SoylentNews is people
SoylentNews
OK, so you've air-gapped that PC. Cut the speakers. Covered the LEDs. Disconnected the monitor. Now, about the data-leaking power supply unit...
Video Israeli cyber-security side-channel expert Mordechai Guri has devised a way to pilfer data from devices that have been air-gapped and silenced.
[...] An obvious defense against acoustic data transmission is to disable any speakers on the protected device, a practice known as audio-gapping.
But Guri's latest research shows that's not enough. He and his team have found a way to turn the power supply in an isolated, muted machine into a speaker of sorts, one capable of transmitting data at a rate of 50 bits/sec.
He calls the attack POWER-SUPPLaY. The technique has the potential to be used against PC workstations and servers, as well as embedded systems and IoT devices that have no addressable audio hardware.
"We show that malware running on a PC can exploit its power supply unit (PSU) and use it as an out-of-band speaker with limited capabilities," a paper [PDF] detailing the technique explained. "The malicious code intentionally manipulates the internal switching frequency of the power supply and hence controls the waveform generated from its capacitors and transformers."
[...] Guri and others have developed a handful of similar TEMPEST attack schemes, such as luminance signaling via LCD screen fluctuations (BRIGHTNESS), acoustic signaling using fan modulation (FANSMITTER), data exfiltration via power cables (POWERHAMMER), and covert signaling via keyboard lights (CTRL-ALT-LED).
(Score: 5, Interesting) by edIII on Wednesday May 06 2020, @01:12AM (6 children)
Realistically? Probably not.
If anyone is air gapping a machine these days, it's because it's probably too old to be connected to the Internet anymore. Like a Windows XP machine running a very specific program, and you can no longer update the web browsers, firmware, etc. to have a usable machine.
Intentional air gapping for security is not very likely to be susceptible here. Side channel attacks like these are well known, and TEMPEST is old news. The power supply isn't the only "speaker", so is the CPU. Just depends on the sensitivity of your sensors. More than likely it will be in its own secure room, one that is shielded against "leaking audio". Does the malware have to be there first? Even less likely in most scenarios then. A lot of air gapped machines no longer receive outside input, or it is heavily validated and secured.
Finally, even assuming the malware is running on the air gapped machine, how close to you have to be? This would not have worked in the Mission Impossible air gap setup, or would've required Tom Cruise to place it next to the machine.
Call me when they find out how to install malware on an air gapped machine remotely.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 4, Insightful) by Runaway1956 on Wednesday May 06 2020, @01:36AM (2 children)
My own thoughts are, if someone is looking closely enough at you to exploit something like this, you are probably pwned anyway. The antagonists are already so close to you that they can monitor very limited tell-tales such as the brightness of your screen, signals from the PSU, and all the rest mentioned above? Well, if they are that close, the first time you go out to buy Cheetos, they're going to break in to your home/office and gain physical access to your machine, along with your network. Upon your return home from the Cheetos run, your screen is going to be mirrored at NSA headquarters anyway.
A bit of paranoia is good, maybe more paranoia is better, but it can be overdone.
(Score: 0) by Anonymous Coward on Wednesday May 06 2020, @01:52AM
Just not "close" enough to use other methods to get the desired data out. Where the desired data is of quantities that can be practically transferred at 50 bits/sec[1].
[1] It takes 5 years to transfer 1GB at 50 bits/sec.
(Score: 2) by All Your Lawn Are Belong To Us on Thursday May 07 2020, @03:41PM
Interesting. Sort of a wrench solution [xkcd.com]. Moderated that if it is indeed nation-state intelligence agency internal level security then it may be the only exploit possible, not unlike when the laser microphone [wikipedia.org] technique was developed.
This sig for rent.
(Score: 5, Touché) by maxwell demon on Wednesday May 06 2020, @07:09AM (1 child)
PC viruses existed long before PCs were routinely connected to networks. That is, virtually every PC of the time was airgapped, and yet the malware could spread.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 0) by Anonymous Coward on Thursday May 07 2020, @03:53PM
My first college campus job in school, about 1989-1990, was for computing services and I was assigned in my second semester to a Mac lab of 30 Macs (maybe SE/30's?) They were networked for print services. One of the things we could do (it was pretty boring most of the time) was scan the computers for viruses. I'd get three or four hits out of 30 machines per week. The data discs were the mechanism. They were also usually the same machines, or one right next to it. Person uses same machine whenever in the lab, slots the offending disk and machine gets the virus, scan it and disinfect it, person comes back two days later slots the same infected disk and re-infects the machine. IIRC they were propagation-only, and I don't remember anybody seriously worrying about them.
(Score: 1, Funny) by Anonymous Coward on Wednesday May 06 2020, @07:38AM
It's not realistic as only plebs do not vacuum-gap their PCs!