Stories
Slash Boxes
Comments

SoylentNews is people

posted by chromas on Saturday April 14 2018, @01:23AM   Printer-friendly
from the about-that-thing-you-thought-was-air-gapped... dept.

El Reg reports:

Data exfiltrators send info over PCs' power supply cables

Malware tickles unused cores to put signals in current

If you want your computer to be really secure, disconnect its power cable.
So says Mordechai Guri and his team of side-channel sleuths at the Ben-Gurion University of the Negev.

The crew have penned a paper titled PowerHammer: Exfiltrating Data from Air-Gapped Computers through Power Lines that explains how attackers could install malware that regulates CPU utilisation and creates fluctuations in the current flow that could modulate and encode data. The variations would be "propagated through the power lines" to the outside world.

Depending on the attacker's approach, data could be exfiltrated at between 10 and 1,000 bits-per-second. The higher speed would work if attackers can get at the cable connected to the computer's power supply. The slower speed works if attackers can only access a building's electrical services panel.

The PowerHammer malware spikes the CPU utilisation by choosing cores that aren't currently in use by user operations (to make it less noticeable).

Guri and his pals use frequency shift keying to encode data onto the line.

After that, it's pretty simple, because all the attacker needs is to decide where to put the receiver current clamp: near the target machine if you can get away with it, behind the switchboard if you have to.

This seems hinky to me.

First, there's the point that the bad guys will need PHYSICAL ACCESS to the premises or even to the individual machine.

Next, if the current clamp is put around the typical line cord, the sum of the current in the hot wire and the neutral (return) wire will be zero. (An inductive current sensor is typically put over only one of the wires, so they will need to do some surgery on that cable — which will be obvious.)

Putting a 100% online UPS between the computer and the AC power supply will also interfere. [ed.]


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Azuma Hazuki on Saturday April 14 2018, @02:34AM (1 child)

    by Azuma Hazuki (5086) on Saturday April 14 2018, @02:34AM (#666743) Journal

    This is a variation on van Eck phreaking (and let me tell you, it was *weird* seeing my last name associated with something like that, though I'm not related to the van Eck who discovered it). I'm always intrigued by this kind of side-channel attack. People sometimes seem to forget that computers do not exist in a vacuum and are part of the analog world as well.

    --
    I am "that girl" your mother warned you about...
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 3, Interesting) by bzipitidoo on Saturday April 14 2018, @02:58AM

    by bzipitidoo (4388) on Saturday April 14 2018, @02:58AM (#666756) Journal

    > computers do not exist in a vacuum

    Exactly. Anything the computer can manipulate can be used to send signals-- the amount of power it draws from second to second, the sound of the hard drive or the fan motors, the electromagnetic frequencies its chips generate, and so on. And if that's not enough side channels, theres stuff like the distinctive sound each individual key makes as the user types it, and even the possibility of sniffing a key just from variations in the CPU load it causes every time it is used.

    And with stuff like wake on LAN, disconnecting the power cord is not enough. I saw a demonstration in which a computer that had as it's only connection an ethernet cable, not even a power cord, was hacked. It was possible to remotely hack into it because the LAN hardware can draw power from somewhere, maybe the CMOS battery, or maybe from capacitors that take a while to discharge. They used this vulnerability to place a note that came up in the GUI the next time the computer was booted.