Researchers have found another attack strategy targeting air-gapped systems. Dubbed as Air-ViBeR attack, this technique makes use of PC vibrations to steal data.
Air-ViBeR Attack Stealing Data
Researchers from the Ben-Gurion University of the Negev, Israel, have devised another attack method targeting air-gapped systems. This strategy, termed as Air-ViBeR attack, leverages PC vibrations due to the fans to steal information.
Briefly, they set up a malware dubbed ‘Air-ViBeR’ that can control the speed of a PC’s internal fans. They could then sense these malware-generated vibrations via smartphone’s accelerometers. Being a device sensor, any app can access the accelerometer without user permissions. Hence, an adversary can record all the vibrations via a malicious app installed on a smartphone placed on the same surface as that of the target air-gapped system. Consequently, this will allow the attacker to exfiltrate sensitive data from the target systems.
In a real-world scenario, an attacker merely has to infect the smartphone of an individual who would deal with the target sir-gapped system. Without being present to the proximity of the device, the attacker can steal the information.
Most modern smartphones have accelerometer sensors installed. Accessing this sensor requires no explicit user permissions on both iOS and Android. Any app installed on the phone or even JavaScript code from the web browser can access these sensors. All these factors expand the feasibility of the attack.
Details about Air-ViBeR are available in the researchers’ white paper. See the following video how the attack would ..
Support the originator by clicking the read the rest link below.
