SoylentNews

-- OriginalOwner_ writes:

El Reg reports:

Data exfiltrators send info over PCs' power supply cables

Malware tickles unused cores to put signals in current

If you want your computer to be really secure, disconnect its power cable.
So says Mordechai Guri and his team of side-channel sleuths at the Ben-Gurion University of the Negev.

The crew have penned a paper titled PowerHammer: Exfiltrating Data from Air-Gapped Computers through Power Lines that explains how attackers could install malware that regulates CPU utilisation and creates fluctuations in the current flow that could modulate and encode data. The variations would be "propagated through the power lines" to the outside world.

Depending on the attacker's approach, data could be exfiltrated at between 10 and 1,000 bits-per-second. The higher speed would work if attackers can get at the cable connected to the computer's power supply. The slower speed works if attackers can only access a building's electrical services panel.

The PowerHammer malware spikes the CPU utilisation by choosing cores that aren't currently in use by user operations (to make it less noticeable).

Guri and his pals use frequency shift keying to encode data onto the line.

After that, it's pretty simple, because all the attacker needs is to decide where to put the receiver current clamp: near the target machine if you can get away with it, behind the switchboard if you have to.

This seems hinky to me.

First, there's the point that the bad guys will need PHYSICAL ACCESS to the premises or even to the individual machine.

Next, if the current clamp is put around the typical line cord, the sum of the current in the hot wire and the neutral (return) wire will be zero. (An inductive current sensor is typically put over only one of the wires, so they will need to do some surgery on that cable — which will be obvious.)

Putting a 100% online UPS between the computer and the AC power supply will also interfere. [ed.]

Original Submission