Video Mordechai Guri, an Israeli expert on secondary cybersecurity channels, devised a way to loot data from devices that have been dismissed and silenced.
Organizations with extreme security needs can keep certain computer hardware disconnected from any network, a practice known as spacing, to prevent the possibility of malicious hacking from compromised systems on the network or the Internet. Attacks on such systems usually require some form of physical access to introduce malware: an unauthorized person must get hold of the machine, usually briefly and unnoticed, to install malware, bypassing airspace .
The most widely reported air gap attack of this type may have involved secret introduction Stuxnet centrifugal-knackering malware around 2007, after three years of planning, at the nuclear fuel enrichment laboratory in Natanz, Iran, apparently from a USB stick.
Guri, head of research and development at Ben Gurion University in the Negev, Israel's cybersecurity research center, said The register in an email that restricted networks are not reserved for sensitive military installations. They are used, he said, by many regulated industries to protect sensitive private data, intellectual property and critical infrastructure.
In previous work, Guri and his colleagues have explored different ways to attack air systems. Two years ago, for example, he and several other researchers developed a technique dubbed MOSQUITO to exfiltrate data from air-gap systems using ultrasonic transmissions between the speakers.
LCD pwn System: How to modulate the brightness of the screen to secretly transmit data from a remote computer … slowly
An obvious defense against transmitting acoustic data is to turn off all speakers on the protected device, a practice known as audio gap.
But Guri's latest research shows that it's not enough. He and his team found a way to turn the power of an isolated, mute machine into a speaker, capable of transmitting data at a rate of 50 bits / s.
He calls the POWER-SUPPLaY attack. The technique has the potential to be used against PC workstations and servers, as well as embedded systems and IoT devices that do not have addressable audio hardware.
“We show that malware running on a PC can exploit its PSU and use it as an out-of-band loudspeaker with limited capacities,” writes a document.[[[[PDF]explaining in detail the technique. “The malicious code intentionally manipulates the internal switching frequency of the power supply and therefore controls the waveform generated by its capacitors and transformers.”
An evil maid attack is necessary to make the attack feasible. The attacker also needs a nearby receiver, which in this scenario would be a smartphone, compromised with malware to listen to the data, or knowingly exploited by an insider.
POWER-SUPPLaY modifies the power consumption by regulating the workload of the processor, so that the switching power supplies (SMPS) of modern electronic devices modify the switching frequency at which they operate, which is generally between 20 kHz and 20 MHz. Such shifts produce detectable noise in transformers and capacitors. Although most people cannot hear sounds in this frequency range, microphones can detect them.
“By intentionally starting and stopping the processor workload, we are able to adjust the SMPS so that it switches at a specified frequency and therefore emits an acoustic signal and modulates binary data on it”, explains the document. A video of the attack is below:
Guri and others have developed a handful of STORM attack patterns, such as luminance signaling via fluctuations in the LCD screen (BRIGHTNESS), acoustic signaling by fan modulation (FANSMITTER), data exfiltration via power cables (POWERHAMMER) and secret signaling via the keyboard LEDs (CTRL-ALT-LED).
POWER SUPPLY is fun but not a practical threat to most of us. You should detect sounds from the PSU on any noise in the surrounding environment, and you should be close enough to pick it up, or have malware on a nearby machine that can listen to the bits.
If your device is connected to a network, or can transmit data via Bluetooth, for example, there are easier ways to exfiltrate data from it.
That said, Guri said he thinks this type of research could prompt organizations that have policies banning or silencing speakers to consider turning power supplies into data leaking speakers. ®
Webcast: Build the Next Generation of Your Business in the Public Cloud