Researchers at Ben Gurion University have published a paper regarding their experiments transmitting data from an air-gapped computer to a smartphone in the same room. They were able to inject malware into the computer that used the noise from the cooling fans in the computer to transmit binary data to a remote microphone.
From the research paper:
…we present Fansmitter, a malware that can acoustically exfiltrate data from airgapped computers, even when audio hardware and speakers are not present. Our method utilizes the noise emitted from the CPU and chassis fans which are present in virtually every computer today. We show that a software can regulate the internal fans’ speed in order to control the acoustic waveform emitted from a computer. Binary data can be modulated and transmitted over these audio signals to a remote microphone (e.g., on a nearby mobile phone). We present Fansmitter’s design considerations, including acoustic signature analysis, data modulation, and data transmission. We also evaluate the acoustic channel, present our results, and discuss countermeasures. Using our method we successfully transmitted data from air-gapped computer without audio hardware, to a smartphone receiver in the same room. We demonstrated the effective transmission of encryption keys and passwords from a distance of zero to eight meters, with bit rate of up to 900 bits/hour. We show that our method can also be used to leak data from different types of IT equipment, embedded systems, and IoT devices that have no audio hardware, but contain fans of various types and sizes.
The entire paper can be read here.
Additional articles:
Motherboard: Researchers Make Malware That Steals Data by Spinning Your Computer’s Fans
Sophos Naked Security: Can your computer fan be used to spy on you?
TechFrag: Fansmitter: A New Malware That Steals Data Through PC Fans