Your computer can leak data in many ways

Here is some interesting information on leaking information from air-gapped computers. Most methods shown here use computer power supply to leak some pieces of information. But there are also some other methods shown.

A researcher from Israel described a new method to covertly steal highly sensitive data from air-gapped computers using power supply units. Dubbed ‘POWER-SUPPLaY, ‘ the latest research builds on a series of techniques leveraging electromagnetic, acoustic, thermal, optical covert channels, and even power cables to exfiltrate data from non-networked computers.
https://thehackernews.com/2020/05/air-gap-malware-power-speaker.html

He and his team have found a way to turn the power supply in an isolated, muted machine into a speaker of sorts, one capable of transmitting data at a rate of 50 bits/sec.
“We show that malware running on a PC can exploit its power supply unit (PSU) and use it as an out-of-band speaker with limited capabilities,”
He calls the attack POWER-SUPPLaY.
“By intentionally starting and stopping the CPU workload, we are able to set the SMPS so it switches at a specified frequency and hence emit an acoustic signal and modulate binary data over it,” the paper explained

You can find research paper here:
POWER-SUPPLaY: Leaking Data from Air-Gapped Systems by Turning the Power-Supplies Into Speakers
https://arxiv.org/abs/2005.00395

Here is a video of the research:

OK, so you’ve air-gapped that PC. Cut the speakers. Covered the LEDs. Disconnected the monitor. Now, about the data-leaking power supply unit…
I have no mouth, and I must scream
https://www.theregister.co.uk/2020/05/04/power_supply_attack/

POWER-SUPPLaY Attack Exfiltrates Data by Turning a PC Power Supply Into a Functional Speaker
In yet another clever attack on air-gapped systems, Dr. Guri has successfully turned data into audio — played through the PC’s power supply.
https://www.hackster.io/news/power-supplay-attack-exfiltrates-data-by-turning-a-pc-power-supply-into-a-functional-speaker-f85fab89e329

Security researcher Dr. Mordechai Guri is back with another data exfiltration technique for supposedly air-gapped computers — this time by turning the power supply into a speaker. High-security computer systems are frequently “air-gapped” — used with no connection to an external network of any kind, and in the most extreme examples even using local battery or generator power to avoid wiring into a power grid.

Older power supply information leakage research links
https://www.researchgate.net/publication/324472268_PowerHammer_Exfiltrating_Data_from_Air-Gapped_Computers_through_Power_Lines
https://www.zdnet.com/article/how-safe-is-your-air-gapped-pc-attackers-can-now-suck-data-out-via-power-lines/

Last month, researchers showcased two techniques for using a computer’s fans or its graphics card to broadcast information for exfiltration. Now, there’s yet another technique: Using the power supply as a speaker.

Security Researchers Turn Cooling Fans, Graphics Processing Units Into Data Exfiltration Vectors
One approach turns fans into seismic data-broadcasters; the other turns to power management for a modern twist on TEMPEST.
https://www.hackster.io/news/security-researchers-turn-cooling-fans-graphics-processing-units-into-data-exfiltration-vectors-9dc88282b916

MOSQUITO Attack Allows Air-Gapped Computers to Covertly Exchange Data
https://thehackernews.com/2018/03/air-gap-computer-hacking.html

Air gapping PCs won’t stop data sharing thanks to sneaky speakers
Boffins shows that sound output devices secretly capture audio
https://www.theregister.co.uk/2018/03/12/turning_speakers_into_covert_listening_devices/

Air-Gap Research Page
https://cyber.bgu.ac.il/advanced-cyber/airgap

4 Comments

  1. Tomi Engdahl says:

    OK, so you’ve air-gapped that PC. Cut the speakers. Covered the LEDs. Disconnected the monitor. Now, about the data-leaking power supply unit…
    I have no mouth, and I must scream
    https://www.theregister.co.uk/2020/05/04/power_supply_attack/

    Reply
  2. Tomi Engdahl says:

    Simple chat program using near ultrasonic frequencies. Works without Wifi or Bluetooth and won’t show up in a pcap.
    https://github.com/Katee/quietnet

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*