Here is some interesting information on leaking information from air-gapped computers. Most methods shown here use computer power supply to leak some pieces of information. But there are also some other methods shown.
A researcher from Israel described a new method to covertly steal highly sensitive data from air-gapped computers using power supply units. Dubbed ‘POWER-SUPPLaY, ‘ the latest research builds on a series of techniques leveraging electromagnetic, acoustic, thermal, optical covert channels, and even power cables to exfiltrate data from non-networked computers.
He and his team have found a way to turn the power supply in an isolated, muted machine into a speaker of sorts, one capable of transmitting data at a rate of 50 bits/sec.
“We show that malware running on a PC can exploit its power supply unit (PSU) and use it as an out-of-band speaker with limited capabilities,”
He calls the attack POWER-SUPPLaY.
“By intentionally starting and stopping the CPU workload, we are able to set the SMPS so it switches at a specified frequency and hence emit an acoustic signal and modulate binary data over it,” the paper explained
You can find research paper here:
POWER-SUPPLaY: Leaking Data from Air-Gapped Systems by Turning the Power-Supplies Into Speakers
Here is a video of the research:
OK, so you’ve air-gapped that PC. Cut the speakers. Covered the LEDs. Disconnected the monitor. Now, about the data-leaking power supply unit…
I have no mouth, and I must scream
POWER-SUPPLaY Attack Exfiltrates Data by Turning a PC Power Supply Into a Functional Speaker
In yet another clever attack on air-gapped systems, Dr. Guri has successfully turned data into audio — played through the PC’s power supply.
Security researcher Dr. Mordechai Guri is back with another data exfiltration technique for supposedly air-gapped computers — this time by turning the power supply into a speaker. High-security computer systems are frequently “air-gapped” — used with no connection to an external network of any kind, and in the most extreme examples even using local battery or generator power to avoid wiring into a power grid.
Older power supply information leakage research links
Last month, researchers showcased two techniques for using a computer’s fans or its graphics card to broadcast information for exfiltration. Now, there’s yet another technique: Using the power supply as a speaker.
Security Researchers Turn Cooling Fans, Graphics Processing Units Into Data Exfiltration Vectors
One approach turns fans into seismic data-broadcasters; the other turns to power management for a modern twist on TEMPEST.
MOSQUITO Attack Allows Air-Gapped Computers to Covertly Exchange Data
Air gapping PCs won’t stop data sharing thanks to sneaky speakers
Boffins shows that sound output devices secretly capture audio
Air-Gap Research Page