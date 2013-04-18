from the about-that-thing-you-thought-was-air-gapped... dept.
El Reg reports:
Data exfiltrators send info over PCs' power supply cables
Malware tickles unused cores to put signals in current
If you want your computer to be really secure, disconnect its power cable.
So says Mordechai Guri and his team of side-channel sleuths at the Ben-Gurion University of the Negev.
The crew have penned a paper titled PowerHammer: Exfiltrating Data from Air-Gapped Computers through Power Lines that explains how attackers could install malware that regulates CPU utilisation and creates fluctuations in the current flow that could modulate and encode data. The variations would be "propagated through the power lines" to the outside world.
Depending on the attacker's approach, data could be exfiltrated at between 10 and 1,000 bits-per-second. The higher speed would work if attackers can get at the cable connected to the computer's power supply. The slower speed works if attackers can only access a building's electrical services panel.
The PowerHammer malware spikes the CPU utilisation by choosing cores that aren't currently in use by user operations (to make it less noticeable).
Guri and his pals use frequency shift keying to encode data onto the line.
After that, it's pretty simple, because all the attacker needs is to decide where to put the receiver current clamp: near the target machine if you can get away with it, behind the switchboard if you have to.
This seems hinky to me.
First, there's the point that the bad guys will need PHYSICAL ACCESS to the premises or even to the individual machine.
Next, if the current clamp is put around the typical line cord, the sum of the current in the hot wire and the neutral (return) wire will be zero. (An inductive current sensor is typically put over only one of the wires, so they will need to do some surgery on that cable — which will be obvious.)
Putting a 100% online UPS between the computer and the AC power supply will also interfere. [ed.]
(Score: 2) by MichaelDavidCrawford on Saturday April 14, @01:30AM (2 children)
... hire my brother in law to "decommission" your storage media.
That's what some lawyer did when he retired and so didn't need his files anymore.
(Score: 2) by archfeld on Saturday April 14, @01:50AM (1 child)
I do that as part of my current job, We format the HD's, physically remove them to the loading dock area and they the get degaussed, then we drill random holes in the platters before putting them in a cardboard/garbage compactor and reducing them to flattened broken pieces. It is a very therapeutic process :) My home PC's are all connected to APC ups power filters due to grounding issues in my very old home.
(Score: 2) by Whoever on Saturday April 14, @01:54AM
That is a waste of your time.
(Score: 3, Interesting) by hemocyanin on Saturday April 14, @01:45AM
I've been reading all day it seems, and I tried to get through the paper but couldn't. As I understand it, they create a signal that can be interpreted as data by modulating the amount of power a computer uses -- variations in power draw can be read at some point in the circuit, converted to a digital message, and sent off to the attackers via some type of communications equipment. What I don't understand is how they would be able create a useful signal on a circuit that might have dozens of computers, lamps, chargers, etc. etc. -- wouldn't all those variable sources of power draw switching on and off, make it hard to read a signal based on the power draw in the target computer?
(Score: 2) by LoRdTAW on Saturday April 14, @01:59AM
If they could gain access to a feeder and find the right phase then perhaps, yes. But I'd like to see how well this works in facilities full of motors and non-linear loads (switching supplies, VFD's, etc) barfing out tons of noise and harmonics. Have they tested real world and tried to find a suitable tap point to hook a current clamp and receive data?
And how well does this work when a facility has an active power filer or static var generator that corrects power factor, harmonics and fluctuations?
