Advertisement
Tech

Hackers can steal passwords and encryption keys by listening to your PC

If you can listen well enough, many computers will give up their secrets.

Photo of Patrick Howell O'Neill

Patrick Howell O'Neill

Article Lead Image

The next time the FBI spends weeks trying to break into an encrypted computer, they ought to ask one (strange) question first: Are they listening to what the computer has to say?

Featured Video

Israeli researchers have created “Fansmitter,” a new piece of malware that can steal data from a computer by using the noise created by cooling systems and the CPU—systems virtually all computers have.

If hackers can get close enough, it doesn’t matter if the target machine is “air-gapped”—kept off the internet for protection against hackers—or “audio-gapped” so that there are no speakers, which can also be used to breach the machine.

Fansmitter successfully stole passwords and encryption keys from a speakerless air-gapped desktop computer, the researchers showed. And it applies to other audioless devices with cooling fans “such as printers, control systems, embedded devices, [internet of things] devices, and more.”

Advertisement

Fansmitter “can regulate the internal fans’ speed in order to control the acoustic waveform emitted from a computer,” the researchers wrote. A nearby smartphone microphone, placed up to eight meters away, can then pick up the binary data being audibly transmitted.

If you can listen well enough, many computers will give up their secrets.

 

Advertisement

This method, though novel and potent, can be protected against. Sensitive computers can be kept in restricted areas, the researchers note, that ban smartphones, microphones, and other electronic equipment. A costly noise-blocking chassis is also an option, as is a different type of cooling system.But none of those countermeasures impact most PCs today, leaving many of them blabbering on just loudly enough to give up our secrets.

H/T ExtremeTech

 
The Daily Dot