Slashdot Mirror

← Back to Stories (view on slashdot.org)

Data Exfiltrators Send Info Over PCs' Power Supply Cables (theregister.co.uk)

Posted by msmash on from the what-in-the-world dept.

From a report on The Register: If you want your computer to be really secure, disconnect its power cable. So says Mordechai Guri and his team of side-channel sleuths at the Ben-Gurion University of the Negev. The crew have penned a paper titled PowerHammer: Exfiltrating Data from Air-Gapped Computers through Power Lines that explains how attackers could install malware that regulates CPU utilisation and creates fluctuations in the current flow that could modulate and encode data. The variations would be "propagated through the power lines" to the outside world.

Depending on the attacker's approach, data could be exfiltrated at between 10 and 1,000 bits-per-second. The higher speed would work if attackers can get at the cable connected to the computer's power supply. The slower speed works if attackers can only access a building's electrical services panel. The PowerHammer malware spikes the CPU utilisation by choosing cores that aren't currently in use by user operations (to make it less noticeable). Guri and his pals use frequency shift keying to encode data onto the line.

11 of 131 comments (clear)

  1. good luck getting past the UPS by Anonymous Coward · · Score: 5, Interesting

    Double-conversion UPS... the data stops there. There's your firewall.

    1. Re:good luck getting past the UPS by MDMurphy · · Score: 3, Interesting

      Based on the concept of motor-generators used for high-security facilities, a "secure " UPS could just use 2 batteries. Incoming power charges battery A while output runs on battery B.
      Incoming power disconnects periodically, output switches to battery A and incoming switched to charging battery B.
      If incoming power is lost ( the main reason for a UPS ) then both batteries are connected in parallel giving the user the full backup capacity.
      At no time is the output connected to anything other than a battery.

    2. Re:good luck getting past the UPS by aaarrrgggh · · Score: 4, Informative

      In fairness, if you are looking at 10 bits per second, that gives you 5 or 6 cycles to modulate each bit over. That is going to be tough for (common) DC capacitors to filter out effectively, although the battery capacitance may still be in play. The rectifier should respond to a drop in DC voltage within a quarter-cycle. The AC filter capacitors won't see this at all, since they will only buffer a quarter-cycle.

      What likely would impact it though is having enough PWM loads on the line and your power supply as a very minor component of load. At worst, you would be forced to use a lot of bits for error correction, but in all likelihood you would not be able to see the attack at the main service panel.

  2. Apple will fix this with $100 DRMed power cables by Joe_Dragon · · Score: 3, Funny

    Apple will fix this with $100 DRMed power cables.

    years ago alienware had an $50+ upgraded power cable as an add on.

  3. Spoken like a true desktop security guru by xxxJonBoyxxx · · Score: 5, Funny

    >> If you want your computer to be really secure, disconnect its power cable

    Spoken like a true desktop security guru.

  4. Virus scanner plugs this security hole. by Anonymous Coward · · Score: 5, Funny

    On my work machine our overzealous virus scanner settings have closed this security hole... the CPU is constantly pegged at 100% ensuring that the power can't fluctuate at all.

    It also eliminated the need for a furnace in the building.

  5. Exfiltrating data via user facial expressions. by shess · · Score: 4, Funny

    The paper describes a method of adding jank to applications which will cause users to frown and furrow their eyebrows, which in turn can be monitored by a high-def camera furtively installed on their monitor to communicate between 100 and 1337 bits per minute to attackers.

    ----

    Honestly, who approves this research? I mean, yes, it's possible, but if your computer is "air-gapped" and the attackers have the ability to breath your air, you are already screwed.

  6. Re:after installing malware by PPH · · Score: 4, Funny

    Don't install malware

    You insensitive clod! I run Windows.

    --
    Have gnu, will travel.
  7. 10bps... by jaymemaurice · · Score: 4, Insightful

    That's only 2000 hours to get 1MB of information...

    So yeah... there might be faster, more efficient ways...

    --
    120 characters ought to be enough for anyone
  8. Misleading headling by chispito · · Score: 3, Insightful

    It should read, "Researchers Send Info Over PCs' Power Supply Cables."

    --
    The Daddy casts sleep on the Baby. The Baby resists!
  9. Re:So, how this works by the_skywise · · Score: 4, Funny

    That would be a great Mission Impossible scene though - break into the facility, break into the air-gapped computer room and Benji leans down to the power cable:

    Ethan: "What are you doing?"
    Benji: "I'm installing the tap on the power cable which will adjust the power frequency of the CPU so we can hack into the system and collect the data"
    Ethan: "Benji... there's a post-it note right here with the password on it"
    Benji: "Oh... well...that works too"