New “Air-ViBeR” Attack Strategy Targets Air-gapped Systems

Researchers have found another attack strategy targeting air-gapped systems. Dubbed as Air-ViBeR attack, this technique makes use of PC vibrations to steal data.

Air-ViBeR Attack Stealing Data

Researchers from the Ben-Gurion University of the Negev, Israel, have devised another attack method targeting air-gapped systems. This strategy, termed as Air-ViBeR attack, leverages PC vibrations due to the fans to steal information.

Briefly, they set up a malware dubbed ‘Air-ViBeR’ that can control the speed of a PC’s internal fans. They could then sense these malware-generated vibrations via smartphone’s accelerometers. Being a device sensor, any app can access the accelerometer without user permissions. Hence, an adversary can record all the vibrations via a malicious app installed on a smartphone placed on the same surface as that of the target air-gapped system. Consequently, this will allow the attacker to exfiltrate sensitive data from the target systems.

In a real-world scenario, an attacker merely has to infect the smartphone of an individual who would deal with the target sir-gapped system. Without being present to the proximity of the device, the attacker can steal the information.

Most modern smartphones have accelerometer sensors installed. Accessing this sensor requires no explicit user permissions on both iOS and Android. Any app installed on the phone or even JavaScript code from the web browser can access these sensors. All these factors expand the feasibility of the attack.

Details about Air-ViBeR are available in the researchers’ white paper. See the following video how the attack would take place on an air-gapped system.

Air-ViBeR Is ‘Smart’ But Not ‘Fast’

Although, this innovative attack method bears great potential to attack a target system successfully. The biggest limitation of this attack is its speed. According to researchers,

in a typical workplace scenario… data can be exfiltrated at a speed of half a bit per second via the covert vibrations.

This makes the attack presently unfeasible for an adversary unless the attacker is patient enough to wait for the information. This is even slower than the BRIGHTNESS attack which demonstrated a data transfer rate of 5-10 bps.

The researchers have also suggested some other countermeasures with their flaws (listed in the below table).

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients