CybersecurityHackers can steal data via power lines

Published 17 April 2018

Researchers have shown once again that air-gapped PCs are not safe from a determined and patient attacker. The researchers have already devised several techniques to extract data from isolated or air-gapped computers that store highly sensitive data.

Ben-Gurion University researchers have shown once again that air-gapped PCs are not safe from a determined and patient attacker.

The researchers have already devised several techniques to extract data from isolated or air-gapped computers that store highly sensitive data, including using computer noise to steal data, using malware to override the functionality of LEDs, and using a computer processing unit’s (CPU) low-frequency magnetic radiation to leak data through a Faraday cage.

AABGU notes that the latest technique, dubbed PowerHammer, exploits current fluctuations flowing through the power lines that are supplying electricity to air-gapped computers.

The researchers have been able to exfiltrate data at a rate of 1,000 bits per second from lines connected to the target computer.

As with the Magneto and Odini Faraday-cage attacks that the researchers revealed in February, the PowerHammer technique would use malware to regulate a CPU’s utilization to control the system’s power consumption.

Instead of observing magnetic emissions as CPU usage rises and falls, the attacker can observe changes in current flow from the electricity lines outside a building or via the cords supplying power to the infected machine.

“The data is modulated, encoded and transmitted on top of the current flow fluctuations, and then it is carried through the power lines,” says Dr. Mordechai Guri, head of research and development at the University’s Cyber Security Research Center. “This phenomena is known as a ‘conducted emission.’

“The generated noise travels along the input power lines and can be measured by an attacker probing the power cables.”

PowerHammer assumes an attacker has already infected an air-gapped network and focuses on the task of extracting protected data after infection.

Dr. Guri notes that power-line communication is common for smart home and industrial applications.

There are measures that can be taken to protect against PowerHammer attacks, such as monitoring the currency flow on power lines for deviations from standard transmission patterns. Other options include power-line filters and signal jammers.

— Read the full article on the ZD Net website