Hacking Air-gapped Machines Through Power Supply - ThreatWire
Added 2020-05-05 18:19:11 +0000 UTCMordechai Guri is back with another way to steal data from air-gapped PCs, again using audio through PC components. Guri of Israel’s Ben Gurion University was able to find a way to steal data from secure machines using an acoustic norm that happens in power supply units. This attack is being called Power-SupplAy and uses acoustic, thermal, electromagnetic, optical, and power cables to steal data.
In this case, his hack uses the “internal switching frequency of the power supply” to control sound waveforms generated from capacitors and transformers. The binary data can be modulated and transmitted out through these acoustic signals from devices like PCs, servers, and even IoT devices that lack audio hardware. This would take over and regulate the power consumed by a CPU, which would switch the frequency of the PSU to acoustic signals between zero to 24 kHz, with modulated binary information transmitted.
Even though this attack is kind of out there and likely not to be used in the wild, it could be used in targeted campaigns against high profile secure air-gapped machines. The target device would need to be infected with malicious code to allow for the PowerSupply attack to happen, and a receiving device would need to be located in close enough proximity to actually receive the data. The receiving device could be a smartphone or another computer, and the data could be transferred at 50 bits per second if the devices were 2.5 meters away from each other.
Banning equipment in sensitive areas could help to secure data, as well as using an intrusion detection system that can monitor CPU behavior. Hardware based jammers and signal detectors can help as well.
Support me on alternative platforms! https://snubsie.com/support
Shop ThreatWire Merch! - https://snubsie.com/shop
https://www.youtube.com/shannonmorse -- subscribe to my tech channel!
ThreatWire is only possible because of our Patreon patrons! https://www.patreon.com/threatwire
Check out my new video about the last active Morse Code Radio Station in the US - https://www.youtube.com/watch?v=UPTzvciqgJ0
Links:
https://arxiv.org/abs/2005.00395
https://thehackernews.com/2020/05/air-gap-malware-power-speaker.html
Comments
Weird. I can’t replicate this
Daily Tech News Show
2020-05-09 17:30:30 +0000 UTCWhen I listen to this week's "Hacking Air-gapped Machines..." episode, I get the previous week's episode about Microsoft Teams vulnerability. That is either here or in Apple podcasts.
Tom Grelinger
2020-05-09 17:15:06 +0000 UTC
