Data Exfiltrators Send Info Over PCs' Power Supply Cables (theregister.co.uk)

← Back to Stories (view on slashdot.org)

Data Exfiltrators Send Info Over PCs' Power Supply Cables (theregister.co.uk)

Posted by msmash on Thursday April 12, 2018 @03:25AM from the what-in-the-world dept.

From a report on The Register: If you want your computer to be really secure, disconnect its power cable. So says Mordechai Guri and his team of side-channel sleuths at the Ben-Gurion University of the Negev. The crew have penned a paper titled PowerHammer: Exfiltrating Data from Air-Gapped Computers through Power Lines that explains how attackers could install malware that regulates CPU utilisation and creates fluctuations in the current flow that could modulate and encode data. The variations would be "propagated through the power lines" to the outside world.

Depending on the attacker's approach, data could be exfiltrated at between 10 and 1,000 bits-per-second. The higher speed would work if attackers can get at the cable connected to the computer's power supply. The slower speed works if attackers can only access a building's electrical services panel. The PowerHammer malware spikes the CPU utilisation by choosing cores that aren't currently in use by user operations (to make it less noticeable). Guri and his pals use frequency shift keying to encode data onto the line.

69 of 131 comments (clear)

Min score:

Reason:

Sort:

good luck getting past the UPS by Anonymous Coward · 2018-04-12 03:29 · Score: 5, Interesting

Double-conversion UPS... the data stops there. There's your firewall.
1. Re:good luck getting past the UPS by gweihir · 2018-04-12 03:55 · Score: 2
  
  May not be enough if they use spikes for that transmission. You would probably need to filter and shield far more carefully than an UPS does.
  The whole thing is a worthless stunt anyways: Instead of breaking into the house and tapping the power-line, just open one more door and bug the computer itself.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
2. Re:good luck getting past the UPS by Smidge204 · 2018-04-12 04:01 · Score: 2
  
  Wouldn't help; They are varying the power the machine uses, and unless you have a power supply that can output a variable amount of power while keeping the power it draws from the wall constant (which would be either magical or horrendously inefficient at partial loads) there's no way to "filter" this sort of attack.
  =Smidge=
3. Re:good luck getting past the UPS by TWX · 2018-04-12 04:09 · Score: 2
  
  My home has three HVAC units, two water heaters, and a very large 240V air compressor. I'm sure that I could introduce enough random variation in the electrical load to prevent this means of communication from being reliable.
  As I understand it, to prevent someone from managing to capture what's said in the Oval Office by shining a laser onto one of the windows to measure how the window reacts to sound inside of the room, they introduce noise in the form of numerous conversations into the glass, vibrating it enough that one can't pick-out the real conversation from the rest of the noise. One would think that this kind of technique could be applied to electricity if it were really that big a risk, a bank of several 100W lightbulbs with random timer controllers to turn them on and off may well be enough to screw with current draw to prevent exfiltration.
  
  --
  Do not look into laser with remaining eye.
4. Re:good luck getting past the UPS by MDMurphy · 2018-04-12 04:13 · Score: 3, Interesting
  
  Based on the concept of motor-generators used for high-security facilities, a "secure " UPS could just use 2 batteries. Incoming power charges battery A while output runs on battery B.
  Incoming power disconnects periodically, output switches to battery A and incoming switched to charging battery B.
  If incoming power is lost ( the main reason for a UPS ) then both batteries are connected in parallel giving the user the full backup capacity.
  At no time is the output connected to anything other than a battery.
5. Re:good luck getting past the UPS by Anonymous Coward · 2018-04-12 04:13 · Score: 1
  
  *double-conversion* being the key here. Very different than a pass-through UPS design. The instantaneous power draw is insulated completely from the mains.
6. Re:good luck getting past the UPS by bobbied · 2018-04-12 04:22 · Score: 2
  
  Problem here is that large loads are easily filtered out. What they are using is a load variation of about 10 watts or so. So when your AC unit starts, it's pretty obvious and easy to remove the signal.
  What you need is a randomly variable power consumer/producer that can sufficiently randomize the small variations in power consumption and *possibly* make it too hard to figure out what's the data signal and what's just random noise. Even then, it's going to be pretty difficult to truly hide all possible data transfer using this technique. You may slow down the data rate possible, but I don't think you can totally mask this power consumption variation.
  
  --
  "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
7. Re:good luck getting past the UPS by BeauHD+(+6,+Expert) · 2018-04-12 04:28 · Score: 2
  
  It even applies to things like electronic safes.
  
  -=)x(.:Beau:.)x(=-
8. Re:good luck getting past the UPS by Smidge204 · 2018-04-12 04:31 · Score: 1
  
  One would think that this kind of technique could be applied to electricity if it were really that big a risk
  According to the paper linked through the article, even a purpose-built device that randomly loads the power supply in the device being snooped might not be totally effective, nor would EMI filters unless they were purpose-made for the rather low frequencies. And I can easily see a variant of the attack bypassing even those by using a carrier frequency lower than the utility's 50/60Hz... you'd just have to be really patient.
  The only way I can see to prevent this is a specially made, double conversion UPS or similar storage-backed power supply that is carefully designed and sized to keep the power consumed from the wall completely independent of the power consumed by the device by averaging that power over the span of hours or maybe even days.
  =Smidge=
9. Re:good luck getting past the UPS by ctilsie242 · 2018-04-12 04:42 · Score: 1
  
  I once was at an auction of a startup that was bankrupt and was selling their assets. Part of what they were selling was a motor/generator combo. I thought it was a joke, but its function was to completely isolate power coming from either way before the power went to an online UPS (where the batteries were always drawn from, and mains power was there to keep the batteries topped off.) From what I was told, it worked well to keep communication via power from happening on either side, especially coupled with the fact that mains power was not actively coupled to power inside the building due to the UPS.
  I'm not afraid of data exfilteration this way for a number of reasons. It is relatively easy (although not dirt cheap) to have a battery charger/battery/inverter to isolate power, even grounds. $1500 gets you a Goal Zero power station that does all this.
10. Re:good luck getting past the UPS by Joce640k · 2018-04-12 04:49 · Score: 1
  
  Or just work in a thing called a "building" where lots of other people are doing stuff.
  
  --
  No sig today...
11. Re:good luck getting past the UPS by ColdWetDog · 2018-04-12 04:49 · Score: 1
  
  They stopped that recently. They found that nobody could pick out the regular conversations from the noise. The extra noise wasn't really needed.
  
  --
  Faster! Faster! Faster would be better!
12. Re:good luck getting past the UPS by ctilsie242 · 2018-04-12 04:54 · Score: 1
  
  What might be useful is a UPS that has charging thresholds, where it charges the batteries when they reach a certain percentage charge, and the charge lasts for a random duration. Add a little bit of random variation, like plus or minus 3-5% SoC level on the batteries before the charger turns on, and this would pretty much take care of this type of attack.
13. Re:good luck getting past the UPS by DigiShaman · 2018-04-12 05:13 · Score: 1
  
  If you're going to break into a house, why not just take the damn machine?
  
  --
  Life is not for the lazy.
14. Re:good luck getting past the UPS by aaarrrgggh · 2018-04-12 05:13 · Score: 4, Informative
  
  In fairness, if you are looking at 10 bits per second, that gives you 5 or 6 cycles to modulate each bit over. That is going to be tough for (common) DC capacitors to filter out effectively, although the battery capacitance may still be in play. The rectifier should respond to a drop in DC voltage within a quarter-cycle. The AC filter capacitors won't see this at all, since they will only buffer a quarter-cycle.
  What likely would impact it though is having enough PWM loads on the line and your power supply as a very minor component of load. At worst, you would be forced to use a lot of bits for error correction, but in all likelihood you would not be able to see the attack at the main service panel.
15. Re:good luck getting past the UPS by aaarrrgggh · 2018-04-12 05:18 · Score: 1
  
  Well, if you want it to work, try an air-compressor-driven (with a large reservoir) expander turbine generating power for the power supply.
  Might be more effective to just put a larger DC bus capacitor in the PSU though.
16. Re:good luck getting past the UPS by tlhIngan · 2018-04-12 05:23 · Score: 1
  
  Problem here is that large loads are easily filtered out. What they are using is a load variation of about 10 watts or so. So when your AC unit starts, it's pretty obvious and easy to remove the signal.
  What you need is a randomly variable power consumer/producer that can sufficiently randomize the small variations in power consumption and *possibly* make it too hard to figure out what's the data signal and what's just random noise. Even then, it's going to be pretty difficult to truly hide all possible data transfer using this technique. You may slow down the data rate possible, but I don't think you can totally mask this power consumption variation.
  The thing is, the bits are *modulated*. You're not sending bits using load - say, +10W for a 1 and 0W for a 0. No, you cannot tell the bits apart this way.
  Instead, they modulate the bits, by spiking the CPU cores at varying frequencies. You can detect these much more easily, and you can filter out the large loads since those generally are constant.
  They use FSK, so presumably they can say spike the CPU at 10Hz (giving a 10W-0W cycling at 10Hz) to represent a 0 and do it at 20Hz to represent a 1.
17. Re:good luck getting past the UPS by Bob+the+Super+Hamste · 2018-04-12 05:34 · Score: 1
  
  It would seem simple enough to rig up a LFSR to a few dozen .1 to 5W devices and have it cycle at some variable rate likely controlled by another LFSR. That should produce enough load noise, bonus points if you can have the low load devices do something useful. Generating good enough randomness is pretty easy, even really good randomness is pretty easy if you just have a bunch of reverse biased diodes and use the output to also control some devices to induce a random load.
  
  --
  Time to offend someone
18. Re:good luck getting past the UPS by gweihir · 2018-04-12 07:38 · Score: 1
  
  You have no clue about power electronics design. "Double conversion" just filters better, it does not "insulate completely" at all.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
19. Re:good luck getting past the UPS by gweihir · 2018-04-12 07:39 · Score: 1
  
  Valid question, but the answer is simple: There may be encrypted stuff you still want to snoop the passwords for or you may not be interested in the machine itself, but may want to snoop on conversations.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
20. Re:good luck getting past the UPS by DontBeAMoran · 2018-04-12 08:21 · Score: 2
  
  "Fuck everything, we're doing five conversions."
  
  --
  #DeleteFacebook
21. Re:good luck getting past the UPS by speederaser · 2018-04-12 11:27 · Score: 1
  
  The only way I can see to prevent this is a specially made, double conversion UPS or similar storage-backed power supply that is carefully designed and sized to keep the power consumed from the wall completely independent of the power consumed by the device by averaging that power over the span of hours or maybe even days.
  Another way is to run boinc distributed tasks that load the CPUs 24/7 at 100%. No variation in CPU demand, ever. That's what I do (for other reasons) and my CPUs have been pegged at 100% for more than 2 months. So I figure I'm well-protected against this kind of attack.
  If that's too much, it shouldn't be too hard to come up with a script that randomly loads the CPU in the same way, and randomly run a bunch of instances of it. Make the haystack too big and they'll never find the needle.
22. Re:good luck getting past the UPS by ShanghaiBill · 2018-04-12 13:43 · Score: 1
  
  If you're going to break into a house, why not just take the damn machine?
  1. You want to continue to monitor the target and collect information continuously.
  2. You don't want the target to know he has been compromised.
23. Re:good luck getting past the UPS by toddestan · 2018-04-12 15:30 · Score: 1
  
  The easy, but inefficient way to defeat it would be have a few low priority threads that just spin to keep the CPU at 100%. Since the CPU will be pegged at all times now, the malware will no longer be able to affect the power usage of the computer.
24. Re:good luck getting past the UPS by Bender0x7D1 · 2018-04-12 15:59 · Score: 1
  
  Except there are plenty of buildings where a restricted area is next to a public space. For example, a building on a college campus. Plenty of restricted labs, but the buildings and hallways are all open. This also holds true for buildings where a different company leases each floor. I can listen in from my own, leased space and not have to break-in anywhere.
  
  --
  Reading code is like reading the dictionary - you have to read half of it before you can go back and understand it.
Apple will fix this with $100 DRMed power cables by Joe_Dragon · 2018-04-12 03:30 · Score: 3, Funny

Apple will fix this with $100 DRMed power cables.
years ago alienware had an $50+ upgraded power cable as an add on.
Spoken like a true desktop security guru by xxxJonBoyxxx · 2018-04-12 03:31 · Score: 5, Funny

>> If you want your computer to be really secure, disconnect its power cable

Spoken like a true desktop security guru.
1. Re:Spoken like a true desktop security guru by hcs_$reboot · 2018-04-12 03:39 · Score: 1
  
  >> If you want your computer to be really secure, disconnect its power cable
  ...and run it on batteries.
  
  --
  Slashdot, fix the reply notifications... You won't get away with it...
2. Re:Spoken like a true desktop security guru by UnknowingFool · 2018-04-12 05:29 · Score: 1
  
  Yes, in fact to show those bastards I'm going to pull m@$FON(
  JF45(Nf12&*(
  [CONNECTION LOST]
  
  --
  Well, there's spam egg sausage and spam, that's not got much spam in it.
Virus scanner plugs this security hole. by Anonymous Coward · 2018-04-12 03:33 · Score: 5, Funny

On my work machine our overzealous virus scanner settings have closed this security hole... the CPU is constantly pegged at 100% ensuring that the power can't fluctuate at all.
It also eliminated the need for a furnace in the building.
Jesus Christ! by Anonymous Coward · 2018-04-12 03:34 · Score: 1

Hackers can get into your system no matter what!
I bet if we went back to abacuses, hackers would figure out how to decipher the clicks and know what you're doing.
"Damn! My abacus was hacked!"
"You moron! You should have used the anti-hacking felt on the beads. Geeze!"
And then a hacker would figure out how to hack the abacus by the felt dust that falls.
1. Re:Jesus Christ! by darkain · 2018-04-12 05:11 · Score: 1
  
  All joking aside, taking this from a more analytical standpoint... There is indeed an attack that you basically point a laser at the back of a laptop screen and monitor the vibrations in order to read what is being typed on said laptop. Great way to steal information at a coffee shop! I'm sure something similar, either laser based or audio based, could be used for an abacus too.
Exfiltrating data via user facial expressions. by shess · 2018-04-12 03:35 · Score: 4, Funny

The paper describes a method of adding jank to applications which will cause users to frown and furrow their eyebrows, which in turn can be monitored by a high-def camera furtively installed on their monitor to communicate between 100 and 1337 bits per minute to attackers.
----
Honestly, who approves this research? I mean, yes, it's possible, but if your computer is "air-gapped" and the attackers have the ability to breath your air, you are already screwed.
Re:after installing malware by PPH · 2018-04-12 03:37 · Score: 4, Funny

Don't install malware
You insensitive clod! I run Windows.

--
Have gnu, will travel.
Re:filter by PPH · 2018-04-12 03:40 · Score: 2

Or a laptop (even plugged in).

--
Have gnu, will travel.
What? by Megol · 2018-04-12 03:40 · Score: 1

This is obvious. Not obvious in hindsight but obvious as a fundamental well known security problem. It have been protected against in the past (filtering power lines to reduce or eliminate signal transmission). And it is _really_ old news, this was known and protected against before I was born.
1. Re:What? by trg83 · 2018-04-12 04:54 · Score: 1
  
  I suspect the problem is that 10 bps communication was close enough to normal communication line bandwidth to make people more creative about using them and more cognizant that they could be used that way. In this day of Gbps connections, I suspect people forget that small, valuable information could still be extracted very slowly by patient people. As such, I suspect few people are actively thinking about this threat vector, while certain types of conditioned power might give them protection automatically without thinking about it.
So, how this works by enjar · 2018-04-12 03:40 · Score: 2

The attacker needs to gain access to the server's power cord, or maybe the building's power panel then attach some dongle. Then they need to somehow gain access to a air gapped machine on a secure network in what is likely a secured facility. Once they do that, they then gain access to the server and install malware that will send semaphores by upping CPU use.
While an interesting laboratory experiment, I'm not really all that concerned. I do predict it showing up in the next Mission: Impossible installment, though
1. Re:So, how this works by gweihir · 2018-04-12 03:49 · Score: 1
  
  Basically, the attacker has to do all steps except the last one, namely to physically access the computer itself. Building access is already a must in most cases. Hence it will be cheaper, more reliable and far easier to just bug the computer itself.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
2. Re:So, how this works by the_skywise · 2018-04-12 04:13 · Score: 4, Funny
  
  That would be a great Mission Impossible scene though - break into the facility, break into the air-gapped computer room and Benji leans down to the power cable:
  
  Ethan: "What are you doing?"
  Benji: "I'm installing the tap on the power cable which will adjust the power frequency of the CPU so we can hack into the system and collect the data"
  Ethan: "Benji... there's a post-it note right here with the password on it"
  Benji: "Oh... well...that works too"
3. Re:So, how this works by bobbied · 2018-04-12 04:34 · Score: 1
  
  I don't think so... Physical access to a building isn't necessary anymore.
  Today we have "smart meters" where I live. I'm not sure what the polling rate of my power meter is, but I do know that it's readable often enough that companies offer "time of day rates" so it's got to be at least every hour, and likely is multiple times an hour.
  If the polling rate is every 15 min, then you could conceivably get a couple of bits of data every hour. Yea, that's pretty much a useless data rate, but long term could be an issue if it allows you to intercept an encryption key or something like that.
  
  --
  "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
4. Re:So, how this works by enjar · 2018-04-12 05:18 · Score: 1
  
  Even with a smart meter being read every 15 minutes it seems kinds difficult to get anything useful out, since the power company is getting a kWH number for the last polling interval. It sounds like they are "listening" for a certain pattern in the on/off of this extra CPU. So while your kWH number might go up, it would be pretty impossible to compare a building's overall load and have one core of a CPU actually make enough difference to do anything about it.
5. Re:So, how this works by aaarrrgggh · 2018-04-12 05:26 · Score: 1
  
  A janitor might be able to get into a SCIF room undetected, but they would have difficulty removing any information from said room. Not entirely sure how they would get the malware into the room without leaving behind a USB key though.
6. Re:So, how this works by Obfuscant · 2018-04-12 06:58 · Score: 1
  
  I do predict it showing up in the next Mission: Impossible installment, though
  No, more likely an episode next season, if there is one, of /Scorpion. They do some truly stupid stuff on that show. Pure technical comedy. It's worth watching just for that.
7. Re:So, how this works by Obfuscant · 2018-04-12 07:06 · Score: 1
  
  I'm not sure what the polling rate of my power meter is, but I do know that it's readable often enough that companies offer "time of day rates" so it's got to be at least every hour,
  
  The device doesn't have to transmit data every hour for it to be able to record use on an hourly, or even by-minute, basis. It can record the data and be read once a week.
  It will be listening 24/7, however, so the power company can issue it commands to turn off to shed load if necessary.
8. Re: So, how this works by enjar · 2018-04-12 07:48 · Score: 1
  
  I couldn't make it through an episode of that show. I can suspend disbelief but this show was just too far. I think the "server farm" that was obviously a self storage facility was the final straw.
9. Re:So, how this works by gweihir · 2018-04-12 07:49 · Score: 1
  
  Nice, indeed!
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
This is an improvement by PPH · 2018-04-12 03:41 · Score: 1

... over the method of catching XBox power supplies on fire and watching the smoke signals.

--
Have gnu, will travel.
Another worthless stunt by gweihir · 2018-04-12 03:48 · Score: 2

No actual security expert is surprised this is possible. However, this is actually worthless in almost all circumstances. First, you have to be close enough that standard TEMPEST attacks should work a lot better. And second, this has a high risk of causing problems elsewhere and getting notices. And thirs, the data-rate is laughable and unsuitable for most attacks.

--
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
1. Re:Another worthless stunt by MDMurphy · 2018-04-12 04:06 · Score: 1
  
  My first thought also was TEMPEST (https://en.wikipedia.org/wiki/Tempest_(codename) ) In the 80s I worked in a facility that was being certified for Top Secret operations inside. It had all the normal shielding, including spot welding of the internal metal shell where testing revealed RF leakage. Incoming power drover a motor. The motor drove a shaft that spun a generator which provided internal power to the facility. I'd guess it would be pretty tough for multiple computers attached to that generator's output to perturb the mass of both the generator and the motor enough to leak any information to the outside.
  Like reading the flashing of modem LEDs in the 90s, there's no end to the ways a computer and its associated peripherals can leak information. The important data leaks though are usually done by people.
2. Re:Another worthless stunt by gweihir · 2018-04-12 07:51 · Score: 1
  
  The important data leaks though are usually done by people.
  Very much so, yes.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Re:filter by gweihir · 2018-04-12 03:51 · Score: 1

Depends on the filters. They will try to transmit power-spikes and those can get trough an inline-UPS as well to a degree. The whole thing is a worthless stunt anyways as you need to tap the power-line close by.

--
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
10bps... by jaymemaurice · 2018-04-12 03:54 · Score: 4, Insightful

That's only 2000 hours to get 1MB of information...
So yeah... there might be faster, more efficient ways...

--
120 characters ought to be enough for anyone
1. Re:10bps... by jaymemaurice · 2018-04-12 03:56 · Score: 1
  
  Sorry, 200... assuming no overhead/checksum additional data required to ensure efficient transmission
  
  --
  120 characters ought to be enough for anyone
2. Re:10bps... by Actually,+I+do+RTFA · 2018-04-12 04:11 · Score: 2
  
  Yeah, or just under 7 minutes (call it a full 7 with checksums) to filtrate your 4096-bit private key. Who needs a $5 wrench?
  
  --
  Your ad here. Ask me how!
3. Re:10bps... by jaymemaurice · 2018-04-12 04:32 · Score: 2
  
  Assuming it's an air-gapped system you've already been able to silently install malicious software onto once before, that is located in a building you can get close to the power infrastructure before the transformer... there might be better, more efficient ways.
  
  --
  120 characters ought to be enough for anyone
4. Re:10bps... by Obfuscant · 2018-04-12 07:02 · Score: 1
  
  there might be better, more efficient ways.
  Yes. Like instead of copying on malware that may be detected by virus scanners or other security software, just copy off the data you want. You already have access to copy things on. The last time I looked, "copy" or "cp" works both ways.
Misleading headling by chispito · 2018-04-12 04:00 · Score: 3, Insightful

It should read, "Researchers Send Info Over PCs' Power Supply Cables."

--
The Daddy casts sleep on the Baby. The Baby resists!
Off the grid: by pincorrect · 2018-04-12 04:14 · Score: 1

Generator + treadmill + Jack Russell Terrier + squirrel (or cat)
Re:filter by TWX · 2018-04-12 04:15 · Score: 1

Probably depends on how the laptop's power circuitry is designed.
Basically there are two forms of battery backups. One form charges the batteries and keeps them charged but doesn't run the load through them unless a switchover event happens. The other form does run the load through the batteries because they cannot afford for the system to go down temporarily for such a switchover.
The former is the way that large UPSes that use lithium-ion batteries works, because lithium-ion batteries cannot sustain being in the circuit that way. That's why most UPSes still use SLA batteries. There are new UPSes coming out with a combination of SLA and Li-Ion though, where there's just enough SLA in the loop to keep the equipment running for the few moments it takes to bring up the Li-ion batteries.
If the laptop, while plugged in, runs on the corded power then it's probably subject to the same issues as the desktop computer.

--
Do not look into laser with remaining eye.
Congressional testimony by tomhath · 2018-04-12 04:20 · Score: 1

Congressman: Does Facebook exfiltorate data by regulating CPU utilization to create fluctuations in the current flow that could modulate and encode data, then propagate those variations through the power lines to the outside world?
Mr. Zuckerberg: Yes sir, but only for security purposes.
Re:filter by TWX · 2018-04-12 04:22 · Score: 1

That might not be as difficult as you'd think. Commercial buildings have a lot of people coming and going doing maintenance, and most commercial buildings don't hide the basic electrical stuff inside of highly secured areas, they reserve such security for devices that are expensive, or devices that do something important, or for devices that have important information on them. For most buildings the vast majority of the power is for regular mundane things like lighting and HVAC, so the raw incoming power and any transformers are probably easily accessed with something as simple as a fake workorder presented to the receptionist in the lobby. Someone coming in that way might not be able to get access to the generator yard that keeps the datacenter up, but if the power supplying the generator yard and battery room is tappable to give this kind of info, or if they're attempting to get data off of a regular user's computer that isn't on the generator, then they may well be able to come in and install whatever they need to place in order to sample the power the way they need.
For all we know, equipment no more sensitive or expensive than a cheap clamp meter might do the trick, if they can find a way to transmit that data, but my guess is that this sort of thing would be limited to nation-states or to extremely high level corporate espionage, and probably would be above even groups like those that steal payment card info to get money.

--
Do not look into laser with remaining eye.
Relax, people by OneHundredAndTen · 2018-04-12 04:31 · Score: 1

The vast majority of us are not sufficiently important or interesting to be worthy of such an attack.
Re:Go ride a bike by Rick+Schumann · 2018-04-12 04:34 · Score: 1

I don't have or want a smartphone, and I don't go home at night and stare at a computer screen until I go to bed like I imagine you do. Shove it up your ass.
new use for Tesla Powerwall by cnaumann · 2018-04-12 04:49 · Score: 1

Random charge and discharge cycles for power line white noise generator.
They did it - no longer theoretical by FeelGood314 · 2018-04-12 04:53 · Score: 1

I think we all knew this could be done in theory but someone actually went out and tried it and measured what the results were. They even came up with data rates. It should be noted also that they could still read the data above other noise on the power line. They used frequency shift keying to encode their data so that noise from some devices could be easily filtered out. Big things like a water heater or stove can be filtered out by amplitude, inductive things like air compressors or pool pumps are also easy to filter out, it's small things in the 30watt range that are switching on and off that would be a problem but there aren't many things like that.

This threat is down on my list of things to worry about to the same level as being hit by a meteor but I still applaud Mordechai Guri for actually trying it and measuring the results.
Power filtering and Monitoring? by Murdoch5 · 2018-04-12 04:53 · Score: 1

If my UPS / Power Filter sees any funny business in the line power, it's going to either compensate or terminate the power, effectively ending this type of attack. The only way this type of attack could work would be if the victim has no power monitoring, which is risky at best for the victim.
Fake news by NichardRixon · 2018-04-12 06:08 · Score: 1

They must attempt to monitor one computer at a time per power station, after convincing the rest of the population to turn off all electrical equipment for the duration. And at a max data rate of 1 Kbps. Right. Someone alert DHS.
Re:Apple will fix this with $100 DRMed power cable by mjwx · 2018-04-13 01:50 · Score: 1

Apple will fix this with $100 DRMed power cables.
years ago alienware had an $50+ upgraded power cable as an add on.
Meanwhile, all you need to do is have some kind of transformer or other device that separates electrical circuits.

--
Calling someone a "hater" only means you can not rationally rebut their argument.