Exfiltrating data from air-gapped computers via ViBrAtIoNs

Air-gap covert channels are special types of covert communication channels that enable attackers to exfiltrate data from isolated, network-less computers. Various types of air-gap covert channels have been demonstrated over the years, including electromagnetic, magnetic, acoustic, optical, and thermal. In this paper, we introduce a new type of vibrational (seismic) covert channel. We observe that computers vibrate at a frequency correlated to the rotation speed of their internal fans. These inaudible vibrations affect the entire structure on which the computer is placed. Our method is based on malware's capability of controlling the vibrations generated by a computer, by regulating its internal fan speeds. We show that the malware-generated covert vibrations can be sensed by nearby smartphones via the integrated, sensitive accelerometers. Notably, the accelerometer sensors in smartphones can be accessed by any app without requiring the user permissions, which make this attack highly evasive. We implemented AiR-ViBeR, malware that encodes binary information, and modulate it over a low frequency vibrational carrier. The data is then decoded by malicious application on a smartphone placed on the same surface of the air-gapped computer (e.g., on a desk). We discuss the attack model, provide technical background, and present the implementation details and evaluation results. Our results show that using AiR-ViBeR, data can be exfiltrated from air-gapped computer to a nearby smartphone on the same table, or even an adjacent table, via vibrations. Finally, we propose a set of countermeasures for this new type of attack. (C) 2021 Elsevier B.V. All rights reserved.