Search This Blog

Researchers From Israel Successfully Develop Malware That Can Exfiltrate Data From Air-Gapped Computers Via Power Lines.

Researchers Create Malware That Steals Data via Power Lines.
A team of academics from the Ben-Gurion College of the Negev in Israel has effectively created and tested malware that can exfiltrate information from air-gapped PCs by means of power lines and has named the information exfiltration technique PowerHammer.

The said technique attempts to influence the victim's PC to expend more or less electrical power by tainting an air-gapped PC with malware that purposefully alters CPU utilization levels.

Naturally, PCs extricate power from the local network in a uniform way and a PowerHammer attack creates a variation of the measure of power a victim's PC sucks from the local electrical system

This phenomenon is known as a "conducted emission."

PowerHammer malware can encode binary data, by modifying the high and low power consumption levels, from a victim's PC into the power consumption pattern.

PowerHammer attacks are fundamentally known to be of two kinds

The first is "line level power-hammering," and this happens when the attacker figures out how to tap the power link between the air-gapped PC and the electrical socket.

The second is "phase level power-hammering" this variant of the attacks happens when the infiltrator taps the electrical cables at the phase level, in a building's electrical panel. This rendition of the attack is known to be stealthier yet can recoup information at just 10 bits/second, primarily because of the higher measure of "noise" at the power line phase level.

These attacks exist with two distinctive exfiltration speeds also.

The attack is effective for stealing information from air-gapped desktops, PCs, servers, and even IoT gadgets, experiments revealed yet the speed exfiltration speed is slower for the latter. Further observation drove them to realize that the exfiltration speed improves the more cores a CPU has.

The research centre from the Ben-Gurion College of the Negev who thought of this new information exfiltration technique has a long history of innovative hacks also for its users, all listed below:

LED-it-Go - exfiltrate data from air-gapped systems via an HDD's activity LED
SPEAKE(a)R - use headphones to record audio and spy on nearby users
9-1-1 DDoS - launch DDoS attacks that can cripple a US state's 911 emergency systems
USBee - make a USB connector's data bus give out electromagnetic emissions that can be used to exfiltrate data
AirHopper - use the local GPU card to emit electromagnetic signals to a nearby mobile phone, also used to steal data
Fansmitter - steal data from air-gapped PCs using sounds emanated by a computer's GPU fan
DiskFiltration - use controlled read/write HDD operations to steal data via sound waves
BitWhisper - exfiltrate data from non-networked computers using heat emanations

Unnamed attack - uses flatbed scanners to relay commands to malware infested PCs or to exfiltrate data from compromised systems
xLED - use router or switch LEDs to exfiltrate data
Shattered Trust - using backdoored replacement parts to take over smart phones
aIR-Jumper - use security camera infrared capabilities to steal data from air-gapped networks
HVACKer - use HVAC systems to control malware on air-gapped systems
MAGNETO & ODINI - steal data from Faraday cage-protected systems
MOSQUITO - steal data from PCs using speakers and headphones

Mitigations and more details for the technically inclined users are available in the research team's paper, entitled:

Share it:

Air-Gapped Computers.