A team of security researchers from the Ben-Gurion University’s Cyber Security Research Center in Israel came up with an innovative new way to steal data from an air-gapped machine. The technique requires the installation of a piece of software, dubbed "Fansmitter" on the air-gapped machine. Once this is accomplished, the software can control the CPU and chassis fans to encode binary data in the acoustic waveform of the computer's fans.
A nearby microphone can record and decode this audio data at a distance of up to eight meters. But while it's a very ingenious method, it's a very slow way to steal data as the bit rate is limited to just 900 bits per hour. That's enough to steal passwords, keys and some basic text documents, but nothing more.
“Using our method we successfully transmitted data from [an] air-gapped computer without audio hardware, to a smartphone receiver in the same room,” the research paper reads. “We demonstrated the effective transmission of encryption keys and passwords from a distance of zero to eight meters, with [a] bit rate of up to 900 bits/hour. We show that our method can also be used to leak data from different types of IT equipment, embedded systems, and IoT devices that have no audio hardware, but contain fans of various types and sizes.”
It's not something that's going to be used by the typical cyber criminal, but it opens up a window at how high-level espionage could steal data from secure facilities.