It is possible to steal data from a computer using the noise emitted by its fans to transmit data.
It is no secret researchers have been able to silently cull data from isolated devices using optic, thermal, electromagnetic and acoustic covert channels. Researchers showed they could purloin data using a computer’s internal or external speakers. As a result, for security reasons, companies working in “highly sensitive” areas did not allow computers to have the components.
But even that didn’t stop the potential to steal information as researchers from Ben-Gurion University of the Negev found a new acoustic data exfiltration attack that doesn’t rely on speakers. Instead, they just use the noise emitted by a computer’s fans to transmit data. They call the attack Fansmitter.
Here is how it works: A piece of malware installed on the targeted air-gapped computer can use the device’s fans to send bits of data to a nearby mobile phone or a different computer equipped with a microphone.
Several types of fans can be used for the task, but CPU and chassis fans are the perfect target because they can be monitored and controlled using widely available software.
The frequency and the strength of the acoustic noise emitted by fans depends on revolutions per minute (RPM), according to a paper written by Mordechai Guri, Yosef Solewicz, Andrey Daidakulov, and Yuval Elovici.
Attackers can control the fan to rotate at a certain speed to transmit a “0” bit and a different speed to transmit a “1” bit.
The noise is in the 100-600 Hz range, which a human ear can detect, but the researches said attackers could use several methods to avoid raising suspicion. For instance, they can program the malware to transmit data during hours when no one is in the room (e.g. at night). They can also use low or close frequencies, which are less noticeable.
Researchers have conducted experiments using a regular Dell desktop computer with CPU and chassis fans, and a Samsung Galaxy S4 smartphone with a standard microphone to capture the exfiltrated data.
The testing environment was a computer lab with several other workstations, switches and an air conditioning system, all of which produced background noise.
The experiment showed attackers can transmit 3 bits per minute using low frequencies (1000 RPM for “0” and 1600 RPM for “1”) over a distance of one meter. This means it would take three minutes to transmit 1 byte of data (e.g. one character of a password).
The transfer rate is much better at higher frequencies. For instance, at 4000 – 4250 RPM, experts transferred 15 bits per minute over a one-meter distance. At 2000-2500 RPM, they obtained 10 bits per minute over a four-meter distance, and the same transfer rate can also be obtained over a distance of eight meters if the frequency increases.
“Using Fansmitter, attackers can successfully exfiltrate passwords and encryption keys from a speakerless air-gapped computer to a mobile phone in the same room from various distances,” researchers said in their paper. “We demonstrated the effective transmission of encryption keys and passwords from a distance of zero to eight meters, with bit rate of up to 900 bits/hour. We show that our method can also be used to leak data from different types of IT equipment, embedded systems, and IoT devices that have no audio hardware, but contain fans of various types and sizes.”
Discreet, non-obtrusive surveillance cameras are ideal where there is limited space or when it is important that subjects not be aware anyone is watching.
To meet this growing need, Toshiba released its IKS-WD6123 3-megapixel micro-dome IP camera that provides a cost-effective surveillance solution for discreet indoor installations that require superior picture quality at minimal bandwidth.
With a profile height of only two inches, the IKS-WD6123’s design makes it difficult for people to see which direction the camera is pointing, if they notice it at all. The low profile also makes the camera very simple to install and setup. It features 3-axis angle adjustment that enables mounting on walls or ceilings while allowing the factory-focused 2.3mm fixed lens to maintain a level image.
PoE connectivity, edge storage and ONVIF Profile S compliance ensures trouble-free, versatile system integration, even in tight, difficult-to-reach locations.
The IKS-WD6123 provides a wide viewing angle of 125° so a single camera can deliver complete coverage of a large room, such as a retail outlet or hotel lobby, letting security professional observe either side of the camera without blind spots. Quad individually configurable video streams in H.264 or MJPEG compression allow different areas of a scene to be simultaneously viewed or recorded at resolutions as high as 2048 x 1536 by a single camera to help minimize bit rate and storage needs.
For improved visibility in variable lighting conditions the IKS-WD6123 boasts electronic day/night imaging, True Wide Dynamic Range and a minimum illumination range down to 0.01 lux. Its price point and ability to reduce storage and bandwidth requirements without sacrificing image details qualifies it as an excellent choice for manufacturing, retail, hotel, educational, office and casino applications.
The Indian Point 2 nuclear reactor returned to service late Thursday following a more-than-three-month shutdown while workers repaired nearly 300 cracked or deteriorated bolts.
Indian Point Unit 2 in Buchanan, NY, began sending electricity to the grid serving Westchester County and New York City Thursday night after the Nuclear Regulatory Commission (NRC) signed off on repairs performed by workers for Entergy, the Louisiana-based owner of the plant.
“Nearly 2,000 professionals, including 1,000 specialist contractors, performed hundreds of activities that can occur only while the unit was shut down,” said Larry Coyle, the top-ranking Entergy official at Indian Point. “More than 900,000 person-hours of work were performed over the last three months to prepare Indian Point for continuous, safe operations well into the future.”
Entergy initially planned to reopen the reactor in time for summer, when demands for electricity would be greatest.
Entergy engineers replaced 278 bolts, many of which federal safety regulators in March determined were either cracked or degraded. The discovery occurred during the reactor’s planned refueling outage, a labor-intensive task performed every two years at a cost of $120 million.
The bolt repairs and other safety-related enhancements added two months to the reactor’s scheduled reopening. The company said it also upgraded certain equipment on the plants’ cooling systems to provide an extra layer of safety.
“The levels of back-up safety protections now installed at Indian Point are unprecedented and, while unlikely ever to be needed, they make the facility safer than ever,” Coyle said.
Unit 2 set a record by being in operation 627 days in a row before the March refueling. Indian Point’s other reactor, Unit 3, has been providing electricity continuously for six months.
In a federal court challenge, anti-nuclear group “Friends of the Earth” opposed the NRC’s decision to allow Entergy to restart the reactor.
On Thursday, a panel of federal appeals court judges gave the NRC until Tuesday to respond to the group’s latest challenge, according to its lawyers. The panel turned down the group’s emergency request to shut down the reactor while the legal action is pending.
“The regulator’s response so far to this increased risk of public health and safety is to allow Entergy, the licensee and regulated party, free rein to decide whether and to what extent it should analyze the cause of the failure, and to determine when, in Entergy’s opinion, Unit 2 is safe to restart,” the group’s lawyers wrote in court papers filed this week in the U.S. Court of Appeals in Washington, D.C.
Entergy spokesman Jerry Nappi said the company wasn’t surprised by Friends of the Earth’s petition and defended the company’s safety record.
“Rigorous technical analysis conducted by Entergy and outside engineering experts demonstrates Unit 2 and Unit 3 can continue to operate safely,” Nappi said. “Highly qualified experts at the NRC are fully aware of this analysis, and Entergy is proceeding according to NRC process and under the watchful eye of this regulator. NRC monitors our performance in this and other areas to ensure the plant is safe now and on an ongoing basis.”
Gov. Andrew Cuomo has called for the shutdown of Indian Point, citing the potential danger to nearby residents in the event of a nuclear mishap.
GitHub went into password reset mode for all users affected by a series of automated login attempts the company discovered last week.
While it did not suffer a hack attack, it appears someone used credentials leaked during recent mega breaches to access GitHub user accounts.
“This appears to be the result of an attacker using lists of email addresses and passwords from other online services that have been compromised in the past, and trying them on GitHub accounts,” GitHub’s Shawn Davenport said in a blog post.
The good news is GitHub’s engineers detected the attack immediately after it happened, last Tuesday night.
A subsequent investigation revealed a third-party was testing a large number of usernames and passwords. GitHub said the attackers did gain access to some accounts.
For all affected accounts, GitHub said it started sending password reset notifications. The company is also urging users to take a look at their password’s complexity level, and optionally enable two-factor authentication for their accounts.
Why would someone try to access GitHub accounts first, and not social media profiles? The answer is that some GitHub users have access to private repos.
These private repos host the source code of enterprise software, which in some cases may end up used for crucial infrastructure.
Companies like Netflix and Facebook beat GitHub to the punch by acquiring some of the data leaked during recent mega breaches and starting a preemptive password reset for all exposed users.
Some of the companies that suffered massive data leaks include LinkedIn (117 million credentials), Myspace (360 million credentials), Tumblr (65 million credentials), VK (100 million credentials), Fling.com (40 million credentials), and most recently, iMesh (51 million credentials) and VerticalScope (45 million credentials).
Operations at a Harlan County, KY, coal mine partially shut down last week after sediment leaked into a creek.
Revelation Energy ended up cited in connection to the leak and ordered mine operations on one of the company’s permits to stop until the problem is corrected, said officials at the Kentucky Department for Natural Resources.
The sediment spill affected creek waters near California Hollow in the Coldiron, KY, community.
The Department for Natural Resources issued a notice of non-compliance to Revelation Energy for violations including water quality, method of operation and sediment control.
All mining activity on Permit 8480346 stops until the ponds that leaked the sediment end up fixed and comply with department standards.
“There’s a mine pit that’s associated with this surface mining operation,” said Linda Potter with the Kentucky Department for Natural Resources. “Basically an undisturbed berm was breached. That means some of the water was allowed to drain from the mining pit that went into the creek and it didn’t necessarily go through our approved sediment control structures.”
State officials tested the water Tuesday to see if it contains unsafe levels of minerals due to the spill. They hope to have the results of those tests shortly.
Potter said, as of Wednesday night, she was not aware of any fish or wildlife that died because of the sediment leak.
No one company is immune to an attack and no one knows that better than Microsoft. So, when a giant spam flood was able to bypass Microsoft’s Outlook and Hotmail spam filters resulting in a plethora of unwanted advertisements, the software giant was nimble enough to quickly fix the issue.
It all started on the night between May 31 and June 1 and slowly escalated until it reached its peak. Then Microsoft jumped into action.
Angry users flocked to show their annoyance on Reddit and Twitter, and Microsoft started an incident response event on the company’s Office 365 Server Status page to investigate the issues.
The problems went on for around 17 hours according to users. As expected, annoyed users posted messages of frustration on social media, ensuring Microsoft and their friends and followers knew of the problems.
After a few hours, the company did find something wrong and applied a quick patch to mitigate the spam problem and later during the day applied a permanent fix to address the issue for good.
“One will provide short term relief preventing spam reaching your inbox,” Microsoft officials said. “The second will be a longer term fix which should stop spam reaching our infrastructure,” the company explained.
Microsoft’s status page today showed everything is up to normal now and running correctly.
More than 60,000 people remained in the dark in several New York counties Thursday night after a fire erupted at NYSEG substation.
About 61,000 people lost power in Dutchess, Putnam, Sullivan and Westchester counties before 10 p.m. Most of the outages were in Putnam, with nearly 38,000 residents without power.
Power ended up restored around 1 a.m. Friday for most residents, according to NYSEG’s Twitter feed.
NYSEG said on Twitter “a fire at the Carmel substation disrupted the feed to several other stations and parts of our transmission system.”
The company estimated all power ended up restored between 1 and 3 a.m. Friday.
HazMat teams responded to an ammonia leak at the Tyson Foods in New Holland, PA, Monday.
The leak ended up reported to fire officials around 1 a.m. Monday by two security personnel, who smelled the gas, said Larry Martin, Garden Spot Fire Rescue chief.
A “pretty good vapor cloud” was hovering above the building when fire crews arrived, Martin said. “We immediately held our crews, stabilized the area and called HazMat.”
In a normal environment, night-shift employees would have been in the building early Monday morning.
“Fortunately (Tyson Foods) had been closed and were planning on being closed today,” Martin said.
Ammonia sees use in Tyson’s refrigeration system. HazMat teams controlled the leak by shutting off the supply. The building then ended up ventilated. Weather conditions helped keep the situation from worsening, Martin said.
“The weather held the vapor cloud over the building. The wind direction was good for us, so it didn’t get to residences.”
HazMat and fire crews turned over the issue to Tyson Foods by 5:30 a.m., officials said.
A three-alarm fire at a west Champaign, IL, foundry that burned overnight Friday into Saturday remains under investigation.
No cause, origin or damage estimate is yet available, fire officials said Saturday morning.
Firefighters from the Champaign, Urbana and Savoy fire departments battled the blaze.
The fire at Alloy Engineering & Casting Co., a division of WIRCO, ended up initially reported at 8:48 p.m., and upgraded to a two-alarm fire around 9:23 p.m., when firefighters got the order to evacuate the building. Officials upgraded it to a three-alarm blaze 16 minutes later.
The building houses Alloy Engineering & Casting Company, a foundry that produces heat-, corrosion- and wear-resistant castings. It was purchased by Wirco Inc. in August 2005.
Firefighters had the fire out by around 2:15 a.m. Saturday. There were no injuries in the incident.
Fire officials closed Mattis Avenue from Glenn Park Drive north to the railroad tracks Friday night. Residents of the area were allowed to stay in their homes. No injuries to firefighters or civilians were reported.
The Alloy foundry was also the site of a small fire the morning of May 27, 2011. In that instance, Champaign firefighters quickly controlled the fire that resulted when a hot casting came into contact with a machine’s rubber lining.