Data Exfiltrators Send Info Over PCs' Power Supply Cables

From a report on The Register: If you want your computer to be really secure, disconnect its power cable. So says Mordechai Guri and his team of side-channel sleuths at the Ben-Gurion University of the Negev. The crew have penned a paper titled PowerHammer: Exfiltrating Data from Air-Gapped Computers through Power Lines that explains how attackers could install malware that regulates CPU utilisation and creates fluctuations in the current flow that could modulate and encode data. The variations would be "propagated through the power lines" to the outside world.

Depending on the attacker's approach, data could be exfiltrated at between 10 and 1,000 bits-per-second. The higher speed would work if attackers can get at the cable connected to the computer's power supply. The slower speed works if attackers can only access a building's electrical services panel. The PowerHammer malware spikes the CPU utilisation by choosing cores that aren't currently in use by user operations (to make it less noticeable). Guri and his pals use frequency shift keying to encode data onto the line.

good luck getting past the UPS

Double-conversion UPS... the data stops there. There's your firewall.

Re:good luck getting past the UPS

[gweihir]

May not be enough if they use spikes for that transmission. You would probably need to filter and shield far more carefully than an UPS does.

The whole thing is a worthless stunt anyways: Instead of breaking into the house and tapping the power-line, just open one more door and bug the computer itself.

Re:good luck getting past the UPS

[Smidge204]

Wouldn't help; They are varying the power the machine uses, and unless you have a power supply that can output a variable amount of power while keeping the power it draws from the wall constant (which would be either magical or horrendously inefficient at partial loads) there's no way to "filter" this sort of attack.

=Smidge=

Re:good luck getting past the UPS

[TWX]

My home has three HVAC units, two water heaters, and a very large 240V air compressor. I'm sure that I could introduce enough random variation in the electrical load to prevent this means of communication from being reliable.

As I understand it, to prevent someone from managing to capture what's said in the Oval Office by shining a laser onto one of the windows to measure how the window reacts to sound inside of the room, they introduce noise in the form of numerous conversations into the glass, vibrating it enough that one can't pick-out the real conversation from the rest of the noise. One would think that this kind of technique could be applied to electricity if it were really that big a risk, a bank of several 100W lightbulbs with random timer controllers to turn them on and off may well be enough to screw with current draw to prevent exfiltration.

Re:good luck getting past the UPS

But I use FedEx.

Re:good luck getting past the UPS

[MDMurphy]

Based on the concept of motor-generators used for high-security facilities, a "secure " UPS could just use 2 batteries. Incoming power charges battery A while output runs on battery B.
Incoming power disconnects periodically, output switches to battery A and incoming switched to charging battery B.
If incoming power is lost ( the main reason for a UPS ) then both batteries are connected in parallel giving the user the full backup capacity.
At no time is the output connected to anything other than a battery.

Re:good luck getting past the UPS

*double-conversion* being the key here. Very different than a pass-through UPS design. The instantaneous power draw is insulated completely from the mains.

Re:good luck getting past the UPS

It reads like they are making the power lines broadcast, not measuring total power draw. The key thing is the double-conversion UPS of the original comment you replied to, like the Eaton 9 Series. "Eaton's series 9 UPSs protect against all nine power problems: power failures, power sags, power surges, under-voltage, over-voltage, line noise, frequency variation, switching transients and harmonic distortion. " (https://powerquality.eaton.com/sea/thoughtleadership/power-protection/selecting-right-ups.asp) AC from the wall, gets converted to DC, goes through the battery, then gets converted back to AC, with complete isolation between the two sides and a battery in the middle.

Re:good luck getting past the UPS

[bobbied]

Problem here is that large loads are easily filtered out. What they are using is a load variation of about 10 watts or so. So when your AC unit starts, it's pretty obvious and easy to remove the signal.

What you need is a randomly variable power consumer/producer that can sufficiently randomize the small variations in power consumption and *possibly* make it too hard to figure out what's the data signal and what's just random noise. Even then, it's going to be pretty difficult to truly hide all possible data transfer using this technique. You may slow down the data rate possible, but I don't think you can totally mask this power consumption variation.

Re:good luck getting past the UPS

[BeauHD+(+6,+Expert)]

It even applies to things like electronic safes.

-=)x(.:Beau:.)x(=-

Re:good luck getting past the UPS

[Smidge204]

One would think that this kind of technique could be applied to electricity if it were really that big a risk

According to the paper linked through the article, even a purpose-built device that randomly loads the power supply in the device being snooped might not be totally effective, nor would EMI filters unless they were purpose-made for the rather low frequencies. And I can easily see a variant of the attack bypassing even those by using a carrier frequency lower than the utility's 50/60Hz... you'd just have to be really patient.

The only way I can see to prevent this is a specially made, double conversion UPS or similar storage-backed power supply that is carefully designed and sized to keep the power consumed from the wall completely independent of the power consumed by the device by averaging that power over the span of hours or maybe even days.
=Smidge=

Re:good luck getting past the UPS

Skip to 6min for the lazy. This requires a data monitoring box at the circuit breaker but it shows what an amazing amount of data you can pull from watching a house power supply. Keep in mind they can very easily see the difference between a light bulb, a toaster, and 50 other appliances you have on at any given time. It's very cool tech. Malware only needs to create a slight variation and keep that variation going. Btw some device somewhere is going to have to pull that current from the city mains UPS or no UPS. The UPS would just become another device in the chain.

Re:good luck getting past the UPS

[ctilsie242]

I once was at an auction of a startup that was bankrupt and was selling their assets. Part of what they were selling was a motor/generator combo. I thought it was a joke, but its function was to completely isolate power coming from either way before the power went to an online UPS (where the batteries were always drawn from, and mains power was there to keep the batteries topped off.) From what I was told, it worked well to keep communication via power from happening on either side, especially coupled with the fact that mains power was not actively coupled to power inside the building due to the UPS.

I'm not afraid of data exfilteration this way for a number of reasons. It is relatively easy (although not dirt cheap) to have a battery charger/battery/inverter to isolate power, even grounds. $1500 gets you a Goal Zero power station that does all this.

Re:good luck getting past the UPS

What you need is a randomly variable power consumer/producer that can sufficiently randomize the small variations in power consumption and *possibly* make it too hard to figure out what's the data signal and what's just random noise.

Like bitcoin mining?

Re:good luck getting past the UPS

[Joce640k]

Or just work in a thing called a "building" where lots of other people are doing stuff.

Re:good luck getting past the UPS

[ColdWetDog]

They stopped that recently. They found that nobody could pick out the regular conversations from the noise. The extra noise wasn't really needed.

Re:good luck getting past the UPS

[ctilsie242]

What might be useful is a UPS that has charging thresholds, where it charges the batteries when they reach a certain percentage charge, and the charge lasts for a random duration. Add a little bit of random variation, like plus or minus 3-5% SoC level on the batteries before the charger turns on, and this would pretty much take care of this type of attack.

Re:good luck getting past the UPS

[DigiShaman]

If you're going to break into a house, why not just take the damn machine?

Re:good luck getting past the UPS

[aaarrrgggh]

In fairness, if you are looking at 10 bits per second, that gives you 5 or 6 cycles to modulate each bit over. That is going to be tough for (common) DC capacitors to filter out effectively, although the battery capacitance may still be in play. The rectifier should respond to a drop in DC voltage within a quarter-cycle. The AC filter capacitors won't see this at all, since they will only buffer a quarter-cycle.

What likely would impact it though is having enough PWM loads on the line and your power supply as a very minor component of load. At worst, you would be forced to use a lot of bits for error correction, but in all likelihood you would not be able to see the attack at the main service panel.

Re:good luck getting past the UPS

[aaarrrgggh]

Well, if you want it to work, try an air-compressor-driven (with a large reservoir) expander turbine generating power for the power supply.

Might be more effective to just put a larger DC bus capacitor in the PSU though.

Re:good luck getting past the UPS

[tlhIngan]

Problem here is that large loads are easily filtered out. What they are using is a load variation of about 10 watts or so. So when your AC unit starts, it's pretty obvious and easy to remove the signal.

What you need is a randomly variable power consumer/producer that can sufficiently randomize the small variations in power consumption and *possibly* make it too hard to figure out what's the data signal and what's just random noise. Even then, it's going to be pretty difficult to truly hide all possible data transfer using this technique. You may slow down the data rate possible, but I don't think you can totally mask this power consumption variation.

The thing is, the bits are *modulated*. You're not sending bits using load - say, +10W for a 1 and 0W for a 0. No, you cannot tell the bits apart this way.

Instead, they modulate the bits, by spiking the CPU cores at varying frequencies. You can detect these much more easily, and you can filter out the large loads since those generally are constant.

They use FSK, so presumably they can say spike the CPU at 10Hz (giving a 10W-0W cycling at 10Hz) to represent a 0 and do it at 20Hz to represent a 1.

Re:good luck getting past the UPS

[Bob+the+Super+Hamste]

It would seem simple enough to rig up a LFSR to a few dozen .1 to 5W devices and have it cycle at some variable rate likely controlled by another LFSR. That should produce enough load noise, bonus points if you can have the low load devices do something useful. Generating good enough randomness is pretty easy, even really good randomness is pretty easy if you just have a bunch of reverse biased diodes and use the output to also control some devices to induce a random load.

Re:good luck getting past the UPS

Exactly, this is just a stunt. Would not ever be able to be used in real life. Good luck getting access to a building's power to begin with and then from there you're going to pick up some slight variances in power changes for a single PC in a building with 100s or 1000s of PCs and servers and AC units? I find that hard to believe.

Just more theory for hacking that can't possibly be used in the real world. Nice lab stunt though.

Re:good luck getting past the UPS

exactly why this is just another stupid hacking stunt. nothing that can or will ever be used in the real world. I'd like to know if there is any actual, real usage or implementation of an air-gapped system actually getting hacked. everything I've ever read would only truly work in a lab.

You're not going to get connected to the power systems of a large corporation, building, government entity, pure and simple, it's not going to happen.

Re:good luck getting past the UPS

[gweihir]

You have no clue about power electronics design. "Double conversion" just filters better, it does not "insulate completely" at all.

Re:good luck getting past the UPS

[gweihir]

Valid question, but the answer is simple: There may be encrypted stuff you still want to snoop the passwords for or you may not be interested in the machine itself, but may want to snoop on conversations.

Re:good luck getting past the UPS

[DontBeAMoran]

"Fuck everything, we're doing five conversions."

Re:good luck getting past the UPS

For a standard design, sure.

If you wanted to create a double conversion setup to mitigate this issue, you'd simply design a battery charger that only offers two options: Full charge, or no output. You'd meter the batteries and wait for them to drop low enough to trigger charging, and charge them.

This would almost fully decouple the computer from the mains.

To fully decouple it, add in a second battery bank. The charger charges one battery bank while the computer draws from the other. Automatically swap battery banks when the computer depletes the bank it is using.

This is still only using double conversion, nothing more.

Re: good luck getting past the UPS

Er, plenty of PowerPoints out in the open in most buildings.

Re:good luck getting past the UPS

[speederaser]

The only way I can see to prevent this is a specially made, double conversion UPS or similar storage-backed power supply that is carefully designed and sized to keep the power consumed from the wall completely independent of the power consumed by the device by averaging that power over the span of hours or maybe even days.

Another way is to run boinc distributed tasks that load the CPUs 24/7 at 100%. No variation in CPU demand, ever. That's what I do (for other reasons) and my CPUs have been pegged at 100% for more than 2 months. So I figure I'm well-protected against this kind of attack.

If that's too much, it shouldn't be too hard to come up with a script that randomly loads the CPU in the same way, and randomly run a bunch of instances of it. Make the haystack too big and they'll never find the needle.

Re:good luck getting past the UPS

[ShanghaiBill]

If you're going to break into a house, why not just take the damn machine?

1. You want to continue to monitor the target and collect information continuously.
2. You don't want the target to know he has been compromised.

Re:good luck getting past the UPS

[toddestan]

The easy, but inefficient way to defeat it would be have a few low priority threads that just spin to keep the CPU at 100%. Since the CPU will be pegged at all times now, the malware will no longer be able to affect the power usage of the computer.

Re:good luck getting past the UPS

[Bender0x7D1]

Except there are plenty of buildings where a restricted area is next to a public space. For example, a building on a college campus. Plenty of restricted labs, but the buildings and hallways are all open. This also holds true for buildings where a different company leases each floor. I can listen in from my own, leased space and not have to break-in anywhere.

Re:good luck getting past the UPS

Is your double-conversion UPS inside of a Faraday Cage? Otherwise your firewall has a gaping hole in it.

Re:good luck getting past the UPS

What about a flywheel UPS. The Flywheel effectively acts as a massive and very low frequency capacitor. Seems like it wouldn't be affected by these small changes in power draw from the CPU.

Re:good luck getting past the UPS

All you've done is reduce the channel, not eliminate it....the attack can now modulate the need to switch between A and B. Sure, it's a tiny channel, but it's still there.

Apple will fix this with $100 DRMed power cables

[Joe_Dragon]

Apple will fix this with $100 DRMed power cables.

years ago alienware had an $50+ upgraded power cable as an add on.

Spoken like a true desktop security guru

[xxxJonBoyxxx]

>> If you want your computer to be really secure, disconnect its power cable

Spoken like a true desktop security guru.

Re:Spoken like a true desktop security guru

[hcs_$reboot]

>> If you want your computer to be really secure, disconnect its power cable

...and run it on batteries.

Re:Spoken like a true desktop security guru

As a Certified Desktop Support Technician with 20 years of experience, I'M FOR IT!

Please send me my check now.

Re:Spoken like a true desktop security guru

I threw my in a lake, problem solved.

Re:Spoken like a true desktop security guru

That's how Intel got the idea for their naming conventions.

Re:Spoken like a true desktop security guru

[UnknowingFool]

Yes, in fact to show those bastards I'm going to pull m@$FON(
JF45(Nf12&*(
[CONNECTION LOST]

filter

Wouldn`t an inline UPS of some sort avoid this?

Re:filter

[PPH]

Or a laptop (even plugged in).

Re:filter

[gweihir]

Depends on the filters. They will try to transmit power-spikes and those can get trough an inline-UPS as well to a degree. The whole thing is a worthless stunt anyways as you need to tap the power-line close by.

Re:filter

[TWX]

Probably depends on how the laptop's power circuitry is designed.

Basically there are two forms of battery backups. One form charges the batteries and keeps them charged but doesn't run the load through them unless a switchover event happens. The other form does run the load through the batteries because they cannot afford for the system to go down temporarily for such a switchover.

The former is the way that large UPSes that use lithium-ion batteries works, because lithium-ion batteries cannot sustain being in the circuit that way. That's why most UPSes still use SLA batteries. There are new UPSes coming out with a combination of SLA and Li-Ion though, where there's just enough SLA in the loop to keep the equipment running for the few moments it takes to bring up the Li-ion batteries.

If the laptop, while plugged in, runs on the corded power then it's probably subject to the same issues as the desktop computer.

Re:filter

[TWX]

That might not be as difficult as you'd think. Commercial buildings have a lot of people coming and going doing maintenance, and most commercial buildings don't hide the basic electrical stuff inside of highly secured areas, they reserve such security for devices that are expensive, or devices that do something important, or for devices that have important information on them. For most buildings the vast majority of the power is for regular mundane things like lighting and HVAC, so the raw incoming power and any transformers are probably easily accessed with something as simple as a fake workorder presented to the receptionist in the lobby. Someone coming in that way might not be able to get access to the generator yard that keeps the datacenter up, but if the power supplying the generator yard and battery room is tappable to give this kind of info, or if they're attempting to get data off of a regular user's computer that isn't on the generator, then they may well be able to come in and install whatever they need to place in order to sample the power the way they need.

For all we know, equipment no more sensitive or expensive than a cheap clamp meter might do the trick, if they can find a way to transmit that data, but my guess is that this sort of thing would be limited to nation-states or to extremely high level corporate espionage, and probably would be above even groups like those that steal payment card info to get money.

Virus scanner plugs this security hole.

On my work machine our overzealous virus scanner settings have closed this security hole... the CPU is constantly pegged at 100% ensuring that the power can't fluctuate at all.

It also eliminated the need for a furnace in the building.

Jesus Christ!

Hackers can get into your system no matter what!

I bet if we went back to abacuses, hackers would figure out how to decipher the clicks and know what you're doing.

"Damn! My abacus was hacked!"

"You moron! You should have used the anti-hacking felt on the beads. Geeze!"

And then a hacker would figure out how to hack the abacus by the felt dust that falls.

Re:Jesus Christ!

Better off just getting the CPU to modulate the cooling fan speed and using a smartphone or other device with a microphone to transmit the data. I definitely remember the Intel cooling fans of my gaming rig playing steppenwolf and other pop tunes.

Re:Jesus Christ!

[darkain]

All joking aside, taking this from a more analytical standpoint... There is indeed an attack that you basically point a laser at the back of a laptop screen and monitor the vibrations in order to read what is being typed on said laptop. Great way to steal information at a coffee shop! I'm sure something similar, either laser based or audio based, could be used for an abacus too.

Exfiltrating data via user facial expressions.

[shess]

The paper describes a method of adding jank to applications which will cause users to frown and furrow their eyebrows, which in turn can be monitored by a high-def camera furtively installed on their monitor to communicate between 100 and 1337 bits per minute to attackers.

----

Honestly, who approves this research? I mean, yes, it's possible, but if your computer is "air-gapped" and the attackers have the ability to breath your air, you are already screwed.

after installing malware

Don't install malware, people. There, I fixed it.

Re:after installing malware

[PPH]

Don't install malware

You insensitive clod! I run Windows.

Enough to get encryption keys

and then show up later to grab the hardware

What?

[Megol]

This is obvious. Not obvious in hindsight but obvious as a fundamental well known security problem. It have been protected against in the past (filtering power lines to reduce or eliminate signal transmission). And it is _really_ old news, this was known and protected against before I was born.

Re:What?

[trg83]

I suspect the problem is that 10 bps communication was close enough to normal communication line bandwidth to make people more creative about using them and more cognizant that they could be used that way. In this day of Gbps connections, I suspect people forget that small, valuable information could still be extracted very slowly by patient people. As such, I suspect few people are actively thinking about this threat vector, while certain types of conditioned power might give them protection automatically without thinking about it.

So, how this works

[enjar]

The attacker needs to gain access to the server's power cord, or maybe the building's power panel then attach some dongle. Then they need to somehow gain access to a air gapped machine on a secure network in what is likely a secured facility. Once they do that, they then gain access to the server and install malware that will send semaphores by upping CPU use.

While an interesting laboratory experiment, I'm not really all that concerned. I do predict it showing up in the next Mission: Impossible installment, though

Re:So, how this works

[gweihir]

Basically, the attacker has to do all steps except the last one, namely to physically access the computer itself. Building access is already a must in most cases. Hence it will be cheaper, more reliable and far easier to just bug the computer itself.

Re:So, how this works

[the_skywise]

That would be a great Mission Impossible scene though - break into the facility, break into the air-gapped computer room and Benji leans down to the power cable:

Ethan: "What are you doing?"
Benji: "I'm installing the tap on the power cable which will adjust the power frequency of the CPU so we can hack into the system and collect the data"
Ethan: "Benji... there's a post-it note right here with the password on it"
Benji: "Oh... well...that works too"

Re:So, how this works

[bobbied]

I don't think so... Physical access to a building isn't necessary anymore.

Today we have "smart meters" where I live. I'm not sure what the polling rate of my power meter is, but I do know that it's readable often enough that companies offer "time of day rates" so it's got to be at least every hour, and likely is multiple times an hour.

If the polling rate is every 15 min, then you could conceivably get a couple of bits of data every hour. Yea, that's pretty much a useless data rate, but long term could be an issue if it allows you to intercept an encryption key or something like that.

Re:So, how this works

[enjar]

Even with a smart meter being read every 15 minutes it seems kinds difficult to get anything useful out, since the power company is getting a kWH number for the last polling interval. It sounds like they are "listening" for a certain pattern in the on/off of this extra CPU. So while your kWH number might go up, it would be pretty impossible to compare a building's overall load and have one core of a CPU actually make enough difference to do anything about it.

Re:So, how this works

[aaarrrgggh]

A janitor might be able to get into a SCIF room undetected, but they would have difficulty removing any information from said room. Not entirely sure how they would get the malware into the room without leaving behind a USB key though.

Re:So, how this works

[Obfuscant]

I do predict it showing up in the next Mission: Impossible installment, though

No, more likely an episode next season, if there is one, of /Scorpion. They do some truly stupid stuff on that show. Pure technical comedy. It's worth watching just for that.

Re:So, how this works

[Obfuscant]

I'm not sure what the polling rate of my power meter is, but I do know that it's readable often enough that companies offer "time of day rates" so it's got to be at least every hour,

The device doesn't have to transmit data every hour for it to be able to record use on an hourly, or even by-minute, basis. It can record the data and be read once a week.

It will be listening 24/7, however, so the power company can issue it commands to turn off to shed load if necessary.

Re:So, how this works

you're a moron.

Re: So, how this works

[enjar]

I couldn't make it through an episode of that show. I can suspend disbelief but this show was just too far. I think the "server farm" that was obviously a self storage facility was the final straw.

Re:So, how this works

[gweihir]

Nice, indeed!

This is an improvement

[PPH]

... over the method of catching XBox power supplies on fire and watching the smoke signals.

Impossible

You can't put spikes in my CPU utilization when it is already mining crypto at 100%!

Special counsel should investigate

Special counsel should investigate both barrels of a double-barreled shotgun. Get a good look, now.

Another worthless stunt

[gweihir]

No actual security expert is surprised this is possible. However, this is actually worthless in almost all circumstances. First, you have to be close enough that standard TEMPEST attacks should work a lot better. And second, this has a high risk of causing problems elsewhere and getting notices. And thirs, the data-rate is laughable and unsuitable for most attacks.

Re:Another worthless stunt

[MDMurphy]

My first thought also was TEMPEST (https://en.wikipedia.org/wiki/Tempest_(codename) ) In the 80s I worked in a facility that was being certified for Top Secret operations inside. It had all the normal shielding, including spot welding of the internal metal shell where testing revealed RF leakage. Incoming power drover a motor. The motor drove a shaft that spun a generator which provided internal power to the facility. I'd guess it would be pretty tough for multiple computers attached to that generator's output to perturb the mass of both the generator and the motor enough to leak any information to the outside.

Like reading the flashing of modem LEDs in the 90s, there's no end to the ways a computer and its associated peripherals can leak information. The important data leaks though are usually done by people.

Re:Another worthless stunt

[gweihir]

The important data leaks though are usually done by people.

Very much so, yes.

Re:Another worthless stunt

You're such a moron, and you're totally unaware.

Re:Go ride a bike

>he posted this response on the internet, and it got upboats
Pot, kettle.

10bps...

[jaymemaurice]

That's only 2000 hours to get 1MB of information...

So yeah... there might be faster, more efficient ways...

Re:10bps...

[jaymemaurice]

Sorry, 200... assuming no overhead/checksum additional data required to ensure efficient transmission

Re:10bps...

[Actually,+I+do+RTFA]

Yeah, or just under 7 minutes (call it a full 7 with checksums) to filtrate your 4096-bit private key. Who needs a $5 wrench?

Re:10bps...

[jaymemaurice]

Assuming it's an air-gapped system you've already been able to silently install malicious software onto once before, that is located in a building you can get close to the power infrastructure before the transformer... there might be better, more efficient ways.

Re:10bps...

Assuming it's an air-gapped system you've already been able to silently install malicious software onto once before, that is located in a building you can get close to the power infrastructure before the transformer... there might be better, more efficient ways.

Of course there might be better ways, in fact in most situations that would be a certainty.
But on the other hand *all* ways that involve one single method have downsides that a multi-pronged attack would not.

The first part can be dead simple for certain entities.
Your air-gapped computer has an OS on it. Is that your install or the manufacturers install?
For the former, what media did you install it from and how verified was it? For the latter, well there is your risk plainly stated.

Then there is all the firmware in the PC, so many more entities that have a form of software running in the thing.
What about BIOS code modules? System monitoring modules, be it ME for a desktop or a management module in a server.

The CIA has been shown to intercept hardware orders to other countries and this would be an ideal option for monitoring.
We still suspect Chinese manufactured components and systems to be open for the same treatment, yes?

The part about retrieving the data is more complicated yes, but physical access is just the most common option not the only one.
Smart meters could be hijacked to perform this task if used. Building automation systems potentially would have similar capability for commercial buildings vs smaller or residential ones.

What other devices share the same power circuit? Any of these spew out RF? That could increase the range.

I can only thing of a small number of secure locations currently with procedures and processes intended to address all of those risks, and air-gapped computers are used in far more cases than just those.

Re:10bps...

[Obfuscant]

there might be better, more efficient ways.

Yes. Like instead of copying on malware that may be detected by virus scanners or other security software, just copy off the data you want. You already have access to copy things on. The last time I looked, "copy" or "cp" works both ways.

They're just now figuring this out?

IBM has been modulating data on power lines at least since 2008 when they received a patent on it for data center gear talking to PDUs. I've been aware of this technique since the late nineties and no doubt it has been in use for longer. Modulating data on power lines is nothing new. This is why I always wear an AFDB anytime I'm close to power lines or computers. Psychotronic mind control aint nothing to eff with.

Spoken like a virgin.

Kind of like the advice, "if you don't want to get STDs, or someone pregnant" don't have sex.

Re: Spoken like a virgin.

Name a more effective method then?

Re:Spoken like a virgin.

Kind of like the advice, "if you don't want to get STDs, or someone pregnant" don't have sex.

Yet... Not having sex works....

Alternately you can just get married... Wait... Same thing..

Re:Spoken like a virgin.

"if you don't want to get STDs, or someone pregnant" don't have sex

Well, you're preaching to the choir here.

Oh, you were quoting something

Re: Spoken like a virgin.

Flashlight.

Misleading headling

[chispito]

It should read, "Researchers Send Info Over PCs' Power Supply Cables."

Re:Misleading headling

If it were researchers it would be less newsworthy. I vaguely recall work done like this decades ago, albeit with low bandwidth.

Re:Misleading headling

Or researchers update a twenty-year-old meme: The only secure computer is still brand new, sealed in a box, and buried twenty feet underground.

Re:Go ride a bike

Most people have perfectly good pocket computers to take with them on bike rides and walks outside these days. Did you type this rant on your amiga?

Re:Get creimer to do your IT

You sound bitter, nipple dick.

Off the grid:

[pincorrect]

Generator + treadmill + Jack Russell Terrier + squirrel (or cat)

Re:Apple will fix this with $100 DRMed power cable

Microsoft will fix this with... Never mind, they won't.

Congressional testimony

[tomhath]

Congressman: Does Facebook exfiltorate data by regulating CPU utilization to create fluctuations in the current flow that could modulate and encode data, then propagate those variations through the power lines to the outside world?

Mr. Zuckerberg: Yes sir, but only for security purposes.

Re: Go ride a bike

No, I typed it on my C64.

Relax, people

[OneHundredAndTen]

The vast majority of us are not sufficiently important or interesting to be worthy of such an attack.

Re:Relax, people

Oops, you beat me to it but fully agree. Physical attacks of this type are not a 'general concern', though as 'geeks' they may be interesting to the readers here.

The CIA, FBI, Northrup - Grumman etc. might want to 'worry' about this but I presume they already have multiple levels of physical security in place. If they allow general access to power supplies and especially electrical boxes then their physical security sucks anyway & they deserved anything that happens to them.

MODDOWN! ; creimer youtube spam post again!

MODDOWN! ; creimer youtube spam post again!

creimer wants you to click on his youtube channel, then click on his stupid amazon affiliate link spam on Youtube. There is nothing of value on creimer youtube channel. Only creimer click-bot goes there.

CREIMER' SUBMISSIONS UPDATE:
Note also that creimer is trying to regain karma by getting his submissions published as articles on /. so make sure to go to:
https://slashdot.org/~__aaclcg...
https://slashdot.org/~IDrinkFa...
https://slashdot.org/~_sharp'r...
https://slashdot.org/~crreimer
https://slashdot.org/~cdreimer
https://slashdot.org/~criss69
https://slashdot.org/~Anonymou...
https://slashdot.org/~FatCashe...
https://slashdot.org/~ILoveFat...
https://slashdot.org/~IHateFat...
https://slashdot.org/~IAteFatC...
https://slashdot.org/~ITapeFat...
https://slashdot.org/~IApeFatC...
https://slashdot.org/~IPrayFat...
https://slashdot.org/~FatCashe...
and mod down his submissions as well. The great thing is that you don't even need mod points to mod down a submission, just click on the "minus" icon!

Yes, believe it or not, creimer owns all the above sock puppet accounts. It is a mystery why Slashdot management tolerates it!

creimer wrote:

I don't bother with mod points. I'm doing something much more sinister. It took ten story submissions ? I'll have to double check the number ? to move cdreimer's karma from neutral to excellent without ever being exposed to the capricious mods. Mmmmmwwwwahahahahahahaha!

https://slashdot.org/comments....

Danger, Will Robinson, Danger! Creimy is posting more than 2 posts a day. Hurry! mod down otherwise /. will go to hell again!

Note: you can mod down even if already at -1 to lower karma and to prevent lost /. users to accidentally mod up.

creimer wrote:

All you need to do is find a website with a permissive TOS, say, Slashdot, create a Python script to scrape your own comments, sprinkle Amazon affiliate links in various posts, and then re-post past links whenever possible. Won't be long before you start making "coffee money" each month.

https://slashdot.org/comments....

C.D. Reimer is a renowned Slashdot collaborator, as he puts it himself; "Because of the quality of my posts and my article submissions, I'm a highly rated commentator and moderator."

But does anybody ever wondered what "C.D." stands for? Well, it stands for Creimy Dumpty of course!

Creimy Dumpty sat on the wall,
Creimy Dumpty had a great fall.
All the king's horses
And all the king's men
Couldn't put Creimy Dumpty
Together again.

Creimy's siblings video and theme song, very realistic, especially the pants, just like Creimy's:
https://www.youtube.com/watch?...

With "Vice President Pence Vowing US Astronauts Will Return To the Moon", we are sure they will need miracle workers up there, here is what it would look like. Note that Creimy takes ca

Re:Go ride a bike

[Rick+Schumann]

I don't have or want a smartphone, and I don't go home at night and stare at a computer screen until I go to bed like I imagine you do. Shove it up your ass.

Actual Link

Whoops forgot the the link. Sorry.

https://www.thisoldhouse.com/how-to/future-house-smarter-home-electrical-metering

Just as bad

Just as bad, if not worse: Once Virus software controls your machine, it is able to change monitor output and signal all evil-doers in visual range using Morse code.
_... .._ ._.. ._.. ... .... .. _

Re:Apple will fix this with $100 DRMed power cable

Microsoft will fix this by incrementing their OS version, collecting fees, hiring lawyers, then not worrying about it. Oh you have an older version? Too bad so sad.

Tempest - Slashdot in 99'

Tempest - already covered this on Slashdot in 99'. https://yro.slashdot.org/story/99/10/25/2039238/declassified-tempest-material-comes-online

Getting old sucks, now the world repeats and is boring. :P

Re: Go ride a bike

iOS or Android are lousy for use as a pocket computer. I would like a pocket computer though.
Something I can install any OS on, just like my desktop computer. Not spyware from apple or google.
 

new use for Tesla Powerwall

[cnaumann]

Random charge and discharge cycles for power line white noise generator.

They did it - no longer theoretical

[FeelGood314]

I think we all knew this could be done in theory but someone actually went out and tried it and measured what the results were. They even came up with data rates. It should be noted also that they could still read the data above other noise on the power line. They used frequency shift keying to encode their data so that noise from some devices could be easily filtered out. Big things like a water heater or stove can be filtered out by amplitude, inductive things like air compressors or pool pumps are also easy to filter out, it's small things in the 30watt range that are switching on and off that would be a problem but there aren't many things like that.

This threat is down on my list of things to worry about to the same level as being hit by a meteor but I still applaud Mordechai Guri for actually trying it and measuring the results.

Power filtering and Monitoring?

[Murdoch5]

If my UPS / Power Filter sees any funny business in the line power, it's going to either compensate or terminate the power, effectively ending this type of attack. The only way this type of attack could work would be if the victim has no power monitoring, which is risky at best for the victim.

Re:Apple will fix this with $100 DRMed power cable

You penniless virgins really need to come up with new zingers for microsoft. Unlike you the premise for these jokes are dated.

A contrived, but potential use case

It took me a while to summon enough imagination to think of a way this could be exploited practically, but I think I've got it.

A. You want data from a manufacturing line, and this data is extremely valuable to you but only if you get it quickly (stock trading or other market timing)
B. Your victim is aware of typical attack and exfiltration vectors, so their industrial control equipment is air gapped and physically protected (you can't just pay off a worker to plug in a flash drive).
C. You have the ability to load code on their hardware either at manufacture shipping, install, during a risky hollywood heist style stunt, or you've compromised whoever writes their firmware.
D. The air gapping and shielding on this system appears to be pretty comprehensive, but the machine is hooked to mains power.

In this case it could be easier to have a sensor and transmitter installed covertly somewhere along the machine's circuit back to the panel. It could be as easy as having someone put a typical looking ammeter clamp with custom hardware around a cable bundle.

Of course this attack isn't really new. We've always known that power line analysis can be used for various side channel antics, and for many of them you don't even need to have your code running on the system under attack.

Smart people does not a worry make

If someone has physical access to my power supply on my computer or the electrical panel I think there's FAR bigger issues with security than 'ex-filtrating data'. In other words just because something can happen doesn't mean it will or would be a concern to the vast majority of society.

If your secrets are SO important that someone would go through this kind of trouble, especially breaking in & attaching some kind of device to your power supply and/or electrical panel that would be highly noticeable then maybe you should think about securing your building better. So sure, maybe the CIA, FBI, Northrup Grumman etc. may want to think about this type of thing, but the rest of us can just sleep easy & not worry about it.

Re:Apple will fix this with $100 DRMed power cable

To fix this, Microsoft will charge you an extra 30 ADs per month to activate slowdown.exe at random intervals.

VL customers get it for an extra $30.00 per core, per CPU, per machine.

tough sell

power lines are notoriously noisy for lots of reasons. Even with a dedicated circuit to the PC in question, you are still susceptible to induced currents on the wire. This is probably a lot easier in a lab environment.

Dumb research is dumb research!

Some people like to waste time.
1st, that transmission time is sooooooo slooooooooow!
2nd, an UPS would prevent this.

Re:Apple will fix this with $100 DRMed power cable

"Unlike you the premise for these jokes are dated." So is Windows.

Re:Get creimer to do your IT

We wish, Chris. Yet you're still here, unable to resist your OCD and your narcissism. You have to check if you're mentioned.

You are the original shit moth. And what's with the Ivan stuff? You're difficult to figure out.

Please call them what they are

They are DATA THIEVES. Please remove exfiltrator from your mouth, its not a real word.

Fake news

[NichardRixon]

They must attempt to monitor one computer at a time per power station, after convincing the rest of the population to turn off all electrical equipment for the duration. And at a max data rate of 1 Kbps. Right. Someone alert DHS.

Re: Apple will fix this with $100 DRMed power cabl

And your mom

Solar

Hah, my machines run from solar panels that aren't connected to the grid, so good luck to them.

Re: good luck getting past the UPSwastika!

You got the Swastika backwards you Aryan moron.

Re:Apple will fix this with $100 DRMed power cable

[mjwx]

Apple will fix this with $100 DRMed power cables.

years ago alienware had an $50+ upgraded power cable as an add on.

Meanwhile, all you need to do is have some kind of transformer or other device that separates electrical circuits.