A team of academics from the Ben-Gurion College of
the Negev in Israel has effectively created and tested malware that can
exfiltrate information from air-gapped PCs by means of power lines and has
named the information exfiltration technique PowerHammer.
The said technique attempts to influence the victim's
PC to expend more or less electrical power by tainting an air-gapped PC with
malware that purposefully alters CPU utilization levels.
Naturally, PCs extricate power from the local
network in a uniform way and a PowerHammer attack creates a variation of the
measure of power a victim's PC sucks from the local electrical system
This phenomenon is known as a "conducted
emission."
PowerHammer malware can encode binary data, by
modifying the high and low power consumption levels, from a victim's PC into
the power consumption pattern.
PowerHammer attacks are fundamentally known to be of
two kinds
The first is "line level power-hammering,"
and this happens when the attacker figures out how to tap the power link
between the air-gapped PC and the electrical socket.
The second is "phase level
power-hammering" this variant of the attacks happens when the infiltrator
taps the electrical cables at the phase level, in a building's electrical
panel. This rendition of the attack is known to be stealthier yet can recoup
information at just 10 bits/second, primarily because of the higher measure of
"noise" at the power line phase level.
These attacks exist with two distinctive
exfiltration speeds also.
The attack is effective for stealing information
from air-gapped desktops, PCs, servers, and even IoT gadgets, experiments
revealed yet the speed exfiltration speed is slower for the latter. Further
observation drove them to realize that the exfiltration speed improves the more
cores a CPU has.
The research centre from the Ben-Gurion College of
the Negev who thought of this new information exfiltration technique has a long
history of innovative hacks also for its users, all listed below:
LED-it-Go - exfiltrate data from air-gapped systems via
an HDD's activity LED
SPEAKE(a)R - use headphones to record audio and spy on nearby users
9-1-1 DDoS - launch DDoS attacks that can cripple a US state's 911 emergency systems
USBee - make a USB connector's data bus give out electromagnetic emissions that can be used to exfiltrate data
AirHopper - use the local GPU card to emit electromagnetic signals to a nearby mobile phone, also used to steal data
Fansmitter - steal data from air-gapped PCs using sounds emanated by a computer's GPU fan
DiskFiltration - use controlled read/write HDD operations to steal data via sound waves
BitWhisper - exfiltrate data from non-networked computers using heat emanations
Unnamed attack - uses flatbed scanners to relay commands to malware infested PCs or to exfiltrate data from compromised systems
xLED - use router or switch LEDs to exfiltrate data
Shattered Trust - using backdoored replacement parts to take over smart phones
aIR-Jumper - use security camera infrared capabilities to steal data from air-gapped networks
HVACKer - use HVAC systems to control malware on air-gapped systems
MAGNETO & ODINI - steal data from Faraday cage-protected systems
MOSQUITO - steal data from PCs using speakers and headphones
SPEAKE(a)R - use headphones to record audio and spy on nearby users
9-1-1 DDoS - launch DDoS attacks that can cripple a US state's 911 emergency systems
USBee - make a USB connector's data bus give out electromagnetic emissions that can be used to exfiltrate data
AirHopper - use the local GPU card to emit electromagnetic signals to a nearby mobile phone, also used to steal data
Fansmitter - steal data from air-gapped PCs using sounds emanated by a computer's GPU fan
DiskFiltration - use controlled read/write HDD operations to steal data via sound waves
BitWhisper - exfiltrate data from non-networked computers using heat emanations
Unnamed attack - uses flatbed scanners to relay commands to malware infested PCs or to exfiltrate data from compromised systems
xLED - use router or switch LEDs to exfiltrate data
Shattered Trust - using backdoored replacement parts to take over smart phones
aIR-Jumper - use security camera infrared capabilities to steal data from air-gapped networks
HVACKer - use HVAC systems to control malware on air-gapped systems
MAGNETO & ODINI - steal data from Faraday cage-protected systems
MOSQUITO - steal data from PCs using speakers and headphones
Mitigations and more
details for the technically inclined users are available in the research team's
paper, entitled: