SoylentNews is people
SoylentNews
OK, so you've air-gapped that PC. Cut the speakers. Covered the LEDs. Disconnected the monitor. Now, about the data-leaking power supply unit...
Video Israeli cyber-security side-channel expert Mordechai Guri has devised a way to pilfer data from devices that have been air-gapped and silenced.
[...] An obvious defense against acoustic data transmission is to disable any speakers on the protected device, a practice known as audio-gapping.
But Guri's latest research shows that's not enough. He and his team have found a way to turn the power supply in an isolated, muted machine into a speaker of sorts, one capable of transmitting data at a rate of 50 bits/sec.
He calls the attack POWER-SUPPLaY. The technique has the potential to be used against PC workstations and servers, as well as embedded systems and IoT devices that have no addressable audio hardware.
"We show that malware running on a PC can exploit its power supply unit (PSU) and use it as an out-of-band speaker with limited capabilities," a paper [PDF] detailing the technique explained. "The malicious code intentionally manipulates the internal switching frequency of the power supply and hence controls the waveform generated from its capacitors and transformers."
[...] Guri and others have developed a handful of similar TEMPEST attack schemes, such as luminance signaling via LCD screen fluctuations (BRIGHTNESS), acoustic signaling using fan modulation (FANSMITTER), data exfiltration via power cables (POWERHAMMER), and covert signaling via keyboard lights (CTRL-ALT-LED).
(Score: 3, Touché) by drussell on Wednesday May 06 2020, @01:48AM (3 children)
Isn't is usually just easier to smack the target with a wrench than setting up be spying that closely on an individual workstation or PC?
https://xkcd.com/538/ [xkcd.com]
Who knows, I guess....
(Score: 2, Touché) by Anonymous Coward on Wednesday May 06 2020, @02:27AM (2 children)
Depends. I use air-gapped systems in special rooms with all sorts of protections. To get useful data off of that through my head would be almost impossible, as my memory isn't reliable enough to get it of, and accessing it too often as a way to get around that would set off auditing alarms. Also, kidnapping and bruises leave evidence but a properly done exfiltration should leave none.
(Score: 0) by Anonymous Coward on Thursday May 07 2020, @03:58PM
Take it at a remove: It's probably easier to compromise the people operating that machine or those familiar with the inputs and outputs. Doesn't take just bruising, but finding out what the drivers are of those people and then offering to supply whatever they are lacking in that area (money, sex, excitement, and ideology to name four).
(Score: 0) by Anonymous Coward on Thursday May 07 2020, @04:03PM
Adding to my above, it doesn't take finding out what the operator knows, although that may be an element of wind-up to develop a suitable acquisition package. It takes compromising the operator who is able to plug in a USB, or daisy chain in a SATA drive or custom card (if the machine has been proofed against USB's), or whatever it takes to acquire and then export the data. Maybe it takes compromising the level above or someone in security who would nominally spot the individual's cracking the case open, to provide a window where a compromised operator may work.
And maybe the security is in fact functional and works. But very few companies actually bake in security on both the functional and operational levels.