Mordechai Guri, an Israeli video communications expert and cyber security specialist, has developed a way to steal data from devices captured and hidden from the air.
Organisations with extreme security requirements can keep certain computer devices separate from any network (called air alarms) to prevent intruders from hacking into compromised systems on the network or the Internet. Attacks on such systems generally require physical access to infiltrate the malware: An unauthorized person must – usually briefly and invisibly – enter the computer to install the malware and bypass the layer of air.
Probably the most common attack of this type against airspace would be related to the secret introduction of the Stuxnet centrifuge, a hack malware, around 2007, after three years of planning, in the Natanz nuclear fuel enrichment laboratory in Iran, apparently from a USB stick.
Guri, director of research and development at Ben-Gurion University in the Negev, the centre for cybersecurity studies in Israel, told in an e-mail to The Register that air raid networks are not only for sensitive military targets. They are used by many regulated industries to protect confidential private data, intellectual property and critical infrastructure, he said.
In an earlier article, Guri and his colleagues investigated different methods to attack air cushion systems. For example, two years ago, together with several other researchers, he developed a technique called MOSQUITO to filter airlock data using ultrasonic transmission between columns.
LCD suspension system: How to modulate the brightness of the display for hidden data transfer from a slow airbag computer
The obvious protection against acoustic data transmission is to mute each speaker on the protected device, a practice known as audio capture.
But Guri’s recent research shows that this is not enough. He and his team have found a way to convert the power supply into an insulated, muffled machine, a kind of loudspeaker that can transmit data at 50 bps.
He calls the POWER-SUPPLACE attack. This technology can be used on personal workstations and servers, but also in embedded systems and IoT devices that do not have addressable audio equipment.
We show that malware running on a PC can use its power supply (PSU) and use it as a disabled out-of-band speaker, a document [PDF] describing the methodology in detail. The malicious code deliberately manipulates the internal switching frequency of the power supply, controlling the waveform generated by the capacitors and transformers.
An attack by the wrong maid is necessary to make the attack possible. An intruder also needs a receiver nearby, which in this scenario would be a smartphone compromised by malware to eavesdrop on the data, or a known and managed insider.
The POWER SUPPLY modifies the power consumption by adjusting the load on the CPU, which in modern electronic devices results in a switched power supply (SMPS) that changes the switching frequency with which they operate, usually in the range of 20 kHz to 20 MHz. These displacements cause noticeable noise in transformers and capacitors. Although most people cannot hear sounds in this frequency range, the microphones can detect them.
By deliberately starting and stopping the CPU load, we can configure the SMPS to switch to a certain frequency and thus transmit an audible signal and module the binary data above it, as explained in the article. The video recording of the attack is below:
Guri and others have developed various TEMPEST drive systems, such as brightness signalling via LCD screen vibration (BRIGHTNESS), acoustic signalling via fan modulation (FANSMITTER), data filtering via power cables (POWERHAMMER) and hidden signalling via an illuminated keypad (CTRL-ALT LED).
ENERGY FOOD is a pleasure, but it’s not a practical threat most of us have to worry about. You should be able to detect sounds from the power supply above all sounds in the environment, and you should be close enough to catch them, or you may have malware on a nearby computer that can listen to bits.
If your device is connected to a network or can transfer data, for example via Bluetooth, there are easier ways to filter the data on your device.
However, Guri believes that this type of research could encourage organisations with a policy of banning or muting loudspeakers to consider converting the power supply to the media. ®
Practical tips for moving from tenant to tenant in the office 365