Data Exfiltrators Send Info Over PCs' Power Supply Cables

From a report on The Register: If you want your computer to be really secure, disconnect its power cable. So says Mordechai Guri and his team of side-channel sleuths at the Ben-Gurion University of the Negev. The crew have penned a paper titled PowerHammer: Exfiltrating Data from Air-Gapped Computers through Power Lines that explains how attackers could install malware that regulates CPU utilisation and creates fluctuations in the current flow that could modulate and encode data. The variations would be "propagated through the power lines" to the outside world.

Depending on the attacker's approach, data could be exfiltrated at between 10 and 1,000 bits-per-second. The higher speed would work if attackers can get at the cable connected to the computer's power supply. The slower speed works if attackers can only access a building's electrical services panel. The PowerHammer malware spikes the CPU utilisation by choosing cores that aren't currently in use by user operations (to make it less noticeable). Guri and his pals use frequency shift keying to encode data onto the line.

good luck getting past the UPS

Double-conversion UPS... the data stops there. There's your firewall.

Re:good luck getting past the UPS

[aaarrrgggh]

In fairness, if you are looking at 10 bits per second, that gives you 5 or 6 cycles to modulate each bit over. That is going to be tough for (common) DC capacitors to filter out effectively, although the battery capacitance may still be in play. The rectifier should respond to a drop in DC voltage within a quarter-cycle. The AC filter capacitors won't see this at all, since they will only buffer a quarter-cycle.

What likely would impact it though is having enough PWM loads on the line and your power supply as a very minor component of load. At worst, you would be forced to use a lot of bits for error correction, but in all likelihood you would not be able to see the attack at the main service panel.

Spoken like a true desktop security guru

[xxxJonBoyxxx]

>> If you want your computer to be really secure, disconnect its power cable

Spoken like a true desktop security guru.

Virus scanner plugs this security hole.

On my work machine our overzealous virus scanner settings have closed this security hole... the CPU is constantly pegged at 100% ensuring that the power can't fluctuate at all.

It also eliminated the need for a furnace in the building.

Exfiltrating data via user facial expressions.

[shess]

The paper describes a method of adding jank to applications which will cause users to frown and furrow their eyebrows, which in turn can be monitored by a high-def camera furtively installed on their monitor to communicate between 100 and 1337 bits per minute to attackers.

----

Honestly, who approves this research? I mean, yes, it's possible, but if your computer is "air-gapped" and the attackers have the ability to breath your air, you are already screwed.

Re:after installing malware

[PPH]

Don't install malware

You insensitive clod! I run Windows.

10bps...

[jaymemaurice]

That's only 2000 hours to get 1MB of information...

So yeah... there might be faster, more efficient ways...

Re:So, how this works

[the_skywise]

That would be a great Mission Impossible scene though - break into the facility, break into the air-gapped computer room and Benji leans down to the power cable:

Ethan: "What are you doing?"
Benji: "I'm installing the tap on the power cable which will adjust the power frequency of the CPU so we can hack into the system and collect the data"
Ethan: "Benji... there's a post-it note right here with the password on it"
Benji: "Oh... well...that works too"