Pity the weary sysadmin who's just finished silencing the loudspeakers in the company's computers to keep data behind the air gap: processor fans can also be used to whisper your secrets.
Israeli white-hat Mordechai Guri, who last year fiddled with firmware to transmit crypto keys from computers to feature phones on GSM frequencies, says fan speed can be modulated, creating an audio channel for data leakage.
As in his previous work, an attacker needs to be able to infect the target to plant the badware that gathers (for example) passwords from the keyboards and put that data into a modulated fan signal.
It's also a very slow channel: Guri's paper describing Fansmitter says the trick's been tested over distances of up to 8 metres, at a snail's-pace 900 bits per hour. Still: if all you want is someone's passwords, that's more than sufficient.
An ordinary smartphone has a good enough microphone to receive the data, he reckons.
Data can be modulated on either the amplitude (loudness) of the fan, or on its frequency, he writes, with the attacker choosing which is better based on the environment and how much is known about the target machine.
While he tested Fansmitter on a Dell OptiPlex desktop, Guri reckons the approach is usable on anything with a fan.
Guri's collaborators in the project were Yosef Solewicz, Andrey Daidakulov, and Yuval Elovici.
So: if you're handling really sensitive data behind the air-gap, it's a good idea to keep microphones away. ®