靠性?
- RQ5该方法是否可广泛应用于缺乏音频硬件的各类设备,包括嵌入式系统和物联网设备?
主要发现
- Fansmitter 仅利用风扇噪声作为传输介质,成功从未配备音频硬件的空气隔离计算机中外泄数据。
- 该方法在 0 至 8 米的距离内实现了最高每小时 900 比特的数据传输速率。
- 该技术在多种风扇类型和尺寸中均有效,证明其在标准 IT 设备和物联网设备中具有广泛适用性。
- 成功使用智能手机作为远程接收器完成数据外泄演示,证实了其在真实场景中的可行性。
- 在受控条件下,声学信道足够稳定,可传输加密密钥和密码等敏感信息。
- 本研究证实,即使存在“音频缺口”(即扬声器被移除),声学侧信道风险依然存在,因为风扇仍可作为非预期的发射器。
更好的研究,从现在开始
从论文设计到论文写作,大幅缩短您的研究时间。
无需绑定信用卡
本解读由 AI 生成,并经人工编辑审核。